[Owasp-leaders] Owasp Inquiry on "Cenzic patent on 'Fault injection methods and apparatus' "

dinis cruz dinis.cruz at owasp.org
Sun Feb 27 14:11:46 EST 2011


I don't think we can assume anything at this stage.

The first thing that we should all be clear is that (at least from OWASP)
there should be no 'official' lawyer involvement (event if the person making
the comment has some/complete law training or practice). All conversations,
ideas and positions stated during this OWASP-driven-talks are all done at a
personal (or even 'appsec professional') level (and this is the key reason
why there is no need to have 'owasp board' approval to move this forward).

So moving on, what I propose is that we start documenting this entire
process on a OWASP wiki page like : http://www.owasp.org/index.php/Web
Application Patents/Cenzic patent on 'Fault injection methods and
apparatus' (if
you have made comments on this thread about this topic, please add them on
this page (you can also use the discussion
page<http://www.owasp.org/index.php/Talk:Web_Application_Patents/Cenzic_patent_on_'Fault_injection_methods_and_apparatus'>
)

What we need ASAP is to have a central place where all public information
(for and against) about this case is documented and commented. This should
include all public references, articles, news articles, blogs, tweets,
etc...

We should use the power of the WIKI to create a good 'state of affairs' page
which identifies what is happening, what are the consequences if either side
wins and what are the options available to OWASP's projects.

Like I mentioned before, we need to give both sides a fair chance to present
their case, the only caveat is that it needs to be on an open forum
(CC-licenced) like the OWASP wiki (i.e. no 'private conversations')

Dinis Cruz


On 27 February 2011 13:09, John Wilander <john.wilander at owasp.org> wrote:

> Judging by the Cenzic silence on Twitter and within the community I think
> this is the usual case of tech guys being embarrassed and humiliated by the
> legal guys. I just cannot see how the people who did Cenzic's tech research
> that led to this inferior patent would stand up to lawsuits against peers.
> Maybe I'm wrong.
>
> For me this drives Free Software. Patent lawsuits tell me that if you
> invent something, publish it freely and establish prior art asap. We have to
> get out of this 20th century mentality of owning thoughts. Build and
> maintain an abundance mentality. Do good and good will come.
>
> Imagine the investments Cenzic will have to do to establish their brand
> again. #fail
>
>    Regards, John
>
>
> 2011/2/27 Hoyt LLC <h02332 at gmail.com>
>
> Hello and Good Day-
>>
>> First off, an intro, David Hoyt, OWASP-Vermont.. a new chapter... with a
>> hello to all owasp-leaders.
>>
>> Second. I have attorneys on staff and will donate time and resources with
>> respect to the patent infringement issues being investigated.
>>
>> I'll get on the correct list and look forward to help in any way possible.
>>
>> Best;
>>
>> David
>>
>>
>>
>>
>> On Sat, Feb 26, 2011 at 23:25, Jim Manico <jim.manico at owasp.org> wrote:
>>
>>> Tim,
>>>
>>> We already have https://lists.owasp.org/mailman/listinfo/owasp-legal set
>>> up. It's been dead for a while but I think its a good place to encourage
>>> lawyers who wish to donate time to congregate and chat about relevant
>>> appsec legal issues.
>>>
>>> I'm eager to get this rolling. Let me know how I can help. I know of at
>>> least 3 lawyers in the OWASP community who would jump in.
>>>
>>> - Jim
>>>
>>> > Hi Jim,
>>> >
>>> > Yes, you're right, we don't need board's permission. I have asked my
>>> friend
>>> > to see if he can point me to a patent lawyer who can help receive the
>>> patent
>>> > on pro bono basis.
>>> >
>>> > We will need board's signature later and we do need to coordinate so
>>> that
>>> > OWASP is not pursuing redundant efforts or conflicting strategies.
>>> Perhaps
>>> > Jim and I can coordinate these efforts.
>>> >
>>> > I will also ask legal counsel at work to see if they know any lawyer
>>> > interested to work for a non profit on pro bono basis. I will talk to
>>> > Mandeep offline to see how likely they will want to license us the
>>> patent
>>> > and how to proceed.
>>> >
>>> > Leaders, let us know if you have any thoughts/input on OWASP licensing
>>> the
>>> > patent in question.
>>> >
>>> > Tin
>>> >
>>> > On Sat, Feb 19, 2011 at 3:39 PM, Jim Manico <jim.manico at owasp.org>
>>> wrote:
>>> >
>>> >> We do not need the boards approval, as Jeff has pointed out many
>>> times.
>>> >> Let's get a few lawyers together who are kind enough to do this for
>>> free.
>>> >>
>>> >> It would be a gift if these lawyers would professionally research this
>>> >> issue and inform OWASP of their opinion over this matter.
>>> >>
>>> >> Go for it, and I'll offer to coordinate these efforts if no one else
>>> steps
>>> >> up.
>>> >>
>>> >> -Jim Manico
>>> >> http://manico.net
>>> >>
>>> >> On Feb 19, 2011, at 2:01 PM, Tin Zaw <tin.zaw at owasp.org> wrote:
>>> >>
>>> >> Hi Abe,
>>> >>
>>> >> Thank you for pointing out a couple of important points -- OWASP may
>>> be at
>>> >> risk on patent infringement and OWASP needs to consult with a lawyer.
>>> >>
>>> >> There is a possibility that Cenzic will license the patent in question
>>> to
>>> >> OWASP, free of charge. They can't publicly comment as they are in the
>>> middle
>>> >> of a law suit, so this is a situation that our lawyers need to talk to
>>> their
>>> >> lawyers on getting the patent license.
>>> >>
>>> >> I believe we can, as OWASP leaders, seek out a lawyer who is
>>> interested in
>>> >> this case on pro bono basis and introduce to the board. The board
>>> should
>>> >> take it from there.
>>> >>
>>> >> I can contact a friend of mine who is a patent law professor to see if
>>> any
>>> >> lawyer interested to represent OWASP on pro bono. I don't want to
>>> duplicate
>>> >> the effort though, if the board has its own plans underway.
>>> >>
>>> >> What does the board think?
>>> >>
>>> >> Thanks.
>>> >>
>>> >> On Sat, Feb 19, 2011 at 8:48 AM, Abraham Kang < <
>>> abraham.kang at owasp.org>
>>> >> abraham.kang at owasp.org> wrote:
>>> >>
>>> >>> I forgot to mention that many law firms are required to do pro bono
>>> work.
>>> >>> OWASP being a non-profit might qualify for free legal advice.
>>> >>>
>>> >>> If someone can give me authorization (to be OWASP's agent in this
>>> >>> matter) I can try try to contact some law firms to see if they would
>>> be
>>> >>> willing to help us out.
>>> >>> Regards,
>>> >>> Abe
>>> >>> On Fri, Feb 18, 2011 at 4:21 PM, Abraham Kang < <
>>> abraham.kang at owasp.org>
>>> >>> abraham.kang at owasp.org> wrote:
>>> >>>
>>> >>>> DISCLAIMER:  I am not a lawyer.  OWASP needs to seek council of a
>>> >>>> licensed attorney.  Any opinions stated here are of a student from
>>> an
>>> >>>> academic perspective.
>>> >>>>
>>> >>>> After reviewing all of the comments.
>>> >>>>
>>> >>>> I have a strong feeling that the companies that are being sued will
>>> be
>>> >>>> putting forth the corresponding arguements to fight the Cenzic
>>> patent.
>>> >>>>
>>> >>>> Patent defense is usually a costly endeavor (legal fees, experts,
>>> etc.).
>>> >>>> I feel that OWASP should stay out of the fight against the Cenzic
>>> patent.
>>> >>>>
>>> >>>> However, it should be noted that if OWASP knows of Cenzic's patent
>>> and
>>> >>>> understands that some of their products may infringe, OWASP could
>>> become a
>>> >>>> willful infringer. Which would result in enhanced damages if sued.
>>> >>>>
>>> >>>> I think it would be a good idea for someone at OWASP to contact
>>> legal
>>> >>>> council at Cenzic.  In addition, it might be a good idea to freeze
>>> all work
>>> >>>> on possibly infringing OWASP projects as well as stopping
>>> distriubtion of
>>> >>>> potentially infringing products.
>>> >>>>
>>> >>>> Again, OWASP needs to contact a licensed attorney to understand all
>>> of
>>> >>>> the implications of the Cenzic patent.
>>> >>>>
>>> >>>> Regards,
>>> >>>> Abe
>>> >>>>   On Fri, Feb 18, 2011 at 1:58 PM, Jim Manico < <
>>> jim.manico at owasp.org>
>>> >>>> jim.manico at owasp.org> wrote:
>>> >>>>
>>> >>>>> >From an "almost Lawyer"
>>> >>>>>
>>> >>>>> ****
>>> >>>>>
>>> >>>>> First I want to preface this with a disclaimer.  Although I have
>>> >>>>> graduated
>>> >>>>> from Lincoln Law School of San Jose.  I am not a lawyer.  To get
>>> >>>>> adequate
>>> >>>>> advice I recommend seeking council of a licensed attorney.
>>> >>>>>
>>> >>>>> After skimming the MPEP, there are two direct means to challenge a
>>> >>>>> patent.
>>> >>>>> Inter parte and ex parte reexamination.  Prior art is used as
>>> evidence
>>> >>>>> that
>>> >>>>> claims in a patent invalid due to novelty, non-obviousness, or
>>> violated
>>> >>>>> a
>>> >>>>> statuory bar.  Prior art in reexaminations is limited to prior
>>> patents
>>> >>>>> or
>>> >>>>> printed publications.  There are also specific procedures which
>>> need to
>>> >>>>> be
>>> >>>>> followed when submitting prior art including serving the patent
>>> holder
>>> >>>>> with
>>> >>>>> a copy of the prior art.
>>> >>>>>
>>> >>>>> The specific details are in MPEP section 2200-.
>>> >>>>>
>>> >>>>> It probably would be a good idea to gather as much prior art using
>>> the
>>> >>>>> "community" before making the formal request for inter parte or ex
>>> parte
>>> >>>>> reexamination.
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>> Funny old world.....
>>> >>>>>>
>>> >>>>>> Sent from my HTC hero.
>>> >>>>>>
>>> >>>>>> owasp board member
>>> >>>>>>
>>> >>>>>> On 18 Feb 2011 15:14, "Mark Curphey" < <mark at curphey.com>
>>> >>>>> mark at curphey.com> wrote:
>>> >>>>>>
>>> >>>>>>  Pure FYI and not that it has any relevance whatsoever to this but
>>> >>>>> cenzic
>>> >>>>>> was founded by HB Gary (Penny and Greg). Hmmmm.
>>> >>>>>>
>>> >>>>>> Sent from my Phone
>>> >>>>>>
>>> >>>>>>
>>> >>>>>>
>>> >>>>>> On Feb 18, 2011, at 4:30 AM, "Eoin" < <eoin.keary at owasp.org>
>>> >>>>> eoin.keary at owasp.org> wrote:
>>> >>>>>>
>>> >>>>>>> Who on the list uses Cenzic?
>>> >>>>>> ...
>>> >>>>>>
>>> >>>>>>
>>> >>>>>>
>>> >>>>>>
>>> >>>>>  > _______________________________________________
>>> >>>>>> OWASP-Leaders mailing list
>>> >>>>>> <OWASP-Leaders at lists.owasp.org>OWASP-Leaders at lists.owasp.org
>>> >>>>>> <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>>> >>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> >>>>>
>>> >>>>> _______________________________________________
>>> >>>>> OWASP-Leaders mailing list
>>> >>>>> <OWASP-Leaders at lists.owasp.org>OWASP-Leaders at lists.owasp.org
>>> >>>>> <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>>> >>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> >>>>>
>>> >>>>
>>> >>>>
>>> >>>
>>> >>> _______________________________________________
>>> >>> OWASP-Leaders mailing list
>>> >>>  <OWASP-Leaders at lists.owasp.org>OWASP-Leaders at lists.owasp.org
>>> >>>  <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>>> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> >>>
>>> >>>
>>> >>
>>> >>
>>> >> --
>>> >> Tin Zaw, CISSP, CSSLP
>>> >> Chapter Leader and President, OWASP Los Angeles Chapter<
>>> http://www.owaspla.org/>
>>> >> Chair, OWASP Global Chapter Committee<
>>> http://www.owasp.org/index.php/Global_Chapter_Committee>|
>>> >> Google Voice: (213) 973-9295
>>> >> LinkedIn: <http://www.linkedin.com/in/tinzaw>
>>> >> http://www.linkedin.com/in/tinzaw
>>> >>
>>> >>  _______________________________________________
>>> >> OWASP-Leaders mailing list
>>> >> OWASP-Leaders at lists.owasp.org
>>> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> >>
>>> >>
>>> >> _______________________________________________
>>> >> OWASP-Leaders mailing list
>>> >> OWASP-Leaders at lists.owasp.org
>>> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>> >>
>>> >>
>>> >
>>> >
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
>
> --
> John Wilander, https://twitter.com/johnwilander
> Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
> Conf Comm, http://www.owasp.org/index.php/Global_Conferences_Committee<http://owaspsweden.blogspot.com>
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110227/ae7ca092/attachment-0001.html 


More information about the OWASP-Leaders mailing list