DCT
1:25-cv-00129
ThreatModeler Software Inc v. IriusRisk Inc
I. Executive Summary and Procedural Information
- Parties & Counsel:
- Plaintiff: ThreatModeler Software Inc. (Delaware)
- Defendant: IriusRisk, Inc. (Delaware) and IriusRisk, S.L. (Spain)
- Plaintiff’s Counsel: Buchanan Ingersoll & Rooney PC; Rimon P.C.
- Case Identification: 1:25-cv-00129, D. Del., 01/30/2025
- Venue Allegations: Plaintiff alleges venue is proper in the District of Delaware because Defendant IriusRisk, Inc. is a Delaware corporation and because both Defendants allegedly conduct continuous and systematic business in the district, including offering for sale and selling the accused products to Delaware residents and corporations.
- Core Dispute: Plaintiff alleges that Defendant’s Threat Modeling Platform, specifically its Infrastructure as a Code (IaC) and StartLeft functionalities, infringes a patent related to systems and methods for automated threat modeling.
- Technical Context: The technology operates in the cybersecurity field of "DevSecOps," which seeks to integrate automated security analysis into the early stages of software and infrastructure development, particularly in cloud computing environments.
- Key Procedural History: The asserted patent descends from a long chain of continuation-in-part applications originating from four provisional applications filed in 2017. The complaint alleges that Defendant, a direct competitor, launched the accused IaC functionality approximately two months after the asserted patent issued and was publicized in industry media, which may be relevant to allegations of copying and willfulness.
Case Timeline
| Date | Event |
|---|---|
| 2017-05-17 | Earliest Priority Date for '872 Patent (U.S. Provisional App. No. 62/507,691) |
| 2022-04-26 | U.S. Patent No. 11,314,872 Issues |
| 2022-06-17 | Date Defendant allegedly added "Infrastructure as Code" functionality to its platform |
| 2025-01-30 | Complaint Filed |
II. Technology and Patent(s)-in-Suit Analysis
U.S. Patent No. 11,314,872 - "Systems and Methods for Automated Threat Modeling when Deploying Infrastructure as a Code", issued April 26, 2022.
The Invention Explained
- Problem Addressed: The patent asserts that conventional methods for deploying cloud computing infrastructure, known as Infrastructure as a Code (IaC), often overlook security threats during the development and deployment process (Compl. ¶32; ’872 Patent, col. 39:42-44). Traditional threat modeling is described as resource-intensive, requiring security experts, and difficult to scale, making it ill-suited for modern, agile development environments (’872 Patent, col. 2:36-49).
- The Patented Solution: The invention provides an automated solution by analyzing a "code file" (e.g., an IaC file) to identify the resources to be deployed and their specific properties. It then uses one or more data stores, which contain information linking specific property values to known security threats, to automatically determine the relevant threats for that deployment. The system then generates a threat model based on this analysis, effectively embedding security analysis into the automated deployment workflow (’872 Patent, Abstract; col. 3:24-40).
- Technical Importance: This approach aims to solve a key challenge in the "DevSecOps" movement by shifting security analysis "left"—earlier into the development lifecycle—and automating it, rather than treating it as a separate, manual step performed after deployment (Compl. ¶¶23, 32).
Key Claims at a Glance
- The complaint asserts independent claims 1, 11, 16, and 26, and reserves the right to assert dependent claims 2-6, 12-14, 17-21, and 27-29 (Compl. ¶6).
- Independent Claim 1 (Method): The core elements include:
- Providing data stores with information on properties and associated security threats.
- Analyzing a code file to identify one or more properties associated with resources in the file.
- For each property, identifying a value for it as defined in the code file.
- Determining one or more security threats based on that identified value, using the data stores.
- Generating a threat model for the resources based on the determined threats.
- Independent Claim 16 (System): The core elements include:
- One or more data stores storing information on properties and associated security threats.
- One or more memories storing instructions.
- One or more computing devices configured to execute the instructions to perform the steps of analyzing the code file, identifying properties and their values, determining security threats, and generating a threat model.
III. The Accused Instrumentality
Product Identification
The accused instrumentalities are IriusRisk's "Threat Modeling Platform (both the cloud-based version and the on-premises version) including its Infrastructure as a Code ('IaC') functionality and/or StartLeft functionality" (Compl. ¶6).
Functionality and Market Context
The complaint alleges that the accused platform is a direct competitor to Plaintiff's products in the threat modeling market (Compl. ¶41). The core accused functionality involves the platform's ability to conduct threat modeling based on IaC files. The complaint specifically alleges that on or about June 17, 2022, approximately two months after the ’872 Patent issued, IriusRisk added a new link to its platform menu labeled "Infrastructure as Code" and described features on its website that are allegedly "substantially similar and/or identical" to those disclosed in the patent (Compl. ¶41).
IV. Analysis of Infringement Allegations
The complaint incorporates by reference an external claim chart exhibit (Exhibit B), which was not provided with the complaint document. The infringement theory is therefore summarized from the narrative allegations in the complaint.
’872 Patent Infringement Allegations
| Claim Element (from Independent Claim 1) | Alleged Infringing Functionality | Complaint Citation | Patent Citation |
|---|---|---|---|
| A processor-executed method of generating a threat model from a code file, comprising: | The IriusRisk Threat Modeling Platform allegedly performs a method of generating threat models from IaC files. | ¶¶6, 41, 45 | col. 57:49-60 |
| providing one or more first data stores communicatively coupled with the processor, the one or more first data stores storing information on: a plurality of properties to be configured for one or more resources included in the code file; and a plurality of security threats associated with one or more values of the plurality of properties; | The IriusRisk platform allegedly uses internal data stores containing information on infrastructure properties and their associated security threats. | ¶¶6, 41, 45 | col. 3:26-32 |
| analyzing the code file to identify one or more properties, of the plurality of properties, associated with the one or more resources included in the code file; | The platform's IaC functionality allegedly analyzes a user-provided IaC file to identify infrastructure resources and their configured properties. | ¶¶6, 41, 45 | col. 3:32-35 |
| for each property of the identified one or more properties: identifying a value for the property defined in the code file; and determining one or more security threats based on the identified value for the property, using the information stored in the one or more first data stores; | The platform's IaC functionality allegedly identifies the values for the configured properties and uses its data stores to determine security threats that correspond to those specific values. | ¶¶6, 41, 45 | col. 3:35-40 |
| and generating a threat model for the one or more resources based on the determined one or more security threats. | The platform's IaC functionality allegedly generates a final threat model or report based on the threats it determined from analyzing the IaC file. | ¶¶6, 41, 45 | col. 3:38-40 |
Identified Points of Contention
- Scope Questions: A central question will be whether IriusRisk's "IaC functionality" and "StartLeft" tool perform every step of the asserted claims. The proper construction of "code file" and "generating a threat model" will be critical. The patent provides specific examples of Infrastructure as a Code (’872 Patent, col. 39:38-47), and discovery will be needed to determine if the accused functionality operates on the same inputs and produces a "threat model" that falls within the claim's scope.
- Technical Questions: The complaint makes high-level allegations of similarity without detailing the specific mechanism of the accused platform. A key technical question is how the IriusRisk platform performs the step of "determining one or more security threats based on the identified value." The patent describes various "indirect mapping" techniques (’872 Patent, col. 39:48-40:25), and a point of contention will be whether the accused product’s method is technically equivalent to what is claimed and described.
No probative visual evidence provided in complaint.
V. Key Claim Terms for Construction
The Term: "determining... based on the identified value for the property" (Claim 1)
- Context and Importance: This phrase defines the core logic of the invention: the link between a specific configuration in a code file and a resulting security threat. The outcome of the infringement analysis will depend heavily on whether the accused product's method of correlation falls within the scope of this term.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The claim language itself is functional and does not specify a particular algorithm. A party could argue this covers any automated process that uses a property's value as an input to find a corresponding threat in a database.
- Evidence for a Narrower Interpretation: The specification describes this process in greater detail, including "indirect mapping" through "subproperties," "other resource properties," "other service properties," and "communication links" (’872 Patent, col. 39:48-40:25). A party could argue the term should be limited to these more complex, context-aware mapping techniques, rather than a simple one-to-one lookup.
The Term: "generating a threat model" (Claim 1)
- Context and Importance: The definition of the final output, the "threat model," is critical. If construed narrowly to require a specific structure or content, it may be easier for the defendant to argue its product generates something different.
- Intrinsic Evidence for Interpretation:
- Evidence for a Broader Interpretation: The claim does not specify the format of the "threat model," suggesting it could be any output that presents the determined threats for the analyzed resources.
- Evidence for a Narrower Interpretation: The specification includes figures that illustrate threat models and reports containing specific elements like "relevant threats" and "relevant sources" (’872 Patent, FIG. 2, 208, 210, 212). A party could argue that a "threat model" must contain at least these structured components to meet the claim limitation.
VI. Other Allegations
- Indirect Infringement: The complaint alleges inducement of infringement, stating that IriusRisk provides "promotional, marketing, educational, demonstrative, and tutorial materials" that instruct and encourage its customers to use the accused platform in a manner that directly infringes the ’872 Patent (Compl. ¶48).
- Willful Infringement: The complaint alleges willfulness based on both pre-suit and post-suit knowledge. Pre-suit knowledge is alleged based on IriusRisk being a direct competitor that monitors industry news, Plaintiff’s patent announcements, and Plaintiff’s patent marking web pages (Compl. ¶¶40-41). The complaint asserts that IriusRisk launched its accused IaC feature just two months after the ’872 patent issued and was publicized, suggesting knowledge and potential copying (Compl. ¶41). Post-suit knowledge is based on the service of the complaint (Compl. ¶42).
VII. Analyst’s Conclusion: Key Questions for the Case
- A core issue will be one of claim scope and technical operation: Does the specific process implemented in IriusRisk’s "IaC functionality" and "StartLeft" tool meet every limitation of the asserted claims, particularly the central step of "determining" threats "based on" property values? The case will likely require a detailed, element-by-element comparison of the accused system’s internal logic against the claim language as construed by the court.
- A key question for damages and willfulness will be one of intent and knowledge: What evidence will emerge regarding IriusRisk’s awareness of the ’872 patent before and during the development of its accused IaC features? The close timing between the patent's issuance and the product's launch, as alleged in the complaint, will be a central focus of discovery.