[OWASP-LEADERS] Sanctums Patent

Mark Curphey mark at curphey.com
Mon Dec 1 07:48:21 EST 2003


That's one solution I never thought about...OWASP supports an outside
project called WebScarab that's developed outside of the durestriction of US
patent office ;-) 

Rogan, we need to chat about WAS and it as well as I think the extended
fucntionality we were proposing for the WAS Test element (btw I want to
proposoe we buy our selves another 6 months on that to do it properly)  will
face the same issue. Ironic as Sanctum are on the TC ;-(


-----Original Message-----
From: owasp-leaders-admin at lists.sourceforge.net
[mailto:owasp-leaders-admin at lists.sourceforge.net] On Behalf Of Dawes, Rogan
(ZA - Johannesburg)
Sent: Monday, December 01, 2003 1:24 AM
To: owasp-leaders at lists.sourceforge.net

I guess the first question is: 

Does Sanctum's US patent affect other countries?

At this point, 99.99% of WebScarab's development is occuring either in South
Africa, and soon to be Czech Republic. Do I have to care about this?

Realising that OWASP is largely based in the US, it may be necessary for
OWASP to "disown" WebScarab as a project under the banner, but there may be
nothing to stop the development and distribution of WebScarab from going
ahead regardless.

Do we have any international patent lawyers on this list? ;-)

Rogan

> -----Original Message-----
> From: Mark Curphey [mailto:mark at curphey.com]
> Sent: 01 December 2003 03:00 AM
> To: owasp-leaders at lists.sourceforge.net
> Subject: [OWASP-LEADERS] Sanctums Patent
> 
> 
> Team,
> 
> I have been hearing rumors that Sanctum are starting to issue writs 
> for patent infringement. Whilst I personally think its farcical that 
> anyone can get such a patent that facts are its been issued and they 
> are pursuing people. The question for us is how is WebScarabs future 
> affected by this patent ? There are also a lot of questions about 
> OASIS WAS that we need to deal with but that's a separate issue. What 
> do we do ?
> 
> United States Patent No. 6,584,569 to Reshef et al. and assigned to 
> Sanctum Ltd. ("The Sanctum Patent") discloses a scanner for 
> automatically detecting potential application-level vulnerabilities or 
> security flaws in a web application. The independent claims of the 
> Sanctum patent generally relate to a scanner that (1) traverses a web 
> application in order to discover and actuate the links therein, (2) 
> analyzes messages that flow or would flow between an authorized client 
> and a web server in order to discover elements of the web 
> application's interface with external clients and attributes of these 
> elements (such as links, fill-in forms, fields, fixed fields, hidden 
> fields, menu options, etc.), (3) generates unauthorized client 
> requests in which these elements are mutated, sends the mutated client 
> requests to the web server, receives server responses to the 
> unauthorized client requests, and (4) evaluates the results thereof.
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it help you 
> create better code?  SHARE THE LOVE, and help us help YOU!  Click 
> Here: http://sourceforge.net/donate/ 
> _______________________________________________
> Owasp-leaders mailing list
> Owasp-leaders at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-leaders
> 

Important Notice: This email is subject to important restrictions,
qualifications and disclaimers ("the Disclaimer") that must be accessed and
read by clicking here or by copying and pasting the following address into
your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The
Disclaimer is deemed to form part of the content of this email in terms of
Section 11 of the Electronic Communications and Transactions Act, 25 of
2002. If you cannot access the Disclaimer, please obtain a copy thereof from
us by sending an email to ClientServiceCentre at Deloitte.co.za.


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it help you create
better code?  SHARE THE LOVE, and help us help YOU!  Click Here:
http://sourceforge.net/donate/
_______________________________________________
Owasp-leaders mailing list
Owasp-leaders at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owasp-leaders





More information about the OWASP-Leaders mailing list