[OWASP-LEADERS] Sanctums Patent

Dawes, Rogan (ZA - Johannesburg) rdawes at deloitte.co.za
Mon Dec 1 08:59:28 EST 2003


Hi,

I think that this is a reasonable approach, if you have people operating
outside the US. Czech Republic will soon be part of the EU, so if the EU
considers US patents to be enforceable on EU soil, there may be a problem,
but otherwise, I don't see one. I personally would welcome Sanctum sending
me a "cease and desist", so I could tell them where to stick it. ;-)

I haven't read the patent very carefully (not being interested in US
software patents), so I don't know how their patent may conflict with WAS.
Regardless, that will not deter me from implementing it (although lack of
time might ;-)

Rogan

> -----Original Message-----
> From: Mark Curphey [mailto:mark at curphey.com] 
> Sent: 01 December 2003 01:48 PM
> To: owasp-leaders at lists.sourceforge.net
> Subject: RE: [OWASP-LEADERS] Sanctums Patent
> 
> 
> That's one solution I never thought about...OWASP supports an outside
> project called WebScarab that's developed outside of the 
> durestriction of US
> patent office ;-) 
> 
> Rogan, we need to chat about WAS and it as well as I think 
> the extended
> fucntionality we were proposing for the WAS Test element (btw 
> I want to
> proposoe we buy our selves another 6 months on that to do it 
> properly)  will
> face the same issue. Ironic as Sanctum are on the TC ;-(
> 
> 
> -----Original Message-----
> From: owasp-leaders-admin at lists.sourceforge.net
> [mailto:owasp-leaders-admin at lists.sourceforge.net] On Behalf 
> Of Dawes, Rogan
> (ZA - Johannesburg)
> Sent: Monday, December 01, 2003 1:24 AM
> To: owasp-leaders at lists.sourceforge.net
> 
> I guess the first question is: 
> 
> Does Sanctum's US patent affect other countries?
> 
> At this point, 99.99% of WebScarab's development is occuring 
> either in South
> Africa, and soon to be Czech Republic. Do I have to care about this?
> 
> Realising that OWASP is largely based in the US, it may be 
> necessary for
> OWASP to "disown" WebScarab as a project under the banner, 
> but there may be
> nothing to stop the development and distribution of WebScarab 
> from going
> ahead regardless.
> 
> Do we have any international patent lawyers on this list? ;-)
> 
> Rogan
> 
> > -----Original Message-----
> > From: Mark Curphey [mailto:mark at curphey.com]
> > Sent: 01 December 2003 03:00 AM
> > To: owasp-leaders at lists.sourceforge.net
> > Subject: [OWASP-LEADERS] Sanctums Patent
> > 
> > 
> > Team,
> > 
> > I have been hearing rumors that Sanctum are starting to issue writs 
> > for patent infringement. Whilst I personally think its 
> farcical that 
> > anyone can get such a patent that facts are its been issued 
> and they 
> > are pursuing people. The question for us is how is 
> WebScarabs future 
> > affected by this patent ? There are also a lot of questions about 
> > OASIS WAS that we need to deal with but that's a separate 
> issue. What 
> > do we do ?
> > 
> > United States Patent No. 6,584,569 to Reshef et al. and assigned to 
> > Sanctum Ltd. ("The Sanctum Patent") discloses a scanner for 
> > automatically detecting potential application-level 
> vulnerabilities or 
> > security flaws in a web application. The independent claims of the 
> > Sanctum patent generally relate to a scanner that (1) 
> traverses a web 
> > application in order to discover and actuate the links therein, (2) 
> > analyzes messages that flow or would flow between an 
> authorized client 
> > and a web server in order to discover elements of the web 
> > application's interface with external clients and 
> attributes of these 
> > elements (such as links, fill-in forms, fields, fixed 
> fields, hidden 
> > fields, menu options, etc.), (3) generates unauthorized client 
> > requests in which these elements are mutated, sends the 
> mutated client 
> > requests to the web server, receives server responses to the 
> > unauthorized client requests, and (4) evaluates the results thereof.
> > 
> > 
> > 
> > 
> > -------------------------------------------------------
> > This SF.net email is sponsored by: SF.net Giveback Program.
> > Does SourceForge.net help you be more productive?  Does it help you 
> > create better code?  SHARE THE LOVE, and help us help YOU!  Click 
> > Here: http://sourceforge.net/donate/ 
> > _______________________________________________
> > Owasp-leaders mailing list
> > Owasp-leaders at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/owasp-leaders
> > 
> 
> Important Notice: This email is subject to important restrictions,
> qualifications and disclaimers ("the Disclaimer") that must 
> be accessed and
> read by clicking here or by copying and pasting the following 
> address into
> your Internet browser's address bar: 
> http://www.Deloitte.co.za/Disc.htm. The
> Disclaimer is deemed 
> to form part of the content of this email in terms of
> Section 11 of the Electronic Communications and Transactions 
> Act, 25 of
> 2002. If you cannot access the Disclaimer, please obtain a 
> copy thereof from
> us by sending an email to ClientServiceCentre at Deloitte.co.za.
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it 
> help you create
> better code?  SHARE THE LOVE, and help us help YOU!  Click Here:
> http://sourceforge.net/donate/
> _______________________________________________
> Owasp-leaders mailing list
> Owasp-leaders at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-leaders
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: SF.net Giveback Program.
> Does SourceForge.net help you be more productive?  Does it
> help you create better code?  SHARE THE LOVE, and help us help
> YOU!  Click Here: http://sourceforge.net/donate/
> _______________________________________________
> Owasp-leaders mailing list
> Owasp-leaders at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-leaders
> 

Important Notice: This email is subject to important restrictions, qualifications and disclaimers ("the Disclaimer") that must be accessed and read by clicking here or by copying and pasting the following address into your Internet browser's address bar: http://www.Deloitte.co.za/Disc.htm. The Disclaimer is deemed to form part of the content of this email in terms of Section 11 of the Electronic Communications and Transactions Act, 25 of 2002. If you cannot access the Disclaimer, please obtain a copy thereof from us by sending an email to ClientServiceCentre at Deloitte.co.za.




More information about the OWASP-Leaders mailing list