Thursday, August 07, 2003

Sanctum Patent

I missed this on the Open Web Application Security Project web site until coworker Yen-Ming Chen brought it to my attention:


"On June 24th, 2003 Sanctum Inc. [was] issued US patent number 6,584,569 B2. You can read the patent online at the US Patent Office. The patent is entitled "A system for determining web application security vulnerabilities" and outlines a generic system and basic methodology for performing a web security assessment."


In my non-lawyer opinion, this means nothing. Thousands of patents are issued each year, just waiting to be knocked down in court by a prior art argument. Still, it reminds me how Marcus Ranum thanked Dorothy Denning for writing about intrusion detection in the 1980s, clearly establishing these prior art arguments and paving the way for commercial IDS products. Marcus should have mentioned James Anderson as well, whose 1980 paper "Computer Security Threat Monitoring and Surveillance" (.pdf) sets a very early IDS example.