[Owasp-leaders] Owasp Inquiry on "Cenzic patent on 'Fault injection methods and apparatus' "

Tin Zaw tin.zaw at owasp.org
Mon Feb 28 22:32:16 EST 2011


I am concerned about the patent's implication on OWASP organization, its
mission and its projects.

To mitigate that, I can think of two approaches.

1. License patent from Cenzic, free of charge, so we cover ourselves. While
it may be narrow-minded, OWASP mission can continue and OWASP projects will
be indemnified.

2. Get OWASP involved in the patent fight. I believe that's what Dinis is
weighing.

I prefer #1, but if Dinis wants to go with #2, I won't stop him. I just hope
he won't stop any private conversations that I may have :-)

Tin


On Sun, Feb 27, 2011 at 11:11 AM, dinis cruz <dinis.cruz at owasp.org> wrote:

> I don't think we can assume anything at this stage.
>
> The first thing that we should all be clear is that (at least from OWASP)
> there should be no 'official' lawyer involvement (event if the person making
> the comment has some/complete law training or practice). All conversations,
> ideas and positions stated during this OWASP-driven-talks are all done at a
> personal (or even 'appsec professional') level (and this is the key reason
> why there is no need to have 'owasp board' approval to move this forward).
>
> So moving on, what I propose is that we start documenting this entire
> process on a OWASP wiki page like : http://www.owasp.org/index.php/Web
> Application Patents/Cenzic patent on 'Fault injection methods and apparatus' (if
> you have made comments on this thread about this topic, please add them on
> this page (you can also use the discussion page<http://www.owasp.org/index.php/Talk:Web_Application_Patents/Cenzic_patent_on_'Fault_injection_methods_and_apparatus'>
> )
>
> What we need ASAP is to have a central place where all public information
> (for and against) about this case is documented and commented. This should
> include all public references, articles, news articles, blogs, tweets,
> etc...
>
> We should use the power of the WIKI to create a good 'state of affairs'
> page which identifies what is happening, what are the consequences if either
> side wins and what are the options available to OWASP's projects.
>
> Like I mentioned before, we need to give both sides a fair chance to
> present their case, the only caveat is that it needs to be on an open forum
> (CC-licenced) like the OWASP wiki (i.e. no 'private conversations')
>
> Dinis Cruz
>
>
>
> On 27 February 2011 13:09, John Wilander <john.wilander at owasp.org> wrote:
>
>> Judging by the Cenzic silence on Twitter and within the community I think
>> this is the usual case of tech guys being embarrassed and humiliated by the
>> legal guys. I just cannot see how the people who did Cenzic's tech research
>> that led to this inferior patent would stand up to lawsuits against peers.
>> Maybe I'm wrong.
>>
>> For me this drives Free Software. Patent lawsuits tell me that if you
>> invent something, publish it freely and establish prior art asap. We have to
>> get out of this 20th century mentality of owning thoughts. Build and
>> maintain an abundance mentality. Do good and good will come.
>>
>> Imagine the investments Cenzic will have to do to establish their brand
>> again. #fail
>>
>>    Regards, John
>>
>>
>> 2011/2/27 Hoyt LLC <h02332 at gmail.com>
>>
>> Hello and Good Day-
>>>
>>> First off, an intro, David Hoyt, OWASP-Vermont.. a new chapter... with a
>>> hello to all owasp-leaders.
>>>
>>> Second. I have attorneys on staff and will donate time and resources with
>>> respect to the patent infringement issues being investigated.
>>>
>>> I'll get on the correct list and look forward to help in any way
>>> possible.
>>>
>>> Best;
>>>
>>> David
>>>
>>>
>>>
>>>
>>> On Sat, Feb 26, 2011 at 23:25, Jim Manico <jim.manico at owasp.org> wrote:
>>>
>>>> Tim,
>>>>
>>>> We already have https://lists.owasp.org/mailman/listinfo/owasp-legalset
>>>> up. It's been dead for a while but I think its a good place to encourage
>>>> lawyers who wish to donate time to congregate and chat about relevant
>>>> appsec legal issues.
>>>>
>>>> I'm eager to get this rolling. Let me know how I can help. I know of at
>>>> least 3 lawyers in the OWASP community who would jump in.
>>>>
>>>> - Jim
>>>>
>>>> > Hi Jim,
>>>> >
>>>> > Yes, you're right, we don't need board's permission. I have asked my
>>>> friend
>>>> > to see if he can point me to a patent lawyer who can help receive the
>>>> patent
>>>> > on pro bono basis.
>>>> >
>>>> > We will need board's signature later and we do need to coordinate so
>>>> that
>>>> > OWASP is not pursuing redundant efforts or conflicting strategies.
>>>> Perhaps
>>>> > Jim and I can coordinate these efforts.
>>>> >
>>>> > I will also ask legal counsel at work to see if they know any lawyer
>>>> > interested to work for a non profit on pro bono basis. I will talk to
>>>> > Mandeep offline to see how likely they will want to license us the
>>>> patent
>>>> > and how to proceed.
>>>> >
>>>> > Leaders, let us know if you have any thoughts/input on OWASP licensing
>>>> the
>>>> > patent in question.
>>>> >
>>>> > Tin
>>>> >
>>>> > On Sat, Feb 19, 2011 at 3:39 PM, Jim Manico <jim.manico at owasp.org>
>>>> wrote:
>>>> >
>>>> >> We do not need the boards approval, as Jeff has pointed out many
>>>> times.
>>>> >> Let's get a few lawyers together who are kind enough to do this for
>>>> free.
>>>> >>
>>>> >> It would be a gift if these lawyers would professionally research
>>>> this
>>>> >> issue and inform OWASP of their opinion over this matter.
>>>> >>
>>>> >> Go for it, and I'll offer to coordinate these efforts if no one else
>>>> steps
>>>> >> up.
>>>> >>
>>>> >> -Jim Manico
>>>> >> http://manico.net
>>>> >>
>>>> >> On Feb 19, 2011, at 2:01 PM, Tin Zaw <tin.zaw at owasp.org> wrote:
>>>> >>
>>>> >> Hi Abe,
>>>> >>
>>>> >> Thank you for pointing out a couple of important points -- OWASP may
>>>> be at
>>>> >> risk on patent infringement and OWASP needs to consult with a lawyer.
>>>> >>
>>>> >> There is a possibility that Cenzic will license the patent in
>>>> question to
>>>> >> OWASP, free of charge. They can't publicly comment as they are in the
>>>> middle
>>>> >> of a law suit, so this is a situation that our lawyers need to talk
>>>> to their
>>>> >> lawyers on getting the patent license.
>>>> >>
>>>> >> I believe we can, as OWASP leaders, seek out a lawyer who is
>>>> interested in
>>>> >> this case on pro bono basis and introduce to the board. The board
>>>> should
>>>> >> take it from there.
>>>> >>
>>>> >> I can contact a friend of mine who is a patent law professor to see
>>>> if any
>>>> >> lawyer interested to represent OWASP on pro bono. I don't want to
>>>> duplicate
>>>> >> the effort though, if the board has its own plans underway.
>>>> >>
>>>> >> What does the board think?
>>>> >>
>>>> >> Thanks.
>>>> >>
>>>> >> On Sat, Feb 19, 2011 at 8:48 AM, Abraham Kang < <
>>>> abraham.kang at owasp.org>
>>>> >> abraham.kang at owasp.org> wrote:
>>>> >>
>>>> >>> I forgot to mention that many law firms are required to do pro bono
>>>> work.
>>>> >>> OWASP being a non-profit might qualify for free legal advice.
>>>> >>>
>>>> >>> If someone can give me authorization (to be OWASP's agent in this
>>>> >>> matter) I can try try to contact some law firms to see if they would
>>>> be
>>>> >>> willing to help us out.
>>>> >>> Regards,
>>>> >>> Abe
>>>> >>> On Fri, Feb 18, 2011 at 4:21 PM, Abraham Kang < <
>>>> abraham.kang at owasp.org>
>>>> >>> abraham.kang at owasp.org> wrote:
>>>> >>>
>>>> >>>> DISCLAIMER:  I am not a lawyer.  OWASP needs to seek council of a
>>>> >>>> licensed attorney.  Any opinions stated here are of a student from
>>>> an
>>>> >>>> academic perspective.
>>>> >>>>
>>>> >>>> After reviewing all of the comments.
>>>> >>>>
>>>> >>>> I have a strong feeling that the companies that are being sued will
>>>> be
>>>> >>>> putting forth the corresponding arguements to fight the Cenzic
>>>> patent.
>>>> >>>>
>>>> >>>> Patent defense is usually a costly endeavor (legal fees, experts,
>>>> etc.).
>>>> >>>> I feel that OWASP should stay out of the fight against the Cenzic
>>>> patent.
>>>> >>>>
>>>> >>>> However, it should be noted that if OWASP knows of Cenzic's patent
>>>> and
>>>> >>>> understands that some of their products may infringe, OWASP could
>>>> become a
>>>> >>>> willful infringer. Which would result in enhanced damages if sued.
>>>> >>>>
>>>> >>>> I think it would be a good idea for someone at OWASP to contact
>>>> legal
>>>> >>>> council at Cenzic.  In addition, it might be a good idea to freeze
>>>> all work
>>>> >>>> on possibly infringing OWASP projects as well as stopping
>>>> distriubtion of
>>>> >>>> potentially infringing products.
>>>> >>>>
>>>> >>>> Again, OWASP needs to contact a licensed attorney to understand all
>>>> of
>>>> >>>> the implications of the Cenzic patent.
>>>> >>>>
>>>> >>>> Regards,
>>>> >>>> Abe
>>>> >>>>   On Fri, Feb 18, 2011 at 1:58 PM, Jim Manico < <
>>>> jim.manico at owasp.org>
>>>> >>>> jim.manico at owasp.org> wrote:
>>>> >>>>
>>>> >>>>> >From an "almost Lawyer"
>>>> >>>>>
>>>> >>>>> ****
>>>> >>>>>
>>>> >>>>> First I want to preface this with a disclaimer.  Although I have
>>>> >>>>> graduated
>>>> >>>>> from Lincoln Law School of San Jose.  I am not a lawyer.  To get
>>>> >>>>> adequate
>>>> >>>>> advice I recommend seeking council of a licensed attorney.
>>>> >>>>>
>>>> >>>>> After skimming the MPEP, there are two direct means to challenge a
>>>> >>>>> patent.
>>>> >>>>> Inter parte and ex parte reexamination.  Prior art is used as
>>>> evidence
>>>> >>>>> that
>>>> >>>>> claims in a patent invalid due to novelty, non-obviousness, or
>>>> violated
>>>> >>>>> a
>>>> >>>>> statuory bar.  Prior art in reexaminations is limited to prior
>>>> patents
>>>> >>>>> or
>>>> >>>>> printed publications.  There are also specific procedures which
>>>> need to
>>>> >>>>> be
>>>> >>>>> followed when submitting prior art including serving the patent
>>>> holder
>>>> >>>>> with
>>>> >>>>> a copy of the prior art.
>>>> >>>>>
>>>> >>>>> The specific details are in MPEP section 2200-.
>>>> >>>>>
>>>> >>>>> It probably would be a good idea to gather as much prior art using
>>>> the
>>>> >>>>> "community" before making the formal request for inter parte or ex
>>>> parte
>>>> >>>>> reexamination.
>>>> >>>>>
>>>> >>>>>
>>>> >>>>>
>>>> >>>>>> Funny old world.....
>>>> >>>>>>
>>>> >>>>>> Sent from my HTC hero.
>>>> >>>>>>
>>>> >>>>>> owasp board member
>>>> >>>>>>
>>>> >>>>>> On 18 Feb 2011 15:14, "Mark Curphey" < <mark at curphey.com>
>>>> >>>>> mark at curphey.com> wrote:
>>>> >>>>>>
>>>> >>>>>>  Pure FYI and not that it has any relevance whatsoever to this
>>>> but
>>>> >>>>> cenzic
>>>> >>>>>> was founded by HB Gary (Penny and Greg). Hmmmm.
>>>> >>>>>>
>>>> >>>>>> Sent from my Phone
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>> On Feb 18, 2011, at 4:30 AM, "Eoin" < <eoin.keary at owasp.org>
>>>> >>>>> eoin.keary at owasp.org> wrote:
>>>> >>>>>>
>>>> >>>>>>> Who on the list uses Cenzic?
>>>> >>>>>> ...
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>  > _______________________________________________
>>>> >>>>>> OWASP-Leaders mailing list
>>>> >>>>>> <OWASP-Leaders at lists.owasp.org>OWASP-Leaders at lists.owasp.org
>>>> >>>>>> <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>>>> >>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> >>>>>
>>>> >>>>> _______________________________________________
>>>> >>>>> OWASP-Leaders mailing list
>>>> >>>>> <OWASP-Leaders at lists.owasp.org>OWASP-Leaders at lists.owasp.org
>>>> >>>>> <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>>>> >>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> >>>>>
>>>> >>>>
>>>> >>>>
>>>> >>>
>>>> >>> _______________________________________________
>>>> >>> OWASP-Leaders mailing list
>>>> >>>  <OWASP-Leaders at lists.owasp.org>OWASP-Leaders at lists.owasp.org
>>>> >>>  <https://lists.owasp.org/mailman/listinfo/owasp-leaders>
>>>> >>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> >>>
>>>> >>>
>>>> >>
>>>> >>
>>>> >> --
>>>> >> Tin Zaw, CISSP, CSSLP
>>>> >> Chapter Leader and President, OWASP Los Angeles Chapter<
>>>> http://www.owaspla.org/>
>>>> >> Chair, OWASP Global Chapter Committee<
>>>> http://www.owasp.org/index.php/Global_Chapter_Committee>|
>>>> >> Google Voice: (213) 973-9295
>>>> >> LinkedIn: <http://www.linkedin.com/in/tinzaw>
>>>> >> http://www.linkedin.com/in/tinzaw
>>>> >>
>>>> >>  _______________________________________________
>>>> >> OWASP-Leaders mailing list
>>>> >> OWASP-Leaders at lists.owasp.org
>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> >>
>>>> >>
>>>> >> _______________________________________________
>>>> >> OWASP-Leaders mailing list
>>>> >> OWASP-Leaders at lists.owasp.org
>>>> >> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>> >>
>>>> >>
>>>> >
>>>> >
>>>>
>>>> _______________________________________________
>>>> OWASP-Leaders mailing list
>>>> OWASP-Leaders at lists.owasp.org
>>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>>
>>>
>>>
>>> _______________________________________________
>>> OWASP-Leaders mailing list
>>> OWASP-Leaders at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>>
>>>
>>
>>
>> --
>> John Wilander, https://twitter.com/johnwilander
>> Chapter co-leader OWASP Sweden, http://owaspsweden.blogspot.com
>> Conf Comm, http://www.owasp.org/index.php/Global_Conferences_Committee<http://owaspsweden.blogspot.com>
>>
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Tin Zaw, CISSP, CSSLP
Chapter Leader and President, OWASP Los Angeles Chapter<http://www.owaspla.org/>
Chair, OWASP Global Chapter
Committee<http://www.owasp.org/index.php/Global_Chapter_Committee>

Google Voice: (213) 973-9295
LinkedIn: http://www.linkedin.com/in/tinzaw
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110228/424083ab/attachment-0001.html 


More information about the OWASP-Leaders mailing list