Patenting the pen-test?!?!
Okay, process patents in this space have gone too far. I’m googling for some information for a presentation today, and I come across a WIPO patent titled: “SYSTEM AND METHOD FOR PROVIDING NETWORK PENETRATION TESTING”. The “inventors” (and yes, I’m using that term loosely) are Fernando Federico Russ Alejandro David Weil Matias Ernesto Eissler Francisco Javier Dibar Hector Adrian Manrique. A quick search shows these guys in other patent activity. What’s disturbing is that this patent appears to have been filed in 2008, but the process described doesn’t seem terribly innovative. Client side pen testing with a bunch of legal and process fluff thrown in to make it look sexy. Surely metasploit would be prior art, among other tools and frameworks. How do these folks get away with this. I need to go do my research on these inventors, and CORE SDI INC to get a complete picture. If anyone out there has input, I’d sure like to hear it.
CORE SDI INC = Core Security Technologies -> coresecurity.com
They aren’t patenting penetration test, rather than a particular instance (SYSTEM and METHOD) for performing it.
This is an application, not an awarded patent. Please check wikipedia for more information on the patentation process.