The market for software vulnerabilities just got even more complex with the arrival of a firm that offers security researchers a chance to profit from their work by patenting security fixes. Intellectual Weapons offers a revenue split with researchers who embark on what it admits is an ambitious strategy. It claims rival …
... I sympathize with the MS army of lawyers
Anybody think that this novel approach has anything to do with value added services to improve the life of the weary Security Officer, or is it just a nasty scheme to enrich the greedy?
If this ever comes off, can you imagine not being able to patch a security hole because of a protracted legal dispute between "Intelligent Weapons" and the software vendor of choice, all the time knowing that ever greater levels of disclosure in the legal circles will give full advantage to the hacking community to develop exploits.
Imagine being served a wit because you developed a workaround to protect your systems... This is bad for everybody, except for the lawyers.
Surely that's illegal
Isn't this scheme illegal in multiple ways? It seems to me to be a cross between a protection racket, and trying to obtain a patent on someone's legal obligations.
open source issues
Just as long as they don't use any GPLed code.
This is yet another reason for ending software patents
This could be the final nail in the coffin
When MS has to pay licensing fees to use patented software to fix holes in their own products, they may suddenly discover that software patents are not such a wonderful idea after all.
Interesting PGP signature
Their PGP signature -- not licensed for commercial use. Seems to me that might be one little thing they'd want to clear up sooner rather than later.
So what's going to stop a hacker from discovering a hole, working out a patch to close the hole, getting a patent on the patch and then charging an absurd amount of money for it, to keep the systems unpatched and the security hole (in to your bank account) open!
By George, I think he's got it! The U.S. border security problem, I mean.
My crack pipe overfloweth...
Oh dear, a serious case of my crack pipe overfloweth. Lets just think for a moment about this business model;
Intelligent Weapons can not really patent the patch solution as that would mean it gets its arse sued in to oblivion by MS for reverse engineering its products and breaking licensing terms. They can really only patent the flaw.
Patenting a flaw is not going to work since the PO will not allow patents on illegal activities and by law they are unenforcable. Even if IW managed to get some patents through, and even if MS doesn't get them on the reverse engineering thing, MS just needs to prove that IW is attempting to patent flaws which are the mechanism for illegal activity and IW will vanish into the vapor from whence it came.
Sounds like a good business, I'm in...
This seems to me to be the mirror of one-click. If you can describe a process, you can patent it, right? The actual code doesn't matter, it's the IDEA that's important.
So let's say Mr. A finds that a packet which says "ACBD" breaks open a system, then you can you not patent "A prcoess to examine a packet to check for the existance of string "ABCD" and appropriate responses if found..."
You don't need code, you don't need to reverse engineer anything, and you haven't done anything illegal. By default you have added to the knowledge of the system (by finding that ABCD breaks it, which was previously unknown), there's no prior art and it's a technical advancment.
sounds good to me.
If the law is too slack, tighten it.
"or is it just a nasty scheme to enrich the greedy?"
Precisely. If it's not illegal now, it needs to be MADE illegal by this afternoon.
And if the law isn't capable of moving that fast, then the law needs a swift kick somewhere.