[Owasp-leaders] Owasp Inquiry on "Cenzic patent on 'Fault injection methods and apparatus' "

Rex Booth rex.booth at owasp.org
Thu Feb 17 13:57:38 EST 2011


This "issue" is not new.  Patent squatting and similar activities is a 
prevalent problem throughout the US intellectual property system.  To my 
knowledge, OWASP has not addresses these problems in the past, so I'm at 
a loss to understand why we would do so now.

I, as an individual, am personally and professionally irritated by 
Cenzic's claim - as I'm sure we all are.  But that doesn't mean that 
OWASP has a play at this point.

You asked if we should wait until they come for us.  In my opinion, that 
is exactly what we should do.  Because until that point, their actions 
really have no appreciable impact on our ability to fulfill our 
mission.  In the meantime, let the battle be waged by the organizations 
who have a mission to fight these kinds of actions.  Otherwise we risk 
getting in WAY over our heads and drifting far from our core mission.

Rex


On 2/17/2011 1:29 PM, dinis cruz wrote:
> The problem with this case is that if OWASP doesn't do anything, that 
> in it self it taking a position (some might argue that it would be 
> equivalent of 'putting the head into the sand and ignoring what is 
> happening')
>
> This is definitely a case where we will be dammed if we do and dammed 
> if we don't (ignoring this will not make the issue go away)
>
> This case goes to the heart of a lot of things at OWASP (including our 
> ability to continue to innovate on the WebApp tools space).
>
> In fact, as some of the recommendations already provided in this small 
> thread clearly show, if there is no clear 'position' and guidelines 
> from OWASP's community, we will actually create a much worse environment.
>
> We need to start start this process from the point of view that we 
> need to listen to both sides of the story, we first need to clarify 
> what are the facts and what is really going on.
>
> We shouldn't start from the premise that Cenzic is wrong, that its 
> products should be boycotted or that the WebAppSec buyers should buy 
> Cenzic's competitors products
>
> Dinis Cruz
>
>
> On 17 February 2011 18:19, Dan Cornell <dan at denimgroup.com 
> <mailto:dan at denimgroup.com>> wrote:
>
>     > What I would do: 1) Buy NTObjectives' scanner and/or service and
>     > recommend it to others. 2) cite Cenzic for breach-of-contract of
>     their
>     > software support & upgrade contracts, if you are a current
>     customer of
>     > theirs (one cannot reasonably expect a company to be able to upgrade
>     > their product if they are forcing stifled innovation in a
>     growing and
>     > needy industry), 3) If you're a Veracode customer, consider trading
>     > your credits (or budget for the year) to dynamic analysis services
>     > (which can only stand to help NTObjectives), and 4) If you are an
>     > attorney, or have a GC at your company, contact NTObjective's legal
>     > counsel.
>     >
>     > It also appears that one can list prior art on that
>     stop232patent.com <http://stop232patent.com>
>     > website, but I have no idea what fits the criteria. Elza? Nikto?
>     > Phrack magazine's 1998 article on SQL injection? OULU's work on
>     > PROTOS? Wisc.edu Bart Miller's 1989 work on fuzz.c? Gary
>     McGraw's 1998
>     > book on "Software Fault Injection"?
>     >
>
>     Agreed!  I suppose my point is that these are all
>     decisions/activities that make sense for people or firms to take
>     in their name, not in the OWASP name.  And I think that is a
>     healthier approach versus OWASP holding an ominously-named
>     "Inquiry" into a Supporter organization (or any organization, for
>     that matter).  Now if OWASP wanted to start a "Prior Art" project
>     that might be something...
>
>     Thanks,
>
>     Dan
>
>     _______________________________________________
>     OWASP-Leaders mailing list
>     OWASP-Leaders at lists.owasp.org <mailto:OWASP-Leaders at lists.owasp.org>
>     https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110217/9c2c188c/attachment.html 


More information about the OWASP-Leaders mailing list