For once...
... I sympathize with the MS army of lawyers
The market for software vulnerabilities just got even more complex with the arrival of a firm that offers security researchers a chance to profit from their work by patenting security fixes. Intellectual Weapons offers a revenue split with researchers who embark on what it admits is an ambitious strategy. It claims rival …
Anybody think that this novel approach has anything to do with value added services to improve the life of the weary Security Officer, or is it just a nasty scheme to enrich the greedy?
If this ever comes off, can you imagine not being able to patch a security hole because of a protracted legal dispute between "Intelligent Weapons" and the software vendor of choice, all the time knowing that ever greater levels of disclosure in the legal circles will give full advantage to the hacking community to develop exploits.
Imagine being served a wit because you developed a workaround to protect your systems... This is bad for everybody, except for the lawyers.
Oh dear, a serious case of my crack pipe overfloweth. Lets just think for a moment about this business model;
Intelligent Weapons can not really patent the patch solution as that would mean it gets its arse sued in to oblivion by MS for reverse engineering its products and breaking licensing terms. They can really only patent the flaw.
Patenting a flaw is not going to work since the PO will not allow patents on illegal activities and by law they are unenforcable. Even if IW managed to get some patents through, and even if MS doesn't get them on the reverse engineering thing, MS just needs to prove that IW is attempting to patent flaws which are the mechanism for illegal activity and IW will vanish into the vapor from whence it came.
Sounds like a good business, I'm in...
This seems to me to be the mirror of one-click. If you can describe a process, you can patent it, right? The actual code doesn't matter, it's the IDEA that's important.
So let's say Mr. A finds that a packet which says "ACBD" breaks open a system, then you can you not patent "A prcoess to examine a packet to check for the existance of string "ABCD" and appropriate responses if found..."
You don't need code, you don't need to reverse engineer anything, and you haven't done anything illegal. By default you have added to the knowledge of the system (by finding that ABCD breaks it, which was previously unknown), there's no prior art and it's a technical advancment.
sounds good to me.