"A patent infringement lawsuit recently filed by Cenzic against SPI
Dynamics has Web application security companies and researchers on
edge.
If successful, the suit — which centers around Cenzic's
patent on a Web application vulnerability scanning technology — could
mean trouble for other scanner vendors, as well as researchers who
develop scanning techniques.
Cenzic, which in June was awarded a patent for its so-called
"fault injection" technology, is going after SPI Dynamics — now a part
of Hewlett-Packard — for using fault injection in SPI's line of Web
application scanner products. But Cenzic's patent had previously
stirred the ire of researchers, including white-hat hackers on the
sla.ckers.org site, some of whom demonstrated their displeasure by
revealing cross-site scripting bugs in Cenzic's own Website.
Web applications are considered the biggest bull's eye for
attackers these days — experts estimate that 70 to 80 percent of all
Websites harbor app bugs. And because applications are proprietary,
many app security researchers are often afraid to report a bug on a
Website, even if they come across it accidentally. (See Laws Threaten
Security Researchers.)
Critics argue that Cenzic's patent has no merit, because other
technologies doing much the same thing have been around for several
years. But they say they worry that if HP/SPI loses the case, the
outcome would set a dangerous precedent. "
I pointed out this patent a few months ago when it was issued and made a few comments about the stupidity of it.
Paper Link: http://www.darkreading.com/document.asp?doc_id=132138&WT.svl=news1_1
