[Owasp-leaders] Owasp Inquiry on "Cenzic patent on 'Fault injection methods and apparatus' "

Eoin eoin.keary at owasp.org
Fri Feb 18 07:30:43 EST 2011


Who on the list uses Cenzic?
My EMEIA team does, But I may reconsider if this stupidity goes ahead.
Eoin





On 17 February 2011 18:12, Andre Gironda <andreg at gmail.com> wrote:

> On Thu, Feb 17, 2011 at 10:28 AM, Rogan Dawes <rogan at dawes.za.net> wrote:
> > Hi Dan, leaders,
> >
> > The thing is, this DOES affect OWASP, in that OWASP tools are infringing
> > on this patent. WebScarab has fuzzing functionality, and I suspect that
> > ZAP does too.
>
> This is a very valid point. OWASP must make a statement on this
> software patent (and at least explain what Cenzic is doing, even if we
> don't take a side), and I think we should make a statement on software
> patents in general (regardless of what I believe on the matter and
> BECAUSE IANAL, I don't really care either way how we respond as long
> as we mention what we would do, as a community, when put in the shoes
> of NTObjectives, or worse, a proxy tool like WebScarab). OWASP needs
> less coders in the Board and more lawyers! (J/k!)
>
> > Do we just wait until Cenzic comes after us?
>
> Well, according to the stop232patent.com (Someone made me aware of
> this site less than 24 hours before Dinis posted to this list), we
> should send money to NTObjectives in order to stop this legal
> entanglement now.
>
> What I would do: 1) Buy NTObjectives' scanner and/or service and
> recommend it to others. 2) cite Cenzic for breach-of-contract of their
> software support & upgrade contracts, if you are a current customer of
> theirs (one cannot reasonably expect a company to be able to upgrade
> their product if they are forcing stifled innovation in a growing and
> needy industry), 3) If you're a Veracode customer, consider trading
> your credits (or budget for the year) to dynamic analysis services
> (which can only stand to help NTObjectives), and 4) If you are an
> attorney, or have a GC at your company, contact NTObjective's legal
> counsel.
>
> It also appears that one can list prior art on that stop232patent.com
> website, but I have no idea what fits the criteria. Elza? Nikto?
> Phrack magazine's 1998 article on SQL injection? OULU's work on
> PROTOS? Wisc.edu Bart Miller's 1989 work on fuzz.c? Gary McGraw's 1998
> book on "Software Fault Injection"?
>
> Best of luck,
> Andre
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>



-- 
Eoin Keary
OWASP Global Board Member
OWASP Code Review Guide Lead Author

Sent from my i-Transmogrifier
http://asg.ie/
https://twitter.com/EoinKeary
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110218/7c3c319d/attachment.html 


More information about the OWASP-Leaders mailing list