Patent Patches

["Dude VanWinkle" <dudevanwinkle () gmail com>]

Man, If only I owned the rights for the patch for MS-03-036! :-)


=== IN FOCUS: Security Fixes to Be Patented ====================
 by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Finding security vulnerabilities can sometimes be a tough, thankless
job. But that might be about to change when people start patenting
security fixes.

Researchers spend untold amounts of time finding vulnerabilities, and
in the somewhat distant past, there was no reward for that effort other
than a possible public acknowledgment from the vendor whose product
contained the vulnerability and the satisfaction of knowing that yet
another security hole was closed, which benefits everyone who uses the
product.

Then came companies such as 3Com and iDefense, which began paying for
vulnerability information. Discoverers receive cash for their hard
work, and 3Com and iDefense earn income too by selling the information
to their network of customers in one fashion or another.

Now, yet another dimension is about to be added to the mix. In the
latest evolution of vulnerability discovery, a company called
Intellectual Weapons is offering to work with researchers to develop
fixes for security vulnerabilities and then patent those fixes.

Intellectual Weapons would then be in a position to license or sell the
patent to vendors that need it. Of course, marketing a patent also
requires aggressive enforcement of the patent, and the company says it
does expect "major battles," which might occur when someone else
discovers the same vulnerability or when a vendor designs around the
intellectual property in the patent.

The company says that it would give the discoverer 50 percent of any
income generated by the patent. So how much does Intellectual Weapons
intend to charge a vendor for some form of rights to the patents it
obtains? According to a published FAQ, "The vendor [will be] asked to
pay something close to the true value of the vulnerability, i.e. the
cost to them if it goes unchecked." Exactly how that cost will be
measured remains to be seen.

In developing this concept into a business, Intellectual Weapons
obviously saw gigantic dollar signs. The company cites numerous
instances in which small companies have gained millions of dollars
through patent infringement litigation. For example, according to
Intellectual Weapons, Eolas won $520 million and Stac Electronics won
$120 million from Microsoft.

Clearly, there is big money to be made through patenting inventions,
and I suspect that money is Intellectual Weapons' primary motive. I
think the company name speaks pretty loudly. I also think that what the
company is doing might change the patent process to some extent, if
only to set some significant legal precedents over time. Furthermore,
it could instigate other companies who routinely provide temporary
third-party fixes to patent their methodology too, or even cause such
companies to stop providing such fixes. Overall, something about this
entire idea bothers me.

To read more about Intellectual Weapons' proposed plan of operation
visit the URL below.
 http://list.windowsitpro.com/t?ctl=5A024:57B62BBB09A6927949837399EDFFF4AC

----------------------------------------

-JP<who has just applied for a patent on the idea of patenting ideas>
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.