[Owasp-leaders] Owasp Inquiry on "Cenzic patent on 'Fault injection methods and apparatus' "

Tin Zaw tin.zaw at owasp.org
Thu Feb 17 19:57:14 EST 2011


I don't think OWASP should get involved in patent disputes between Cenzic
(or any company for that matter) and other commercial companies. Let the
markets sort it out on their own.

As Rex pointed out, wait-and-see approach is a good option that OWASP has.

Another approach is to ask Cenzic to license the patent free of charge to
OWASP, as a good-will effort.

Cenzic is a player in application security ecosystem that OWASP supports, an
organizational supporter of OWASP's causes, and Mandeep is an active leader
in OWASP. I am sure any potential conflicts between OWASP and Cenzic can be
resolved in a collegial manner.

Tin

On Thu, Feb 17, 2011 at 4:23 PM, Chris Weber <chris at casaba.com> wrote:

> I’m eager to hear how that phone call goes.  Hearing how Cenzic has
> threatened litigation against NTO, Veracode, Acunetix, and others, their
> view seems pretty clear.
>
>
>
> -Chris
>
>
>
> *From:* owasp-leaders-bounces at lists.owasp.org [mailto:
> owasp-leaders-bounces at lists.owasp.org] *On Behalf Of *John Wilander
> *Sent:* Thursday, February 17, 2011 3:12 PM
>
> *To:* owasp-leaders at lists.owasp.org
> *Cc:* owasp-leaders at lists.owasp.org; Mark Curphey
> *Subject:* Re: [Owasp-leaders] Owasp Inquiry on "Cenzic patent on 'Fault
> injection methods and apparatus' "
>
>
>
> Check the logos on the AppSec USA 2010 page:
>
> http://www.owasp.org/index.php/AppSec_US_2010,_CA#tab=Sponsors
>
>
>
> Can OWASP keep accepting Cenzic's money if we act on the patent issue? I
> sense potential hypocrisy.
>
>
>
> Why not a diplomatic outreach first? Jeff calling Cenzic's CEO, telling him
> of the community concern and asking for their view. I'd prefer starting
> there.
>
>
>
>    Regards, John
>
>
>
>
> Sent from my iPad
>
>
> On 17 feb 2011, at 19:57, Rex Booth <rex.booth at owasp.org> wrote:
>
> This "issue" is not new.  Patent squatting and similar activities is a
> prevalent problem throughout the US intellectual property system.  To my
> knowledge, OWASP has not addresses these problems in the past, so I'm at a
> loss to understand why we would do so now.
>
> I, as an individual, am personally and professionally irritated by Cenzic's
> claim - as I'm sure we all are.  But that doesn't mean that OWASP has a play
> at this point.
>
> You asked if we should wait until they come for us.  In my opinion, that is
> exactly what we should do.  Because until that point, their actions really
> have no appreciable impact on our ability to fulfill our mission.  In the
> meantime, let the battle be waged by the organizations who have a mission to
> fight these kinds of actions.  Otherwise we risk getting in WAY over our
> heads and drifting far from our core mission.
>
> Rex
>
>
> On 2/17/2011 1:29 PM, dinis cruz wrote:
>
> The problem with this case is that if OWASP doesn't do anything, that in it
> self it taking a position (some might argue that it would be equivalent of
> 'putting the head into the sand and ignoring what is happening')
>
>
>
> This is definitely a case where we will be dammed if we do and dammed if we
> don't (ignoring this will not make the issue go away)
>
>
>
> This case goes to the heart of a lot of things at OWASP (including our
> ability to continue to innovate on the WebApp tools space).
>
>
>
> In fact, as some of the recommendations already provided in this small
> thread clearly show, if there is no clear 'position' and guidelines from
> OWASP's community, we will actually create a much worse environment.
>
>
>
> We need to start start this process from the point of view that we need to
> listen to both sides of the story, we first need to clarify what are the
> facts and what is really going on.
>
>
>
> We shouldn't start from the premise that Cenzic is wrong, that its products
> should be boycotted or that the WebAppSec buyers should buy Cenzic's
> competitors products
>
>
> Dinis Cruz
>
> On 17 February 2011 18:19, Dan Cornell <dan at denimgroup.com> wrote:
>
> > What I would do: 1) Buy NTObjectives' scanner and/or service and
> > recommend it to others. 2) cite Cenzic for breach-of-contract of their
> > software support & upgrade contracts, if you are a current customer of
> > theirs (one cannot reasonably expect a company to be able to upgrade
> > their product if they are forcing stifled innovation in a growing and
> > needy industry), 3) If you're a Veracode customer, consider trading
> > your credits (or budget for the year) to dynamic analysis services
> > (which can only stand to help NTObjectives), and 4) If you are an
> > attorney, or have a GC at your company, contact NTObjective's legal
> > counsel.
> >
> > It also appears that one can list prior art on that stop232patent.com
> > website, but I have no idea what fits the criteria. Elza? Nikto?
> > Phrack magazine's 1998 article on SQL injection? OULU's work on
> > PROTOS? Wisc.edu Bart Miller's 1989 work on fuzz.c? Gary McGraw's 1998
> > book on "Software Fault Injection"?
> >
>
> Agreed!  I suppose my point is that these are all decisions/activities that
> make sense for people or firms to take in their name, not in the OWASP name.
>  And I think that is a healthier approach versus OWASP holding an
> ominously-named "Inquiry" into a Supporter organization (or any
> organization, for that matter).  Now if OWASP wanted to start a "Prior Art"
> project that might be something...
>
> Thanks,
>
> Dan
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
>
>
> _______________________________________________
>
> OWASP-Leaders mailing list
>
> OWASP-Leaders at lists.owasp.org
>
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Tin Zaw, CISSP, CSSLP
Chapter Leader and President, OWASP Los Angeles Chapter<http://www.owaspla.org/>
Chair, OWASP Global Chapter
Committee<http://www.owasp.org/index.php/Global_Chapter_Committee>|
Google Voice: (213) 973-9295
LinkedIn: http://www.linkedin.com/in/tinzaw
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110217/7bb87a10/attachment.html 


More information about the OWASP-Leaders mailing list