[ISN] Security Firm Strikes Back At Cenzic Patent Lawsuit Threat

From: InfoSec News <alerts_at_private>
Date: Fri, 25 Feb 2011 01:26:24 -0600 (CST)
http://www.darkreading.com/vulnerability-management/167901026/security/vulnerabilities/229219381/security-firm-strikes-back-at-cenzic-patent-lawsuit-threat.html

By Kelly Jackson Higgins
Darkreading 
Feb 24, 2011

Cenzic is back on the legal warpath with another patent infringement 
lawsuit filed against a security company over Cenzic's patented "fault 
injection methods" technology. But this time the target of the lawsuit 
is challenging the validity of the patent.

NT Objectives, a small Web application scanning vendor, on Feb. 14 filed 
a lawsuit in the U.S. District Court in the Central District of 
California for a declaratory judgment of noninfringement, calling the 
patent invalid and unenforceable after Cenzic threatened litigation. 
Cenzic claims its patent, awarded in 2007, gives it exclusive rights to 
use the technology, and that after making "good faith attempts to 
resolve issues amicably" with NT Objectives, it decided to file a 
lawsuit late last week.

This isn't the first time Cenzic has sued a security firm over the use 
of this Web application vulnerability scanning technology: In August 
2007, Cenzic filed a patent infringement suit against SPI Dyamics, which 
HP was in the process of acquiring. The suit put Web application 
security vendors and penetration testers on alert, and several hackers 
associated with the sla.ckers.org site demonstrated their displeasure 
with the patent at the time by exposing cross-site scripting flaws in 
Cenzic's website. HP later settled with Cenzic by signing a 
cross-licensing agreement. IBM also signed such an agreement nearly two 
years later with Cenzic.

At the heart of the Cenzic patent dispute is the so-called "prior art": 
Security experts argue that there are already some fault-injection tools 
that were released in the 2000-2001 time frame, well before Cenzic first 
filed for its patent, which would basically render the so-called Patent 
232 moot. And critics say the patent is far too broad, covering the 
day-to-day tasks of most security scanners, penetration testing tools, 
and even that of the penetration testers themselves.

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Thu Feb 24 2011 - 23:26:24 PST

This archive was generated by hypermail 2.2.0 : Thu Feb 24 2011 - 23:36:03 PST