Cyber security covers many areas, with most aspects being tech/ legal/contractual / protection based.
However, where is a background check within assessment frameworks; funding, location – e.g. in an anonymous LLC State?
Importantly, with an AI/quantum patent goldrush, due diligence is required in relation to patents (1st filing date); any assignment to another entity.
Software/service risks emanating from patent ownership are not generally identified as belonging within vendor selection risk assessments.
The Cloudera case highlights continuity of supply risks in the face of a small entity owning patents, certified software code, trade secrets, etc. Where a small entity is able to successfully assert against a major provider, as we have seen with the Apple smartwatch case, there is an associated capability to force the major player to cease a supply.
The quickest way for non-legal, more IT-focussed personnel involved in the initial vendor selection process is to simply undertake the following actions:
1. Funding: is the entity VC funded – if yes, the objective of a VC is to generate profits via divestment, which may include termination of an entity’s core offering if, for example, the client base/access is the rationale for the acquirer: use the likes of Crunchbase to identify funding sources;
2. Use Google’s patent search for the company’s patent filings & the USPTO’s patent search. The latter will provide detailed information on patent application documentation, such as the examiner’s search results that will identify potential patent assertion risks from competitors who own patents;
3. Ensure that products or services used from a vendor do not have your organisation’s name, reference as a user, or any other reference in order to avoid any potential risk as a contributory infringer under U.S.C. § 271;
4. Require within pre-contract documentation to disclose a list of owned patents, as well as any assignments of them. This should also list failed, or abandoned patent applications, which should then be the focus of further investigation as to why an application did not continue to allowance.
As we move deeper into the AI domain, followed by quantum, all entities relying upon an external provider should add patent infringement to their core vendor selection process.
Within our cyber risk quantification segment, the number of patent holders is small, making it an easy task for risk carriers to identify the risks of using, or being associated through vendor press releases & social media posts, from contributory infringement actions.
Within AI, as a segment with high velocity, the task is far more difficult – it should not fall purely to an organisation’s legal, or IP department to second-guess the selection of hardware, software, services being considered by IT security departments.https://www.reuters.com/legal/litigation/cloudera-hit-with-240-mln-patent-verdict-over-cloud-storage-technology-2023-10-13