Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Company Aims To Patent Security Patches

kdawson posted more than 7 years ago | from the winner-of-the-race-to-the-bottom dept.

Patents 182

Jonas Maebe writes "Someone thought up another way to profiteer from the software patent system: when a security hole is discovered, they'll try to patent the fix in order to collect money when the affected vendors close the hole in their product. The company in question is not shy about its intentions: Intellectual Weapons will only consider vulnerabilities in high-profile products from vendors with deep pockets. Let's be thankful for yet another way software patents are used to promote science and the useful arts."

Sorry! There are no comments related to the filter you selected.

Stunning (2, Funny)

frinkacheese (790787) | more than 7 years ago | (#19435681)

Only in America dudes.. Oh wait!

Re:Stunning (2)

dpninerSLASH (969464) | more than 7 years ago | (#19436133)

As nonsensical as the U.S. Patent Office can appear, they will never fall for this. This is a non-starter.

Re:Stunning (4, Insightful)

tomhudson (43916) | more than 7 years ago | (#19436331)

Even if the USPTO does, it won't matter:

"... the system takes, on average, seven years to churn out a new patent. The vendor has to have deep pockets so it can pay damages, and your solution has to be simple enough to be explained to a jury."

So,not to be TOO obvious, but ...

  1. by the time they patent it, it will be obsolete;
  2. if its simple enough to explain to a jury, it may be too simple to patent (patents have to be for non-obvious inventions);
  3. looks like free/libre software gets a free ride (target must have deep pockets).

Isn't it funny how one of the biggest patent trolls [microsoft.com] sounds custom-made as the target.

This is WONDERFUL! (1)

cryptoguy (876410) | more than 7 years ago | (#19436601)

If this doesn't lead to change in patent law, nothing will.

Idiots (3, Informative)

Zeinfeld (263942) | more than 7 years ago | (#19435691)

Not only is it certain that the fix would fail to meet the obviousness standard it will be five years before they have a patent issued.

Suing companies for five year old infringements is not going to work too well.

Moreover this type of behavior is exactly the type of action Congress might find sufficiently indefensible to act on patent law.

Re:Idiots (2, Interesting)

endianx (1006895) | more than 7 years ago | (#19435701)

Can't you sue while your patent is still "pending"?

Re:Idiots (2, Interesting)

morgan_greywolf (835522) | more than 7 years ago | (#19435769)

Yes. (IANAL) That's exactly what they'll do -- sue while the patent is pending. It's often cheaper to pay someone off than it is to go to court -- even MSFT has paid off patent trolls to avoid a court battle.

Royalties (1)

Venner (59051) | more than 7 years ago | (#19436125)

You can give the potential infringer notice that you have a patent application pending that covers their 'invention.' If they don't stop once you give notice, then you can collect 'reasonable royalties' from the time of your notice to them until your patent actually issues - if your patent issues. (What in the world would be 'reasonable royalties' in this case, btw? Damned if I know.) After it the patent issues, you have the normal patent remedies. Damages + a permanent injunction (which is thankfully not certain anymore. The Federal Circuit has actually been using the SCOTUS' guidelines in last year's eBay case and not automagically granting injunctive relief.)

Re:Idiots (2, Insightful)

Don_dumb (927108) | more than 7 years ago | (#19435719)

No software patents and you dont have this nonsense. I hope the EU sticks to its guns on software patents. . . . we still no have software patents, don't we?

Re:Idiots (2, Informative)

richie2000 (159732) | more than 7 years ago | (#19435941)

I hope the EU sticks to its guns on software patents. . . . we still no have software patents, don't we?
If by "no" you mean in the range of 30-40 000 of them, sure, we have no software patents in the EU. http://www.nosoftwarepatents.com/en/m/untruths/mot her.html [nosoftwarepatents.com]

Re:Idiots (0)

Anonymous Coward | more than 7 years ago | (#19435963)

. . . we still no have software patents, don't we?

It's a bit more complicated thatn that. Some indivdual EU nations issue software patents but there is no EU wide recogition, and I'm not aware of any pure software patents being upheld in any of the EU nations.

From MS v. ATT (2, Interesting)

Lockejaw (955650) | more than 7 years ago | (#19436709)

we still no have software patents, don't we?
"You can't patent on-off on-off code in the abstract, can you?"
-- Scalia

"I take it that we are operating under the assumption that software is patentable? We have never held that in this Court, have we?"
-- Breyer

The Supreme Court on the whole also seems leery of the idea that software is patentable, but they can't rule on it until they hear a case where patentability of software is disputed.

(IANAL)

Re:Idiots (1)

Rogerborg (306625) | more than 7 years ago | (#19435723)

Au contraire; you can charge people for your patent from the instant that you file it, and collect the money retroactively if and when it's granted. Since these parasites have no other business, there's little point in any individual company fighting them over this. They'll get their Danegeld, make no mistake about it. [wikipedia.org]

Re:Idiots (1)

edward2020 (985450) | more than 7 years ago | (#19436425)

I can also charge you for interacting with you in a public forum - but that doesn't mean you're going to pay.

Re:Idiots (1)

Zeinfeld (263942) | more than 7 years ago | (#19436515)

Au contraire; you can charge people for your patent from the instant that you file it, and collect the money retroactively if and when it's granted. Since these parasites have no other business, there's little point in any individual company fighting them over this. They'll get their Danegeld, make no mistake about it.

You can only collect retroactive royalties if your patent is granted. Buffer overrun bugs have been known for decades, as have all the methods of patching them. Removing a security vulnerability is obvious by any stretch of the imagination.

It costs about $5 million to bring a patent suit. The chances are that no patent is going to issue in these cases and even if it does the manner in which they are being farmed makes it crystal clear that the idea here is obvious.

Most people with nuisance patents never see a dime. And that is all these patents are ever going to amount to.

I strongly suspect that this is a hoax and that the real intention here is to expose the stupidity of the patent system. If not they are going to find that their name provides a pretty good stick to beat them and patent trolls in general with.

Re:Idiots (0)

Anonymous Coward | more than 7 years ago | (#19435749)

but until then they will use the patent system against same big corporations that abuse it too, giving them a taste of their own medicine.

Re:Idiots (1)

Dunbal (464142) | more than 7 years ago | (#19435781)

but until then they will use the patent system against same big corporations that abuse it too, giving them a taste of their own medicine.

      Until a big corporation buys them. Ooops. Microsoft says - all your patches are belong to us.

Re:Idiots (2, Funny)

DigitalSorceress (156609) | more than 7 years ago | (#19435833)

"Moreover this type of behavior is exactly the type of action Congress might find sufficiently indefensible to act on patent law."

OOh, THAT would be a happy day indeed.

These guys are weasels, through and through, but if it helps to bring down our Evil Patent Overlords...

Go scumbags, go scumbags, yaaaaaaaay SCUMBAGS!

Re:Idiots (1)

Mateo_LeFou (859634) | more than 7 years ago | (#19436403)

"OOh, THAT would be a happy day indeed."

Yeah, but the 95 following days would suck, as the BSA and everyone else with a vested interest in software patents lobbies the fsck out of the Congress and waters down patent reform until it poses no threat to the file-and-sue business model.

Re:Idiots (1)

Zeinfeld (263942) | more than 7 years ago | (#19436591)

Yeah, but the 95 following days would suck, as the BSA and everyone else with a vested interest in software patents lobbies the fsck out of the Congress and waters down patent reform until it poses no threat to the file-and-sue business model.

Apart from IBM, Texas Instruments and possibly HP everyone in the software field spends vastly more on patent licensing than they recover. Microsoft spends roughly three times as much as its licenses bring in.

IBM is somewhat different because they have the J.J. Watson labs which is essentially what the patent system was meant to support. Unfortunately there are not many examples of that type of lab. In history there have only really been three or four depending on how you count. Edison's lab was the original and that arguably became Bell labs. There was Xerox Parc and there is J.J. Watson.

Re:Idiots (2, Insightful)

*weasel (174362) | more than 7 years ago | (#19436113)

Beyond that, it'd really only work with architectural security faults.
You can't go out and patent "IE, but without these four buffer overflows". So 'patches' aren't at risk.

Further, the concept of boxing in a software vendor with patents on architectural security improvements implies that these guys can cover a sufficiently wide range of improved architectural security implementations - which is far trickier and more expensive than the summary makes it sound. Particularly when you're trying to pin large corporations.

These stated targets (huge corporations) are exactly the ones who would easily sidestep these patents. (They're already doing similar things on a daily basis) Smaller companies who unknowingly invest in potentially infringing upgrades and simply can't afford to start over are really the only ones at risk from being pressured into a licensing agreement this way.

In the end, it's too late to sue and win with a patent covering "Software running in a sandbox". (I'd say it's too late to get that patent in the first place, but who knows anymore). So the ability of this to actually impact big business, even pursued malevolently with near-infinite resources, isn't that great.

Re:Idiots (1)

arivanov (12034) | more than 7 years ago | (#19436123)

Not necessarily. Some fixes can definitely meet the non-obviousness criteria. And looking for vulnerabilities which require non-obvious fixes and patenting them is a viable business model as well.

In fact, there is a well known precedent, when the icmp-tcp interaction and various windowing flaws in tcp implementations were discovered around 2001(IIRC) the fixes were brainstormed at IETF and a list of suggested fixes came out. And surprise, surprise it appeared that Cisco who had the worst list of flaws and was actively participating in devising workarounds for them was quietly trying to patent some of the fixes. IIRC, they backed down on that one due to for violation of disclosure requirements as well as severe industry pressure. What happened to them at the time does not apply to patent trolls. I do not quite see a troll backing down so easily.

don't worry (0, Flamebait)

Miguel de Icaza (660439) | more than 7 years ago | (#19435695)

you'll still be ble to get your patches from SUSE

A great idea (5, Interesting)

antoinjapan (450229) | more than 7 years ago | (#19435703)

I for one think this is a great idea. Nothing will speed up software patent reform faster than when companies are unable to fix bugs in their products without paying. On the flip side should they succeed with this companies may see better quality control leading to increased savings in the long run, giving us all stable software from the get go. It's win-win, race to the bottom I say, make haste.

Re:A great idea (4, Interesting)

madcow_bg (969477) | more than 7 years ago | (#19435945)

OTOH, just imagine the dialogue:
User: I want it fixed, now!
Company: No can't do, sir. We are prohibited by law to do this.

... and since the people does not control the legislators in the USA ...

Re:A great idea (1)

antoinjapan (450229) | more than 7 years ago | (#19435969)

User: I'm a US legislator, what god damn law?

Re:A great idea (1)

elrous0 (869638) | more than 7 years ago | (#19436175)

Company: Oh, a U.S. legislator! Well, in that case, we're going to sponsor a fundraiser for you that will get you $1 million in campaign contributions. Here's some unmarked cash to get you started.

Legislator: Do you want me to spit or swallow?

Re:A great idea (1)

Bruitist (987735) | more than 7 years ago | (#19435957)

Not to mention it'll make OSS even better, as it could be the only software that's able to be patched without this company jumping them. (This is assuming they won't go after OSS as a) it's not a big company and b) doing so might violate the GPL?)

You beat me to it! (0)

Anonymous Coward | more than 7 years ago | (#19435959)

I agree completely. I'm off to patent valuable sequences of mouse clicks and keystrokes.

Re:A great idea (1)

sg3000 (87992) | more than 7 years ago | (#19435979)

> I for one think this is a great idea. Nothing will speed up software patent reform faster than when companies are unable to fix bugs in their products
> without paying.

I don't think so. Companies will just change their EULA to say that if any bugs or security vulnerabilities are found, they should be reported to the originating company and not sold for profit. Then the Company can just say that any deal with Intellectual Weapons is a violation of the EULA.

Re:A great idea (1)

dnixon112 (663069) | more than 7 years ago | (#19435997)

Exactly my thoughts. We need more overt and belligerent patent abuse in order to move along software patent reform.

Re:A great idea (4, Insightful)

elrous0 (869638) | more than 7 years ago | (#19436097)

At this point, I don't think ANYTHING can fix the U.S. patent system. The U.S. patent office simply wasn't designed to handle the modern influx of very complex patents and patent claims. It simply can't scale to the size that it needs to be to actually review and police so many patents that are so complex in nature. So they've basically just thrown up their hands and said "Let the courts work it out."

The problem with "Let the courts work it out" is that it effectively stifles the "little guy," the small company or inventor without the significant financial resources to defend his inventions in court. Any given invention or innovation today might step on dozens of vague existing patents. This has the very real effect of stifling the very innovation and invention that the patent system was designed to PROTECT, and of restricting what innovation and invention there *is* to large mega-corps that can afford to defend against multiple patent lawsuits.

Don't believe it? Just take Linux as an example. MS can afford to essentially outlaw Linux if they wanted to (only the public backlash is holding them back). And, even if every one of their patent claims against Linux is bogus, who's going to step up to the plate and put up the millions of $ needed to defend it against an avalanche of MS patent lawsuits?

Re:A great idea (2)

Threni (635302) | more than 7 years ago | (#19436721)

> The problem with "Let the courts work it out" is that it effectively stifles the "little guy," the small company or inventor without
> the significant financial resources to defend his inventions in court.

This is no different than the guy who wants to make a living writing books, music, programs, making films etc. You need a lot of money to do anything nowadays, and you're totally vulnerable to big companies who can step in at the last minute and smother you with paperwork, threats of legal action and/or legal action. Why would this be fixed in the unsexy arena of software patents when it's not been so much as challenged in other areas?

Re:A great idea (1)

suv4x4 (956391) | more than 7 years ago | (#19436859)

The U.S. patent office simply wasn't designed to handle the modern influx of very complex patents and patent claims. It simply can't scale to the size that it needs to be to actually review and police so many patents that are so complex in nature. So they've basically just thrown up their hands and said "Let the courts work it out."

That's not true at all. Nobody has thrown up their hands about it, they ARE trying to get as many patents approved as possible, since this is what they get paid to do and the system encourages approving anything that falls in their sight.

Those processes are macro processes, for this reason you can't blame the people, as some other posters said. USPTO are not "stupid", they are just poorly designed for the current situation.

If they were split in two, one fraction getting paid to approve patents, and one getting paid to reject them based on obviousness or other reasons, we'd see instantly a much better balance of the content being approved.

The "complex in nature patents"... this I don't buy at all. The patents we're complaining about are exactly the most obvious and simple things one could imagine. One click shopping? Three column interface? How is this complex.

The USPTO right now is like a system where the client (patent submitter) has a bunch of lawyers, some of them working in the court itself, and there are exactly zero prosecutors. There's no balance of interests.

Re:A great idea aka ridiculouser and ridiculouser (3, Insightful)

asliarun (636603) | more than 7 years ago | (#19436117)

I agree with you wholeheartedly, but from the slightly different perspective. Things like the patent system (or DRM or privacy issues) have become so illogical that there's no way an average person can fight against the system by sane and normal means such as lawsuits, petitions, or elections. The most effective way to get rid of these stupid laws, IMHO, is by making sure that they self-destruct, i.e. become utterly ridiculous in the eyes of the media and the public. So, rejoice when people start filing patents for their navel lint or nasal hair structure. Chuckle gleefully when DRM softwares start taking people's system and create massive security holes. Cackle manically if some wiseguy sues McD for kaching-illion dollars because their "Happy Meal" didn't exactly make him happy. For remember, the candle burneth brightest before it dies out, to rehash a hoary saw. Or at least, we hope.

Exactly (1)

p3d0 (42270) | more than 7 years ago | (#19436357)

You beat me to it.

tut. (4, Interesting)

joe 155 (937621) | more than 7 years ago | (#19435707)

But they would need to be really fast to get the application in, and it would surely need not to mention the actual product, right? Because if they said "a method for preventing a macro hole in Word from executing", or something, wouldn't MS be able to sue on the grounds of reverse engineering/ copyright/ their own patents.

I kinda feel that this wouldn't really be practical.

Re:tut. (1)

maxwell demon (590494) | more than 7 years ago | (#19435793)

Maybe they plan to use a more active policy: Examine those products for not yet known vulnerabilitites, find out the ways those might get fixed, patent all viable methods, then tell the company about the vulnerabilities.

Re:tut. (1)

Antique Geekmeister (740220) | more than 7 years ago | (#19435923)

Not really. There has to be a quick *patent application*. Violations of the patent date from the submission of the patent. If the fix was applied before the patent was applied, that would be prior art. The patent system recognizes that patents can be violated while the patent is pending, and that the vioilation can be addressed after the patent is finally granted. (I say this as someone who's helped establish prior art and helped establish that similar technologies are not described by the same patent, not as a lawyer.)

Re:tut. (1)

PhireN (916388) | more than 7 years ago | (#19436227)

I think the idea is to find the vulnerability way before anyone else. From the article:

Intellectual Weapons is offering to accept vulnerabilities you've discovered, as long as you haven't told anyone else, haven't discovered the vulnerability through illegal means or have any legal responsibility to tell a vendor about the vulnerability.

UAC (4, Funny)

Anonymous Coward | more than 7 years ago | (#19435713)

You are being sued for patent infringement. Cancel or Allow?

Re:UAC (1)

Presto Vivace (882157) | more than 7 years ago | (#19435757)

You are being sued for patent infringement. Cancel or Allow? best take of all. It is difficult to dismiss the feeling that some patent lawyer snookered a client out of a fee. What are the chances of prevailing in such suit?

Re:UAC (1)

Fnord666 (889225) | more than 7 years ago | (#19435849)

is difficult to dismiss the feeling that some patent lawyer snookered a client out of a fee. What are the chances of prevailing in such suit?
No way to tell, but I'll bet the aforementioned lawyer is willing to put in as many hours as it takes, and then some, in the attempt.

Re:UAC (1)

Presto Vivace (882157) | more than 7 years ago | (#19436611)

I shouldn't wonder if you're right.

I hereby patent (1, Funny)

clickclickdrone (964164) | more than 7 years ago | (#19435725)

"A method of entering replies in to slashdot using a computer keyboard to generate alphanumeric characters which are used to create textural comments to a news item.". If *anyone* else says *anything* from now on, you have to pay me.

Re:I hereby patent (1)

tygerstripes (832644) | more than 7 years ago | (#19435785)

Curses! It's a good thing I'm commenting on your comment, and not on a news item. Otherwise I'd run the risk of being sued for every mod-point I've got.

By the way, this reply is copyrighted.

Re:I hereby patent (1)

clickclickdrone (964164) | more than 7 years ago | (#19435797)

Dammit, a gaping hole in my patent. I'm suing that pesky lawyer for incompetance, shifty eyes and drinking too much of my coffee.

Re:I hereby patent (1)

doesnothingwell (945891) | more than 7 years ago | (#19436311)

I patent the concept of infecting a computer system with a software virus. Oh damn! windows has prior art.

Re:I hereby patent (1)

SQLGuru (980662) | more than 7 years ago | (#19436485)

Besides, unless you were the fristy psot from the first news article (in the beta), then there are too many examples of prior art.

Layne

Re:I hereby patent (0)

Anonymous Coward | more than 7 years ago | (#19436229)

I still have my patent on 'breathing' from a /. of about a year ago.

Since I would like to keep posting on /., perhaps you would like to consider a Microsoft-type cross-patenting agreement?

Re:I hereby patent (1)

GuldKalle (1065310) | more than 7 years ago | (#19436387)

I have no numeric characters in my posts, you insensitive clod!

You can't patent something thats not yours (0)

Anonymous Coward | more than 7 years ago | (#19435727)

How are they going to patent security patches AFTER they are released ?

They would have to patent the security fixes before the vendor releases them otherwise its not theirs to patent. Even then the patent could only apply to their exact way to patch the security hole which would unlikely be exactly the same as the vendor will produce.

So they must be trying to patent security exploits BEFORE the companies release the patches, not afterward, otherwise they have nothing to patent. You can't download someones patch and then try to patent it, that's retarded.

Re:You can't patent something thats not yours (1)

laffer1 (701823) | more than 7 years ago | (#19435775)

They just have to guess what the patch will do. Remember the Amazon 1-click patent is not specific to an implementation. Its just the idea of 1-click with some obvious ground rules. The current patent system will allow stupid patents like this.

Re:You can't patent something thats not yours (1)

jshriverWVU (810740) | more than 7 years ago | (#19436285)

The way it works:

1.) Hacker find hole, and publishes it on well known website.
2.) Company B patents a way to solve hole.
3.) Company A patches it broken software
4.) Company B sues Company A
5.) Profit

Re:You can't patent something thats not yours (1)

jorenko (238937) | more than 7 years ago | (#19436429)

With a simple RTFA we reveal that the what you suggest is exactly what they're doing!

This is absurd (1)

sircastor (1051070) | more than 7 years ago | (#19435801)

I'm going to patent a method for accomplishing tasks on a computing device.

This just in (0)

Anonymous Coward | more than 7 years ago | (#19435809)

This just in, the patent system was severely broken by attemts of obtaining easy money by multiple companies. Unfortunately it cannot be fixed, as this would break several patents held by these companies, which are addressed to patching systems.

Be careful.. (1)

mulvane (692631) | more than 7 years ago | (#19435847)

To not EVER get successful or they will have ample reason to patent your holes to where you can't afford to fix em.

Don't Start Cheering Yet... (5, Insightful)

VE3OGG (1034632) | more than 7 years ago | (#19435853)

I know there are a lot of you out there saying: this is the kind of action that will spur congress to get off their deriere, but frankly, I can only see this as YANITC (yet another nail in the coffin).

We looked on in horror when the thought of software patents came up, and we said that surely no one would be dumb enough (or greedy enough) to do it. We were wrong...

Then there was Bezo's one-click patent and we shielded our eyes saying: the fireworks are going to start any time now... Again, however, the sky was clear and there we no signs of change on the horizon.

Then you had all the spurrious patents from SCO, Microsoft and IBM, and we thought, well maybe this time! However, as was before, so was then...

Then Microsoft threatened Linux and we said "they are running scarred!" and "no one would be dumb enough to..." They were, and they are. Not only that, but mere weeks later, you have several major contributors signing licensing deals to patent infringements that were never released. My God, that costs the companies money and they do nothing but bend over...

Today we got word of Bezo's expansion of the one-click patent, and on top of that the willingness of the USPTO to accept the patent with little to no effort. The USPTO, after all, has employees they have to pay...

And now you have this, and again we here individuals decrying the "end times" for software patents. No, that isn't going to happen. They are here to stay, because the system is working for its citizens in a very efficient way. It is just that we think that we are the citizens. Much like TV viewers or magazine subscribers think that they are the clients of the company. They aren't, they are the product.

We are the product and the consumer, but not the client of the government. The government is there to protect the interests of its citizens, it's just that its citizens have trademarked names. We have gone form Micro to Macro folks.

Indeed (1)

palladiate (1018086) | more than 7 years ago | (#19436029)

Excellent post. You are right, software patents aren't going anywhere. You will see more properties like this, where basic, everyday information is walled away from you. And as long as we allow congress to be bribed by lobbyists, this will continue to happen. Remember, what's good for GM is good for America. We have a long tradition of bending over for business interests.

Consider too, that many companies like Microsoft would love the chance to spend their research dollars on finding vital security holes in programs like Apache and Open Office, patenting them, and preventing anyone from releasing a patch. Don't think they wouldn't. This could be turned into a terrible weapon against the competition. You are not required by law to develop your patents, remember. Nor are you required to sell them if you do. Funny, the company name is Intellectual Weapons...

Re:Don't Start Cheering Yet... (1)

Oswald (235719) | more than 7 years ago | (#19436085)

Well, there is one small difference that may (or may not) turn out to be important. These guys are no more constituents (I'm taking liberty with your terminology) of the government than you and I are. As far as the real constituents--Microsoft/Amazon/IBM/etc.--are concerned, Intellectual Weapon are the barbarians at the gate of the city. And if the big boys manage to swat this bug, there are a hundred more waiting in the wings now that the way has been shown.

We can hope, anyway.

Yeah (1)

Colin Smith (2679) | more than 7 years ago | (#19436155)

But who do you have to blame?

 

Re:Don't Start Cheering Yet... (1)

SQLGuru (980662) | more than 7 years ago | (#19436551)

What everyone is failing to realize is that they can only patent new methods of patching....

If program Z has a bug that is fixed using some existing technique (buffer overruns where you add tighter bounds checking, maybe....fixing parameter verification with regular expressions....etc.), the patch can still go. The only time this will really matter is if the fix for the exploit involves a completely new and novel way of doing something.....and even then might require too much internal knowledge of the code to know how to create a patent that covers the fix (thus violating copyrights?).

Personally, I think that these guys haven't thought enough about this and are doomed to failure.

Layne

Re:Don't Start Cheering Yet... (1)

dpilot (134227) | more than 7 years ago | (#19436573)

The difference here is in WHO benefits and WHO is hurt.

Remember that this whole thing is being done by some small startup. Presumably they have only a venture capital budget, and no lobbyist presence, as of yet. Then remember that they're preparing to litigate against the likes of Microsoft, Sun, and IBM, all of who have real budgets and real lobbyist presences.

Whether the patent reform this engenders is the kind we'd like to see is a different question. But I'm sure this effort won't get off the starting blocks.

That is, unless there are players behind the scenes with both budgets and lobbyists, acting on their behalf.

Re:Don't Start Cheering Yet... (1)

Dusty00 (1106595) | more than 7 years ago | (#19436687)

There is a difference here that's worth noting. It is the citizens that are going to be hurt by this in the event that it's successful. Particularly as Microsoft is famous for it's vulnerability I really hope these guys do well. If the IP system can get just enough out of hand that it starts to really take a chunk out of the bottom line for the big players who've been supporting it, then we might see some change. I'm keeping my fingers crossed.

two can play at that game (0)

night_flyer (453866) | more than 7 years ago | (#19435859)

my patent will be on any system or method that can predict what the next patch will be required by any given software product.

Re:two can play at that game (1)

rs232 (849320) | more than 7 years ago | (#19435995)

"my patent will be on any system or method that can predict what the next patch will be required by any given software product"

I patent a method for writing a patent on a method that can predict what the next patch will be required by any given software product ..

IT's everywhere (2, Funny)

Danathar (267989) | more than 7 years ago | (#19435873)

Evil(TM/Copyright/Patent Pending) is spreading

Shouldn't this fail for a number of reasons? (1)

starseeker (141897) | more than 7 years ago | (#19435893)

If someone exploits a bug or flaw in a program's design (and just how does one define that in a precise enough fasion for a patent, anyway), I should think the most obvious thing in the world would be to fix the bug/flaw. HOW one fixes it is going to vary widely, from "opps that should have been +1 not -1" to "some guy at *UNIVERSITY* just found a new algorithm that cracks our protection, back to the drawing boards". A lot of fixes should fail instantly on the obviousness criteria - the attack itself often suggests a solution to one skilled in the art. I would hope such approaches would fail for other reasons, but I'm not an expert in patent law.

On the other hand, this behavior is so egregiously anti-social that even if it is currently legal it might actually prompt a response from lawmakers. (One plus to all this might be that research funding into security techniques and formal development methods might see a boost - attempt to influct death by starvation, so to speak.)

Contact Information (4, Funny)

Spy der Mann (805235) | more than 7 years ago | (#19435939)

contact@intellectualweapons.com
submit@intellectualweapons.com
apply@intellectualweapons.com

Now listen: do *NOT* post these e-mail addresses in public places, specially forums, you know how bad SPAM can get! ;-)

Re:Contact Information (1)

fractalVisionz (989785) | more than 7 years ago | (#19436511)

You forgot some: researchrefer@intellectualweapons.com infringement@intellectualweapons.com

Obviously fixable (0)

Anonymous Coward | more than 7 years ago | (#19435943)

Software vendors just need to apply for the patent first, for example when they write the flaw... ... and pay me first, of course, as I have just patented this.

sue for damages? (1)

liam193 (571414) | more than 7 years ago | (#19435953)

Assuming this organization gets off the ground, I wonder if there would be any grounds for a lawsuit against them for "damages sustained" while a vendor is arguing over the price for a fix. For example, if the vendor wished to create a fix for me but couldn't because this organization was giving them grief, could I or my customers sue because of losses sustained due to the vulnerability. What if the breached caused directly traceable bodily injury (someone breaking into a system used by law enforcement, health care, firefighters, etc.)? If this kind of suit is possible, I would think that a patent on the "fix" for something would be a risky business.

Here is a Tin-Foil Tangent Thought... (5, Insightful)

VE3OGG (1034632) | more than 7 years ago | (#19435973)

Has anyone noticed that patents may well be the farming and agriculture of the 21st century? Allow me to explain.

During the shift to urbanization, it was common for individuals to keep cattle, chickens, pigs and sheep in the city. The animals would be allowed to roam free and would then be captured and slaughter/sheered as was necessary. It was subsistence living in an urban environment where barter was VERY common.

However, as time went on, factories and other places of employment found that they couldn't get enough workers for the lower level jobs. Why would the poor go work there in a crappy environment, when they could breed their cattle and chickens for rent and food?

So these companies petitioned the government to disallow animals, citing disease and the cause (and to some degree, this was true, especially with large amounts of fecal matter in the city -- but then not everyone had plumbing either). This in turn caused people to starve and move to these companies to be paid in "money".

Now, however, we have patents. Patents force the little guy out of the market (let's face it, no individual can afford to beat MS, IBM, Monsanto, et al in a court where lawyers form 99.9% of your chances) Small companies are forced out of business and big companies get to take over. The small companies are the only real thorn in the side of the bigger ones as they might offer a product that revolutionizes the field, but ends up costing a major conglomerate billions to redevelop their products). So patents force them out of business, causing the owners to work for the mega-corp and thus give the mega-corp control.

Perhaps in a few years, everyone will be working for a mega-corp and that will define our identities. We are theirs after all...

Truely deserves to be called 'insightful' (1)

WarwickRyan (780794) | more than 7 years ago | (#19436139)

Excellent post.

Re:Here is a Tin-Foil Tangent Thought... (1)

evil_aar0n (1001515) | more than 7 years ago | (#19436719)

Oh, bud, you are _so_ screwed. You broke their code, exposed their secret, and now Agent Smith is going to pay you a visit.

Seriously, this makes a _lot_ of sense. I wonder if they actually sit around scheming things like this, or if it just happens this way. And if it just happens, why? What forces shape the market to turn out this way (and "economics, stupid" is an incomplete answer)?

Buffer overflows as prior art? (0)

Anonymous Coward | more than 7 years ago | (#19435975)

So when the majority of the bugfixes are as commonplace as could be (e.g. fail to sanitize input, buffer overflow, etc), can prior art arguments be made to nullify all of these "novel" discoveries?

EFF taking the piss again (0)

Anonymous Coward | more than 7 years ago | (#19435985)

This sounds like another EFF attempt to undermine the software patent system by exploiting the security holes in the patent office. I seem to remember they did something similar a while back using a DRM patent that could make all other DRM implementations illegal. The irony of exploiting software patents to damage their most ardent supporters is delicious.

Sorry, but... (1)

Zaatxe (939368) | more than 7 years ago | (#19436015)

AAAAAAAARRRRRGHHH!!

Sorry again, I couldn't keep it...

Maybe (1)

C_Kode (102755) | more than 7 years ago | (#19436041)

Maybe, this will finally be the straw that breaks the software patent camel's back.

Is this any worse than selling exploits? (0)

Anonymous Coward | more than 7 years ago | (#19436063)

Or buying them?

Better coding at last? (1)

PhysicsPhil (880677) | more than 7 years ago | (#19436075)

Maybe the prospect of having to pay for its bugs will finally force Microsoft to ship better code.

Re:Better coding at last? (1)

Aoreias (721149) | more than 7 years ago | (#19436953)

As much as I dislike Microsoft, at least they create new products. All these guys generate is headaches, and frustration without contributing to society.

Hoax. (2, Interesting)

seaturnip (1068078) | more than 7 years ago | (#19436087)

Come on people. Nothing indicates this "company" is anything more than a single guy putting up a website on a lark, either purely for Slashdot hits or to make a point about the patent system. The whole idea is wildly impractical (what are these magic methods they say they'll use to expedite the patent process?), and a real company would privately hire their own security researchers instead of announcing their plans in detail to the public.

Microsoft claims.... (1)

bhmit1 (2270) | more than 7 years ago | (#19436105)

...that they have 900,000 instances of prior art, give or take.

(Sorry, couldn't resist.)

They Got It Backwards (0)

Anonymous Coward | more than 7 years ago | (#19436137)

I've just started a company to patent the security holes themselves.

1. Find hole
2. Patent the hole
3. ...
4. Profit!

Re:They Got It Backwards (0)

Anonymous Coward | more than 7 years ago | (#19436555)

1. Find hole
2. Patent the hole
3. ...
4. Profit!


This sounds like a geek discovering and patenting sex. :)

Expect to see more of this (3, Insightful)

palladiate (1018086) | more than 7 years ago | (#19436149)

I frequently post about Intellectual Property in threads like this. Usually I get some responses saying that I'm full of it, and companies wouldn't slash our throats and bleed us dry. I have four words for you:

Are you convinced yet?

There are too many market pressures on monopolizing ideas. A monopoly on an idea gives you an excellent competitive advantage. For some goods, say a book, a copyright is neccessary for you to take a risk and publish the book. For others, it lets you invent things like a cotton gin and make money off of it while being a good citizen and showing the world how it works, and what new technologies you have invented. On the whole, these are to the public's advantage when used wisely.

But a monopoly is always a competitive advantage, even when it isn't in the public's advantage. And currently, business lobbies are pushing to allow more and more kinds of monopolies because they make business sense. Granted, plot patents, business patents, process patents, software patents, copyright on 3 note sequences, etc, etc, etc are not in the public's interest, as we don't carry massive IP portfolios to cross-license or lawyers to fight with. But they do allow large companies to create a massive barrier to entry that only certain industries or monopolies enjoyed before.

There is money to be made in massively expanding the definition of IP to include all ideas. There is more money in eternally owning ideas than in all of the property rights or mineral rights in the solar system. This fight will not be over in our lifetimes.

Researcher gets share of net not gross (1)

Shirotae (44882) | more than 7 years ago | (#19436163)

One thing I noticed reading the site is that the researcher who submits the vulnerability report gets a share of the net profit not the gross income or a guaranteed fee. This is a standard Hollywood tactic to avoid paying the people who do the real work. All the gross income gets eaten up in various expenses so there is little or no net profit.

The researcher also has to trust the company not to just steal their information by claiming someone who wishes to remain anonymous has already reported that vulnerability.

It reads like a scam to me. Maybe I am just old and cynical.

This is the reason (2, Interesting)

Catiline (186878) | more than 7 years ago | (#19436167)

This sort of thing is the reason why I have retained a patent lawyer who, the day the "first to file" change is passed into law [businessweek.com] , will put in an application for a business method patent. The brief, non-legalese version basically covers the business model of suing over patents which the owning company does not themselves utilize. (That way, I can sue into oblivion any business attempting craziness like this.)

Naturally, anyone attempting to argue whether I practice my own patent may find themselves falling into a logical paradox, as my patent itself implies I cannot practice my patent.

Possible RICO candidate (0)

Anonymous Coward | more than 7 years ago | (#19436355)

So you advertise to go create 0day exploits, for which patents can be applied for that are
broad enough to use. Then release exploit, demand $$.

Sounds like a form of extortion to me.
RICO?

What fixes are patentable? (1)

Mawbid (3993) | more than 7 years ago | (#19436359)

Usually when a program is broken, it's because someone made a mistake. There'a a proper way to do something, and they didn't do it that way. The fix is to move to doing things the proper way, which by virtue of being the proper way has plenty of prior art.

So, no problems arise with patches that involve making sure buffers don't overflow, tempfiles are opened without a race condition occurring, input passed on to command interpreters doesn't contain escapes, and so on.

Then there's the rarer situation where a system needs a novel idea to function securely. The implementor creates the system without any awareness of the need for new security mechanisms and writes an insecure system. I'd say that in this case, the person who finds the flaw and the fix actually deserves compensation. Actually, forget the fix. They've made a contribution to the field just by understanding the flaw.

Still, making it harder or more expensive for companies to fix their broken software? That's something I just can't get behind.

My solution: (1)

kalel666 (587116) | more than 7 years ago | (#19436371)

I'm going to patent "a process whereby a corporation enters into a contract to 'eliminate' (wink, wink) holders of spurious patents designed to inhibit innovation and advancement of technology".

Because you know damn well that day is coming, where it will be cheaper to whack someone and risk prison than fight the bastards. Of course, when that day does come, I'm in deep shit as the holder of this patent...

patent tuesdays.. (2, Funny)

jb.cancer (905806) | more than 7 years ago | (#19436413)

i have something better

1) patent patches
2) patent tuesdays
3) $Profit$

one word (2, Interesting)

BlindRobin (768267) | more than 7 years ago | (#19436509)

koyaanisqatsi

Patches are derivative works - aren't they? (1)

Muckluck (759718) | more than 7 years ago | (#19436529)

It would seem to me that a patch to copyrighted software would be a derivative work based on the software and therefore should be covered under most boiler plate license agreements. Is this not the case?

An Alternative (1)

TheVelvetFlamebait (986083) | more than 7 years ago | (#19436689)

Why don't these guys do something truly good for humanity, and patent malware and spam? Should clear up those problems in an instant!

I like it (2, Insightful)

nanosquid (1074949) | more than 7 years ago | (#19436701)

I think the patent system is absurd, but this strikes me as a good use for it. Right now, vendors absolve themselves of any responsibility and think they have a right to get free reports and bug fixes from users. In fact, they have even created the impression that it is blackmail when bug reporters ask for money for their discoveries.

As I see it, if this company gets away with it, either, big companies will improve the quality of their software so that they have fewer vulnerabilities in the first place, or they will start to push for weakening software patents. Either way, everybody wins.

Punch a patent attorney. (1)

Organic Brain Damage (863655) | more than 7 years ago | (#19436805)

In the stomach. Once a day. Every day. Except Sunday.

Patent the unreadable website (1)

restive (542491) | more than 7 years ago | (#19436901)

Their dark-on-dark website scheme is really conveying a professional image for them.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?