funsec mailing list archives
Patent Patches
From: "Dude VanWinkle" <dudevanwinkle () gmail com>
Date: Thu, 14 Jun 2007 21:50:17 -0400
Man, If only I owned the rights for the patch for MS-03-036! :-) === IN FOCUS: Security Fixes to Be Patented ==================== by Mark Joseph Edwards, News Editor, mark at ntsecurity / net Finding security vulnerabilities can sometimes be a tough, thankless job. But that might be about to change when people start patenting security fixes. Researchers spend untold amounts of time finding vulnerabilities, and in the somewhat distant past, there was no reward for that effort other than a possible public acknowledgment from the vendor whose product contained the vulnerability and the satisfaction of knowing that yet another security hole was closed, which benefits everyone who uses the product. Then came companies such as 3Com and iDefense, which began paying for vulnerability information. Discoverers receive cash for their hard work, and 3Com and iDefense earn income too by selling the information to their network of customers in one fashion or another. Now, yet another dimension is about to be added to the mix. In the latest evolution of vulnerability discovery, a company called Intellectual Weapons is offering to work with researchers to develop fixes for security vulnerabilities and then patent those fixes. Intellectual Weapons would then be in a position to license or sell the patent to vendors that need it. Of course, marketing a patent also requires aggressive enforcement of the patent, and the company says it does expect "major battles," which might occur when someone else discovers the same vulnerability or when a vendor designs around the intellectual property in the patent. The company says that it would give the discoverer 50 percent of any income generated by the patent. So how much does Intellectual Weapons intend to charge a vendor for some form of rights to the patents it obtains? According to a published FAQ, "The vendor [will be] asked to pay something close to the true value of the vulnerability, i.e. the cost to them if it goes unchecked." Exactly how that cost will be measured remains to be seen. In developing this concept into a business, Intellectual Weapons obviously saw gigantic dollar signs. The company cites numerous instances in which small companies have gained millions of dollars through patent infringement litigation. For example, according to Intellectual Weapons, Eolas won $520 million and Stac Electronics won $120 million from Microsoft. Clearly, there is big money to be made through patenting inventions, and I suspect that money is Intellectual Weapons' primary motive. I think the company name speaks pretty loudly. I also think that what the company is doing might change the patent process to some extent, if only to set some significant legal precedents over time. Furthermore, it could instigate other companies who routinely provide temporary third-party fixes to patent their methodology too, or even cause such companies to stop providing such fixes. Overall, something about this entire idea bothers me. To read more about Intellectual Weapons' proposed plan of operation visit the URL below. http://list.windowsitpro.com/t?ctl=5A024:57B62BBB09A6927949837399EDFFF4AC ---------------------------------------- -JP<who has just applied for a patent on the idea of patenting ideas> _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Patent Patches Dude VanWinkle (Jun 14)