From the saw-it-on-Slashdot Department...

This is utterly insane, forget about responsible disclosure arguments, this company is unabashedly and unapologetically twisting the software industry's predilection for spurious software patents against itself.

Intellectual Weapons is soliciting vulnerability researchers to submit their discoveries to them, rather than the vendor or even the community, and work to "generate and enforce intellectual property such as patents relating to fixes for newly discovered, private or zero day security vulnerabilities, weaknesses, or technical flaws that you have found. We target the intellectual property against the vendors of the vulnerable products and other security providers such as suppliers of intrusion prevention technologies. You share in the income."

Now, from the perspective of Intellectual Weapons, if (as Microsoft and other software patent cartel members assert) software is indeed patentable, then I believe so are the improvements made to those patented inventions. You may patent an improvement and then license that improvement back to the vendor, or (at least) exclude them from using your patented improvement.

A patent is an exclusionary right. It gives the patent owner the right to exclude others from infringing the patent. That does not, however, necessarily give the owner of the patent the right to exploit the patent. For example, many inventions are improvements of prior inventions which may still be covered by someone else's patent. If an inventor takes an existing patented mouse trap design, adds a new feature to make an improved mouse trap, and obtains a patent on the improvement, he or she can only legally build his or her improved mouse trap with permission from the patent holder of the original mouse trap, assuming the original patent is still in force. On the other hand, the owner of the improved mouse trap can exclude the original patent owner from using the improvement.

Can you imagine, after having purchased a license for a piece of software from a vendor, having to individually secure additional patent right-to-use licenses for security patches with other entities, if the vendor cannot or will not pay for a distribution license? Or, better yet, an improvement or patch is available but the parties cannot come to terms on licensing, preventing it ever from being distributed at all. Ludicrous.

Like Matthew Aslett had quipped the other day, it appears that Microsoft et al are about to be hoisted by their own (software) patent petard. Unless they can "fix" the system in their favor first, of course.