Saturday, January 12, 2008

Cenzic vs. SPI Dynamics?

An interesting article posted to Dark Reading has really pushed a thorn in my side. 

First of all, allow me to lay the groundwork for what you are about to read.  I'm not associated with any of these companies, but I will say that in the past six or seven years, SPI Dynamics has done more for the web application security industry than Cenzic will do in its pathetic little lifetime. on to my rant.

So.....Cenzic has filed some lawsuit against SPI for infringement on a "technology" they claim to have crafted (i.e., fault injection)?  Let's be honest here...Cenzic couldn't find a web vulnerability with both hands, a flashlight and a map of the location.  As if it's not embarrassing enough to have an XSS exploit on your own website, but the pathetic display of client-side validation on their download page really makes me scratch my ass. 

Seriously....what are these people thinking?  I can just see the group sitting around the Cenzic offices thinking this one up....

Ok we are the worst company that anyone could hire for a web application scanner.  So ....what if we were to place a patent around a technology that we didn't invent so that all of the 'real' companies would need to pay us a license fee for something they already do much better?

Do us all a favor and close your doors....