Protecting Open Source Growth in Cyber security through Patent Non-Aggression

By Keith Bergelt, CEO of Open Invention Network

According to Cybersecurity Ventures, between 2017 and 2021, more than $1 trillion will have been cumulatively spent on cybersecurity products and services. Gartner estimates that by 2020, more than 60 percent of organizations will have invested in multiple data security tools such as data loss prevention, encryption, and data-centric audit and protection tools, up from approximately 35 percent today. Additionally, it estimates that worldwide spending on information security products and services were more than $114 billion in 2018, an increase of 12.4 percent from the previous year.

A Cybersecurity Ventures report issued in late-2017, states that cybercrime damage is estimated to reach $6 trillion annually by 2021. Due to the convergence of an escalation in the number of security vulnerabilities, an increase in hacker capabilities and tools as well as new legislation being enacted in the European Union, the estimated costs due to cybercrime may be conservative.

In order to meet the cybersecurity challenges of tomorrow, information security companies, venture capitalists and governments must invest and rapidly deploy new, innovative systems. A potential impediment is the growth of cybersecurity technology-related intellectual property lawsuits.

Cyber Security Patent Lawsuits on the Rise and the Need for Shared Innovation in Cyber Security

Comparatively speaking, cybersecurity is a relatively young and fast developing technology segment where a licensing culture has not taken hold. Once dominated by several enterprise and consumer-focused companies, today thousands of cybersecurity software vendors exist, as well as more than 60 open source software security platforms hosted on GitHub. With the industry’s growing market size, many aggressive entrants, and an open source software model that is fast becoming the standard way of moving innovation forward, there is a potential for established vendors to look to impair these growth drivers through the use of intellectual property.

The expected growth in the security software industry has the potential to be significantly disrupted and its innovation impaired by patent lawsuits. Finjan Holdings Inc., a security technology company turned Non-Practicing Entity (patent troll), has been the most litigious actor in the cybersecurity market. They have successfully sued for awards and licensing fees from Symantec, FireEye, and Sophos, among others. They have also brought patent infringement lawsuits against Rapid 7, Check Point Software Technologies and Carbon Black, and continue to pursue software vendors for aggressive licensing deals.

Additionally, there are competitor-based lawsuits. For example, cloud-based cybersecurity company CUPP Computing AS, and its American counterpart CUPP Cybersecurity filed a patent lawsuit against security industry heavyweight Trend Micro.

Open Source – Driving Innovation Everywhere

Open source is a leading technology in smart cars, IoT platforms, blockchain technologies and cybersecurity software projects like Kali Linux. Today, the open source code is so effective and cost-efficient that it is used in more than 90 percent of all commercially available software. In fact, it is impossible to catalog all of the daily touch points the average person has with an open source-powered product or service. Growth in security open source software (OSS) projects, like all manner of OSS development and usage, is growing at a rapid pace due to the innovations the community consistently achieves.

While it has experienced exponential growth, the successful proliferation of open source by banking networks, mobile phone manufacturers, telecom networks, smart cars, cloud computing, and blockchain platforms, among many others, was not always a foregone conclusion. In 2003, there was an intellectual property (IP) -based attack on Linux, the most prevalent OSS project.

Promoting Patent Non-Aggression in Cybersecurity

While the claims underlying the litigation ultimately were found to be without merit in the court proceeding, it was a wakeup call to several IP-savvy companies as to the potential negative impact of patent aggression on the growth of Linux and OSS projects. IBM, Red Hat and SUSE (then Novell) coordinated an effort with Sony, Philips, and NEC to conceptualize and implement a solution designed to create a “patent no-fly zone” around the core of Linux. The organization is Open Invention Network and is charged with administering this patent no-fly zone, utilizing a free license to require participant companies to forebear litigation and cross-license patents in the core of Linux and adjacent OSS. In the 12 years since its formation, the organization has grown into the largest patent non-aggression community in history with an excess of 2,900 participant companies that own upwards of two million patents and applications.

In addition to administering the highly successful royalty-free free license, the organization has been one of the most active users of the America Invents Act’s pre-issuance submission program and through its actions prevented the grant of hundreds of patent applications with overly broad claims that, if issued as submitted, would have threatened Linux technology and products for years to come.  This community-based organization also routinely uses its central role as guardian of patent freedom in the open source community to gather critical prior art to neutralize Linux-related litigation and pre-litigation patent assertions.  In some cases, it has taken the extraordinary measure of forward deploying key assets from its defensive patent portfolio of more than 1,300 patents and applications to companies at risk or in litigation for the purpose of allowing these companies to better defend themselves from patent antagonists with often far larger patent portfolios and deeper pockets seeking to slow or stall the progress of Linux.

Going forward, the cybersecurity industry has the potential to be a significant driver of innovation and protection for the global economy.  The organization has and will continue to include core open source technology in the Linux System and is thereby insulating its members from patent risk in this area.  As the threat landscape morphs and new threats arise from the ranks of operating companies and patent assertion entities, the community will remain vigilant in acting to ensure fewer poor quality patents are issued, poor quality granted patents are invalidated and the community of companies pledging patent non-aggression in the core of Linux and adjacent open source technology grows.

In order for the creativity and inventive capacities of the hundreds of thousands of people developing around cybersecurity to be realized, it is vital that patent non-aggression in the core is safeguarded. Companies and individuals seeking to support patent non-aggression in cybersecurity software should participate as members of its community by becoming signatories of its free license and, in so doing, commit to the onward sustainability of the collaborative model of innovation that is central to open source.

About the Author

Keith Bergelt is the CEO of Open Invention Network (OIN), the largest patent non-aggression community in history, created to support freedom of action in Linux as a key element of open source software.  Funded by Google, IBM, NEC, Philips, Red Hat, Sony, SUSE and Toyota, OIN has more than 2,900 community members and owns more than 1,300 global patents and applications. The OIN patent license and member cross-licenses are available royalty-free to any party that joins the OIN community.