Summary: New article about software patents reveals that HP, under new leadership, has quietly bought a group of Microsoft allies (Fortify)
Following Hurd’s departure [1, 2, 3, 4] a former Microsoft ally was made the CEO of HP [1, 2, 3, 4] and this is important because of HP’s leading position in the desktops/servers market, not to mention all of its patents. “Every time a software patent is registered, an angel is bludgeoned to death with a shoe,” wrote “MrAlanCooper” to a former Microsoft employee. Yesterday we noticed this article about software patents in security, in which it’s mentioned that Fortify has just been acquired by HP. It’s important because Fortify too is a Microsoft ally, as we noted in [1, 2, 3, 4, 5]. The article says:
Can you patent the obvious? Apparently when it comes to software security, maybe you can. Gary McGraw explains how another party may get a patent on a technique he had a hand in inventing.
The notion of software patents is extremely controversial. The basic idea is simple and mirrors “regular” patents. An inventor invents something and files a number of claims about the invention. The Patent Office reviews the filing and determines whether to grant a patent for the invention. Holding a patent guarantees the inventor some rights to enjoy the fruits of the invention for a fixed period of time. Not so bad if you invent the next great inside-the-peel Tomato twaddler, but a bit harder to understand in the software space.
Can you patent the obvious? Apparently when it comes to software security, maybe you can.
On to patent land. Apparently the security testing firm Cenzic believes that they deserve a patent for software fault injection. In February 2007 (a decade after our book was published) Cenzic was awarded patent number 7185232 for “fault injection methods and apparatus.” The basic claims in the patent involve injecting some faulty input into a web program (thing one) and watching for error responses (thing two). Very nice. Or maybe not. A grass roots effort to collect prior art and dispute the patent is being spearheaded on the net byEnrique A. Sanchez Montellano.
As an inventor of security technology, I am not completely opposed to the idea of software patents. In fact, we hold eight patents in various aspects of software security at Cigital (some of which are likely to be infringed upon). We like the idea of licensing our ideas and our prototypes to others. In fact, that’s exactly what happened with Fortify which was recently acquired by HP. We licensed our code scanning ideas and prototypes to Kleiner-Perkins who went on to found Fortify, build a real commercial product, and sell the heck out of it. So the notion of protecting our ideas with patents is not foreign to us.
A lot could be said about the article’s attitude w.r.t. software patents, but the news that we missed about Fortify may be important in the future. Fortify attacks Free software quite routinely, so it’s unclear why HP would want this culture to become ‘in-house’. Incidentally, considering that Hurd was fired after Microsoft had pointed out that his work on a homebrew Linux-based operating system was a major threat (c/f SEC filing), one ought to watch carefully what Apotheker does at HP. Microsoft also named Intel’s work on MeeGo as a major threat (alongside HP) and we all know what Microsoft did to Nokia [1, 2, 3, 4], harming MeeGo a great deal using entryism (a manager from BT privately told us by mail that it was probably illegal, he called it “100% corrupt”). Yesterday we wrote about the contractual obligations of Micromoles. Watch out, HP. █