[Owasp-leaders] (From Mark Curphey) Owasp Inquiry on "Cenzic patent on 'Fault injection methods and apparatus' "

Dan Cornell dan at denimgroup.com
Thu Feb 17 13:06:00 EST 2011


From: Mark Curphey [mailto:mark at curphey.com]
Sent: Thursday, February 17, 2011 11:30 AM
To: dinis cruz; owasp-leaders at lists.owasp.org
Subject: RE: Owasp Inquiry on "Cenzic patent on 'Fault injection methods and apparatus' "

Its certainly a tricky topic to deal with and one that is clearly very intertwined. For instance I have strong beliefs that patents are not useful yet work for MSFT.  I rationalize this myself by not applying for patents myself. I acknowledge thats a questionable approach but a workable one for me.

Whats challenging here is a company that is supporting and benefiting an open project yet seems to be operating with two approaches. That feels like Oracle / Java or similar. That said first I saw of this was Dan's tweet this morning and fired off a short mail to Dan and Dinis without any real thought so .......

I wonder if one approach here is to develop a charter of things OWASP believes in and ask individuals to endorse it ? This allows a core set of values to be supported and to separate "church and state" so to speak
________________________________
From: dinis cruz [dinis.cruz at owasp.org]
Sent: Thursday, February 17, 2011 8:47 AM
To: owasp-leaders at lists.owasp.org
Cc: Mark Curphey
Subject: Owasp Inquiry on "Cenzic patent on 'Fault injection methods and apparatus' "
I saw this today and it looks like something we (i.e. OWASP) should be involved in: http://stop232patent.com (patent document is here http://www.patentstorm.us/patents/7185232/fulltext.html)

I guess the first question is who at OWASP should look at this? The board? A Committee? An ad-hoc group of OWASP Leaders?

We need to address this issue, since is a very hot-topic (with strong views on both side of the fence) and it could have implications for a number of OWASP projects (including my own, the O2 Platform).

My proposal (since I'm not on the board anymore) is that we start an OWASP inquiry on the topic.

So far we have done two inquiries at OWASP (see here <http://www.owasp.org/index.php/OWASP_Investigation_-_AppSec_Brazil_2009> and here<http://www.owasp.org/index.php/OWASP_Inquiries/Google_Hacking_Project>) and although this is not an exact match, I think there is a lot we can reuse from them.

Another reason why we need such inquiry is that we need to make sure that both sides of the fence have a fair change to present their views.

My hope is that we can turn this 'problem' (as viewed by parts of our community) into an opportunity to create something good.

That said, the stakes are quite high, so we need to act on this quickly and (once we have all information collected) be prepared to make though decisions

Dinis Cruz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110217/d3df8e5c/attachment-0001.html 


More information about the OWASP-Leaders mailing list