[Owasp-leaders] Security Firm Strikes Back At Cenzic Patent Lawsuit Threat

Jeremy Epstein jeremy.j.epstein at gmail.com
Fri Feb 25 07:01:50 EST 2011

Since this was a hot topic on the list a few days ago....

I have no opinion on whether NT Objectives is right or wrong, and
whether they're the right or wrong plaintiff.... but OWASP might
consider a "friend of the court" filing on perceived prior art, etc.

---------- Forwarded message ----------
From: InfoSec News <alerts at infosecnews.org>
Date: Fri, Feb 25, 2011 at 2:26 AM
Subject: [ISN] Security Firm Strikes Back At Cenzic Patent Lawsuit Threat
To: isn at infosecnews.org


By Kelly Jackson Higgins
Feb 24, 2011

Cenzic is back on the legal warpath with another patent infringement
lawsuit filed against a security company over Cenzic's patented "fault
injection methods" technology. But this time the target of the lawsuit
is challenging the validity of the patent.

NT Objectives, a small Web application scanning vendor, on Feb. 14 filed
a lawsuit in the U.S. District Court in the Central District of
California for a declaratory judgment of noninfringement, calling the
patent invalid and unenforceable after Cenzic threatened litigation.
Cenzic claims its patent, awarded in 2007, gives it exclusive rights to
use the technology, and that after making "good faith attempts to
resolve issues amicably" with NT Objectives, it decided to file a
lawsuit late last week.

This isn't the first time Cenzic has sued a security firm over the use
of this Web application vulnerability scanning technology: In August
2007, Cenzic filed a patent infringement suit against SPI Dyamics, which
HP was in the process of acquiring. The suit put Web application
security vendors and penetration testers on alert, and several hackers
associated with the sla.ckers.org site demonstrated their displeasure
with the patent at the time by exposing cross-site scripting flaws in
Cenzic's website. HP later settled with Cenzic by signing a
cross-licensing agreement. IBM also signed such an agreement nearly two
years later with Cenzic.

At the heart of the Cenzic patent dispute is the so-called "prior art":
Security experts argue that there are already some fault-injection tools
that were released in the 2000-2001 time frame, well before Cenzic first
filed for its patent, which would basically render the so-called Patent
232 moot. And critics say the patent is far too broad, covering the
day-to-day tasks of most security scanners, penetration testing tools,
and even that of the penetration testers themselves.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.

More information about the OWASP-Leaders mailing list