Home arrow Blog arrow News arrow In The News: Week of Feb 21st

 
Home
Cenzic Invented Fault Injection?!
Month of Prior Art
Cenzic-vs-NTO
Blog
News/Blog Coverage
Patent Fighters
Advanced Search
Contact Us
FAQ
In The News: Week of Feb 21st PDF Print E-mail
Written by Enrique A. Sanchez Montellano   
Feb 24, 2011 at 03:49 PM

This week has started to show that the community is responding to our call.

There are 3 stories from this week

  • OWASP - Has it Reached a Tipping Point?: The founder of OWASP, Mark Curphey, posted something of a rant about the current state of OWASP and part of the discussion about Ethics is centered around the Cenzic 232 patent issue.

    From the article:
    "This is a firm that was founded by the same people that founded HB Gary. Yes the same firm that has been exposed to have been plotting a campaign to discredit wiki-leaks. Cenzic also have a patent for web fuzzing. Now I am not a lawyer but this patent appears that it could be applied against OWASP projects like WebScarab at any time. This is the same firm that used to claim in their marketing that they scan for the OWASP Top Ten. Thats right using HTTP they scanned for insecure crypto! These are my personal opinion but this is not a firm with good ethics yet is actively involved in OWASP."

  • The Curious Case Of Patent 232: Alan Shimel has written this article for Network World this week, where he referenced this site and discussed the story of Cenzic going after NTO and the wider implications.

    From the article:
    "But lets be clear this patent goes well beyond NT Objectives and even web application scanners. Many think this patent can apply to any vulnerability type scanner like those used by Qualys, Rapid 7, Metasploit, etc. This could have a major impact on the industry."

  • Security Firm Strikes Back At Cenzic Patent Lawsuit Threat: This article was posted minutes ago on DarkReading which details alot of the problems with the broad nature of the patent.

    From the article:
    "According to a penetration tester familiar with the case who requested anonymity, the way the patent is written it could even apply to SQL injection and cross-site scripting attacks or pen-tests. It could apply to any products that execute these techniques for bypassing normal security routines. "Even when I do this manually -- it would apply. So as a pen-tester, I couldn't do that" according to the lawsuit, the source says."

There has also been a discussion going on in the OWASP mailing list about this, and I think Rogan Dawes quote was great.

User Comments

Please login or register to add comments
Last Updated ( Apr 07, 2011 at 06:39 PM )
<Previous

Mambo is Free Software released under the GNU/GPL License.