Advancing Open Source Innovation in Cybersecurity
OIN seeks to secure the inclusion of open source in technology without fear of litigation from patent trolls
Due to the convergence of an escalation in the number of security vulnerabilities, an increase in hacker capabilities and tools and new legislation being enacted in the European Union, businesses are increasing their investments in cybersecurity significantly. According to Global Market Insights, between 2019 and 2024, the market for cybersecurity products and services is expected to grow from $120 billion to more than $300 billion annually. Gartner estimates that by 2020, more than 60% of organizations will have invested in multiple data security tools such as data loss prevention, encryption and data-centric audit and protections tools, up from approximately 35% today.
To meet the cybersecurity challenges of tomorrow, information security companies, venture capitalists and governments are investing and rapidly deploying new, innovative systems. Cutting-edge technologies such as machine learning and blockchain are being harnessed and integrated into numerous security products, services and platforms. A potential impediment to IT security growth and innovation stems from growing concerns of cybersecurity technology-related intellectual property lawsuits.
Cyber Security Patent Lawsuits on the Rise and the Need for Shared Innovation in Cybersecurity
Cybersecurity is still a relatively young and fast-developing technology segment where a licensing culture has not taken hold. Once dominated by several enterprise and consumer-focused companies, today thousands of cybersecurity software vendors exist, as well as more than 60 open source software security platforms hosted on GitHub. With the industry’s growing market size, many aggressive entrants and an open source software model that is fast becoming the standard way of moving innovation forward, there is a potential for established vendors to look to impair these growth drivers through the use of intellectual property.
The expected growth in the security software industry has the potential to be significantly disrupted and its innovation impaired by patent lawsuits. Finjan Holdings Inc., a security technology company turned Non-Practicing Entity (patent troll), has been the most litigious actor in the cybersecurity market. The company has successfully sued for awards and licensing fees from Symantec, FireEye and Sophos, among others, and has brought patent infringement lawsuits against Rapid 7, Check Point Software Technologies and Carbon Black. It continues to pursue software vendors for aggressive licensing deals.
Additionally, there are competitor-based lawsuits. For example, cloud-based cybersecurity company CUPP Computing AS and its American counterpart, CUPP Cybersecurity, filed a patent lawsuit against security industry heavyweight Trend Micro.
Open Source – Driving Innovation Everywhere
Open source is a leading technology in smart cars, IoT platforms, blockchain technologies and cybersecurity software projects like Kali Linux. Today, open source code is so effective and cost efficient that it is used in more than 90% of all commercially available software. In fact, it is impossible to catalog all of the daily touchpoints the average person has with an open source-powered product or service. Growth in security open source software (OSS) projects, like all manner of OSS development and usage, is growing at a rapid pace due to the innovations the community consistently achieves.
While it has experienced exponential growth, the successful proliferation of open source by banking networks, mobile phone manufacturers, telecom networks, smart cars, cloud computing and blockchain platforms, among many others, was not always a foregone conclusion. In 2003, there was an intellectual property (IP) -based attack on Linux, the most prevalent OSS project.
Promoting Patent Non-Aggression in Cybersecurity
While the claims underlying the litigation ultimately were found to be without merit in the court proceeding, it was a wake-up call to several IP-savvy companies as to the potential negative impact of patent aggression on the growth of Linux and OSS projects. IBM, Red Hat and SUSE (then Novell) coordinated an effort with Sony, Philips and NEC to conceptualize and implement a solution designed to create a “patent no-fly zone” around the core of Linux. The organization is Open Invention Network and is charged with administering this patent no-fly zone, utilizing a free license to require participant companies to forebear litigation and cross-license patents in the core of Linux and adjacent OSS. In the 12 years since its formation, the organization has grown into the largest patent non-aggression community in history, with an excess of 2,900 participant companies that own upwards of 2 million patents and applications.
In addition to administering the highly successful royalty-free free license, the organization has been one of the most active users of the America Invents Act’s pre-issuance submission program. Through its actions, it has prevented the grant of hundreds of patent applications with overly broad claims that, if issued as submitted, would have threatened Linux technology and products for years to come. This community-based organization also routinely uses its central role as guardian of patent freedom in the open source community to gather critical prior art to neutralize Linux-related litigation and pre-litigation patent assertions. In some cases, it has taken the extraordinary measure of forward deploying key assets from its defensive patent portfolio of more than 1,300 patents and applications to companies at risk or in litigation for the purpose of allowing these companies to better defend themselves from patent antagonists with often far larger patent portfolios and deeper pockets seeking to slow or stall the progress of Linux.
Going forward, the cybersecurity industry has the potential to be a significant driver of innovation and protection for the global economy. The organization has and will continue to include core open source technology in the Linux System and is thereby insulating its members from patent risk in this area. As the threat landscape morphs and new threats arise from the ranks of operating companies and patent assertion entities, the community will remain vigilant in acting to ensure fewer poor quality patents are issued, poor quality granted patents are invalidated and the community of companies pledging patent non-aggression in the core of Linux and adjacent open source technology grows.
For the creativity and inventive capacities of the hundreds of thousands of people developing around cybersecurity to be realized, it is vital that patent non-aggression in the core is safeguarded. Companies and individuals seeking to support patent non-aggression in cybersecurity software should participate as members of its community by becoming signatories of its free license and, in so doing, commit to the onward sustainability of the collaborative model of innovation that is central to open source.
