[Owasp-leaders] Owasp Inquiry on "Cenzic patent on 'Fault injection methods and apparatus' "

Dan Cornell dan at denimgroup.com
Thu Feb 17 12:19:05 EST 2011

I'm not sure it is the OWASP organization's place to tell companies how to handle what they believe are their intellectual property rights.  The "O" in OWASP stands for "Open" but that applies to everything _we_ do.  I believe OWASP is better off leading by example and showing the benefits of openness rather than beating up on organizations for their non-OWASP activities.  Otherwise we might as well open up "OWASP Inquiries" on IBM, Microsoft, HP and a variety of other OWASP-supporting organizations that all have patents, trademarks, copyrights, etc that they feel the need to enforce from time to time.  Doing this crosses the line from "Raymond" to "Stallman" and, though I respect all of Richard Stallman's work, OWASP, to me, has always been more of an Open Source organization rather than a Free Software organization.

That said, from the limited information I have seen on this issue, I (Dan Cornell the person, not a representative of Denim Group, not the OWASP Membership Committee Chair) think the whole business with Cenzic is silly and stifling and bad for the discipline of application security.  Everybody gets 24 hours in their day and I'm not sure why anyone would devote any of their 24 to chasing after this mess rather than developing new features, talking to customers, etc.  But that's _my_ opinion and I'm not sure "OWASP" should even get to have an opinion unless OWASP materials are involved.



From: owasp-leaders-bounces at lists.owasp.org [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of dinis cruz
Sent: Thursday, February 17, 2011 10:47 AM
To: owasp-leaders at lists.owasp.org
Cc: Mark Curphey
Subject: [Owasp-leaders] Owasp Inquiry on "Cenzic patent on 'Fault injection methods and apparatus' "

I saw this today and it looks like something we (i.e. OWASP) should be involved in: http://stop232patent.com (patent document is here http://www.patentstorm.us/patents/7185232/fulltext.html)

I guess the first question is who at OWASP should look at this? The board? A Committee? An ad-hoc group of OWASP Leaders?

We need to address this issue, since is a very hot-topic (with strong views on both side of the fence) and it could have implications for a number of OWASP projects (including my own, the O2 Platform).

My proposal (since I'm not on the board anymore) is that we start an OWASP inquiry on the topic.

So far we have done two inquiries at OWASP (see here <http://www.owasp.org/index.php/OWASP_Investigation_-_AppSec_Brazil_2009> and here<http://www.owasp.org/index.php/OWASP_Inquiries/Google_Hacking_Project>) and although this is not an exact match, I think there is a lot we can reuse from them.

Another reason why we need such inquiry is that we need to make sure that both sides of the fence have a fair change to present their views.

My hope is that we can turn this 'problem' (as viewed by parts of our community) into an opportunity to create something good.

That said, the stakes are quite high, so we need to act on this quickly and (once we have all information collected) be prepared to make though decisions

Dinis Cruz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110217/55859fab/attachment.html 

More information about the OWASP-Leaders mailing list