[Owasp-leaders] Owasp Inquiry on "Cenzic patent on 'Fault injection methods and apparatus' "

Dan Cornell dan at denimgroup.com
Thu Feb 17 13:19:59 EST 2011

> What I would do: 1) Buy NTObjectives' scanner and/or service and
> recommend it to others. 2) cite Cenzic for breach-of-contract of their
> software support & upgrade contracts, if you are a current customer of
> theirs (one cannot reasonably expect a company to be able to upgrade
> their product if they are forcing stifled innovation in a growing and
> needy industry), 3) If you're a Veracode customer, consider trading
> your credits (or budget for the year) to dynamic analysis services
> (which can only stand to help NTObjectives), and 4) If you are an
> attorney, or have a GC at your company, contact NTObjective's legal
> counsel.
> It also appears that one can list prior art on that stop232patent.com
> website, but I have no idea what fits the criteria. Elza? Nikto?
> Phrack magazine's 1998 article on SQL injection? OULU's work on
> PROTOS? Wisc.edu Bart Miller's 1989 work on fuzz.c? Gary McGraw's 1998
> book on "Software Fault Injection"?

Agreed!  I suppose my point is that these are all decisions/activities that make sense for people or firms to take in their name, not in the OWASP name.  And I think that is a healthier approach versus OWASP holding an ominously-named "Inquiry" into a Supporter organization (or any organization, for that matter).  Now if OWASP wanted to start a "Prior Art" project that might be something...



More information about the OWASP-Leaders mailing list