Case 4:18-cv-07229-YGR Document 195-14 Filed 05/10/21 Page 1 of 8
`Case 4:18-cv-07229—YGR Document 195-14 Filed 05/10/21 Page 1 of 8
`
`
`
`
`
`
`
`
`
`
`
`
`
`EXHIBIT 9
`
`EXHIBIT 9
`
`

`

`Case 4:18-cv-07229-YGR Document 195-14 Filed 05/10/21 Page 2 of 8
`
`
`
`HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`Transcript of Eric Cole, Ph.D.
`
`Date: March 2, 2021
`Case: Finjan, Inc. -v- Qualys Inc.
`
`Planet Depos
`Phone: 888.433.3767
`Email:: transcripts@planetdepos.com
`www.planetdepos.com
`
`WORLDWIDE COURT REPORTING & LITIGATION TECHNOLOGY
`
`

`

`Case 4:18-cv-07229-YGR Document 195-14 Filed 05/10/21 Page 3 of 8
`HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`Transcript of Eric Cole, Ph.D.
`Conducted on March 2, 2021
`
`1 (1 to 4)
`
`1
`
`3
`
` I N D E X
`
`Appearances.................................... Page 2
`
`Stipulations................................... Page 222
`
`Exhibit List................................... Page 4
`
`Direct Examination by Mr. Ryan Smith........... Page 6
`
`Cross-Examination by Mr. Jared Smith........... Page 238
`
`Redirect Examination by Mr. Ryan Smith......... Page 250
`
`Reporter's Certificate......................... Page 259
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`1 2 3 4 5 6 7 8 9 1
`
`0
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
` IN THE UNITED STATES DISTRICT COURT
`
` FOR THE NORTHERN DISTRICT OF CALIFORNIA
`
` OAKLAND DIVISION
`
`----------------------------x
`
`FINJAN, INC., a Delaware :
`
`Corporation, :
`
` Plaintiff, : Case No.:
`
`vs. : 4:18-CV-07229-YGR
`
`QUALYS, INC., a Delaware :
`
`0
`
`Corporation, :
`
`1 2 3 4 5 6 7 8 9 1
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
` Defendant. :
`
`----------------------------x
`
`
`
` HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`
`
`
` Videotaped Deposition of
`
` ERIC COLE, Ph.D.
`
` Conducted Virtually
`
` Tuesday, March 2, 2021
`
` 7:15 a.m.
`
`22
`
`23
`
`24
`
`25
`
`
`
`
`
`
`
`
`
`2
`
`4
`
` EXHIBITS
`
`EXHIBIT NO. DESCRIPTION PAGE
`
`Exhibit 1 Opening Expert Report of Eric Cole, 10
` Dated December 1, 2020
`
`Exhibit 2 United States Patent Number 6,154,844 141
`
`Exhibit 3 United States Patent Number 8,677,494 188
`
`Exhibit 6 Qualys Vulnerability Management data201
` sheet, Bates stamped FINJAN-QUALYS
` 038136 through FINJAN-QUALYS 038139
`
`Exhibit 7 Report, dated November 13, 2020, Bates 155
` stamped FINJAN-QUALYS 761510 through
` FINJAN-QUALYS 761573
`
`Exhibit 8 "WAS Scan Report," dated November 19, 181
` 2020, Bates stamped FINJAN-QUALYS
` 761574 through FINJAN-QUALYS 761721
`
`Exhibit 13 Finjan v. Blue Coat document 224
`
`Exhibit 14 Stipulated Protective Order, Conformed 109
` March 27, 2019
`
`Exhibit 15 "Verdict Form," dated November 20, 2017 222
`
`Exhibit 26 "New Features in Qualys Vulnerability211
` Management and Policy Compliance"
`
`Exhibit 32 Network Security Bible 41
`
`Exhibit 35 "Verdict Form," dated August 4, 2015, 240
` Bates stamped FINJAN-QUALYS 322899
` through FINJAN-QUALYS 322907
`
`Exhibit 36 "White paper Qualys Cloud Platform," 242
` Bates stamped FINJAN-QUALYS 416092
` through FINJAN-QUALYS 416131
`
`
`
`
`
`
`
`
`1 2 3 4 5 6 7 8 9 1
`
`0
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`
`
`
`
`Job No.: 354375
`
`Pages: 1 - 260
`
`Reported by: Kelly Hassell, RPR, CLR, CSR
`
` R E M O T E A P P E A R A N C E S
`
`FOR THE PLAINTIFF:
`
` MR. JARED A. SMITH
` Fish & Richardson, PC
` 12860 El Camino Real
` Suite 400
` San Diego, California 92130
` (858) 678-5070
` jasmith@fr.com
` MR. PHILLIP W. GOTER
` Fish & Richardson, PC
` 3200 RBC Plaza
` 60 South Sixth Street
` Minneapolis, MN 55402
` (612) 335-5070
` goter@fr.com
`
`
`
`FOR THE DEFENDANT:
`
` MR. RYAN R. SMITH
` MR. CHRISTOPHER MAYS
` Wilson Sonsini Goodrich & Rosati
` 650 Page Mill Road
` Palo Alto, California 94304-1050
` (650) 493-9300
` rsmith@wsgr.com
` cmays@wsgr.com
` -and-
` MS. TALIN GORDNIA
` Wilson Sonsini Goodrich & Rosati
` 633 West Fifth Street
` Suite 1550
` Los Angeles, CA 90071
` (323) 210-2900
` tgordnia@wsgr.com
`
`
`
`ALSO PRESENT:
`
` MS. DIANA KORNEYCHUK - Videographer
` MS. DANNY TERRY - Remote Technician
` DR. STUART STUBBLEBINE - Stubblebine Consulting,
` Inc.
`
`
`21
`
`22
`
`23
`
`24
`
`25
`
`1 2 3 4 5 6 7 8 9 1
`
`0
`
`11
`
`12
`
`13
`
`14
`
`15
`
`16
`
`17
`
`18
`
`19
`
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`
`PLANET DEPOS
`888.433.3767 | WWW.PLANETDEPOS.COM
`
`

`

`Case 4:18-cv-07229-YGR Document 195-14 Filed 05/10/21 Page 4 of 8
`HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`Transcript of Eric Cole, Ph.D.
`Conducted on March 2, 2021
`49
`
`13 (49 to 52)
`
`51
`
`was -- it may be easier for you to look at the book, but
`it's Page 319, at the bottom Page 319.
` A And just to be sure, you're okay with me
`looking at the local copy?
` Q That's fine. If that's easier -- whatever is
`easier for you is fine.
` And then, you know, if we look at the
`first big heading, it says, "Web service standards and
`protocols." Do you see that?
` A I do see that.
` Q And then the second bullet is XML messaging.
`Do you see that? And then -- and then you wrote --
` A It looks like that's the third one, but just --
`just so the record is correct. So there's web services,
`there's service transport and there's XML.
` Q Oh, okay. And I was -- I see. So if we talk
`about the -- at the bottom of the page, there's a --
` A Oh, you're -- oh, I -- sorry. You're talking
`in the book. I apologize. I see.
` Q Well, let's talk about the -- let's talk about
`the bottom portion you had referenced. So there's a
`heading at the bottom, it says, "XML messaging." Do you
`see that?
` A I do see that.
` Q And you describe XML messaging as (as read)
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`book, so I just want to make sure -- maybe go to the
`previous page where we're referencing 11-6.
` Q (BY MR. RYAN SMITH) I don't know if I have
`298.
` A Oh, okay.
` Q I would have probably shown it to you but...
` A Just so I can understand the context, with your
`permission, can I get my copy of the book so I can just
`look at the paragraph so I can understand the context?
` Q That's fine. That's fine.
` A Okay. Just give me one second.
` And just because you asked previously
`what's in front, so I do have a copy. It's -- there's
`nothing written in it. It's an original version of the
`book.
` Q Thank you.
` A And which page were we on?
` Q It was -- it's 298 and 299. We had shown on
`the screen 299, but I think you want to look at 298.
` A Could you just repeat the question? It's just
`been a couple minutes.
` Q I was asking about the figure shown as Figure
`11-6, and I was just wondering if you would consider the
`local user computer and the remote hosting computer to be
`part of the same overall computer or do you see these as
`50
`
`52
`
`1234567891
`
`"XML or extendable markup language, according to
`Wikipedia, is a W3C-recommended general-purpose markup
`language for creating special-purpose markup languages."
`Do you see that?
` A Yes. Only minor is, it says "extensible."
` Q Oh, I'm sorry.
` A Not "extendable," just so the record is
`correct.
` Q Let me say that again, so -- strike that.
` "XML or extensible markup language,
`0
`according to Wikipedia, is a W3C-recommended
`11
`general-purpose markup language for creating
`12
`special-purpose markup languages. Do you see that?
`13
` A I do see that.
`14
` Q And is it correct you didn't characterize or
`15
`describe XML as being a programming language, did you?
`16
` MR. JARED SMITH: Objection; form.
`17
` A It does not look like on that page that I do.
`18
`I -- I would have to check if it's covered differently in
`19
`the entire book.
`20
` Q (BY MR. RYAN SMITH) Do you ever recall
`21
`characterizing XML as being a programming language?
`22
` A Are you referring to outside the report?
`23
` Q Just any time in your -- your professional
`24
`career if you can remem- -- do you remember
`25
`PLANET DEPOS
`888.433.3767 | WWW.PLANETDEPOS.COM
`
`two separate computers?
` A In this context, they're -- they're referred to
`as two separate. So just reading from 298, (as read) "In
`this case, there are two categories. Those that want
`something, the client, which is on the left, and those
`that have something, the servers."
` And then, "The most prevalent example of a
`client when it comes to the Internet is a web browser. A
`web browser is responsible for managing communication
`between the user on the left and a web server on the
`right."
` Q And a web client would be a separate computer
`from the web server typically, right?
` MR. JARED SMITH: Objection; form.
` A In this example in the time frame 2009,
`I will -- I would agree with that statement. Today, with
`virtualization or even over the last five to seven years,
`there could be cases where, with virtualization and other
`technology, they could potentially be on the same
`physical computer or they can be on separate computers.
` Q (BY MR. RYAN SMITH) But you would agree that
`Figure 11-6 shows two distinct physical computers, right?
` A That is what 11-6 in this book is referring to
`in this specific chapter.
` Q Why don't we go to -- back to the PDF, which
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`

`

`Case 4:18-cv-07229-YGR Document 195-14 Filed 05/10/21 Page 5 of 8
`HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`Transcript of Eric Cole, Ph.D.
`Conducted on March 2, 2021
`65
`
`67
`
`and linking it to the content."
` To me, that's really the core of the '844,
`is generating that security profile and be able to link
`it to that file. And that first sentence is one possible
`way how that can be performed.
` Q (BY MR. RYAN SMITH) And generating a profile
`and linking it to the content, that is performed on the
`computer which downloads the files being inspected,
`right?
` MR. JARED SMITH: Objection; form.
` A I apologize. I didn't understand that
`question. I don't know if you can repeat it or --
` Q (BY MR. RYAN SMITH) Would you agree that for
`the '844 patent, you have to download the downloadable
`onto a computer for purposes of generating the profile
`and linking it to the content?
` MR. JARED SMITH: Same objection.
` A I do not agree with that. For something to be
`a downloadable, if we go back to the Court's claim
`construction, it's an executable application program
`which is downloaded from a source computer and run on the
`destination.
` So if clients are accessing a server, and
`they're downloading it, it becomes a downloadable.
`There's nothing in the claim language that says the
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
` A It was testing of other products.
` Q And you've never tried to compare any Finjan
`products to the '844 or '494 or '731 patents, right?
` MR. JARED SMITH: Objection; form.
` A That has not been one of my assignments that I
`have been given either in this project or previous
`projects. I was always focused on infringement, but I
`was never asked to do an evaluation of Finjan products.
` Q (BY MR. RYAN SMITH) And why don't we go
`further down to the next paragraph. Then you start
`talking about, in Paragraph 86, the '844 patent.
` Let's go back to Exhibit 1. And then the
`first sentence of Paragraph 86, you wrote, "The '844
`patent focuses on inspecting files that are downloaded
`onto a computer," and then it goes on from there. Do you
`see that first part of the sentence?
` A I do see that.
` Q What are you -- what were you referring to by
`"a computer"?
` A A computer is a machine that has an operating
`system, performs operations, performs activity.
` Q And when you're saying the '844 focuses on
`inspecting files that are downloaded onto a computer,
`what computer are the files downloaded onto in the
`context of the '844 patent?
`
`17 (65 to 68)
`
`1234567891
`
`66
`
`inspector has to actually do that downloading. So you
` MR. JARED SMITH: Objection to form.
`have a downloadable that's a downloadable because clients
` A I'm just pulling up the '844 patent just to
`are accessing it and it's an executable.
`pull up that reference.
` And then if we're looking at Claim 1, the
` I always refer back to the patent, which
`inspector just has to receive that downloadable and
`I -- on Column 1, Line -- it looks like 21, with the
`generate by the inspector a first downloadable security
`background and the field of the invention, I believe
`profile that identifies suspicious code in the received
`provides a great description. "The invention relates
`downloadable.
`generally to computer networks and more particularly
`provides a system and method for attaching a downloadable
` Q (BY MR. RYAN SMITH) Is the -- are you saying
`security profile to a downloadable to facilitate the
`that -- well, let me ask you, so you brought up the
`0
`protection of computers and networks from a hostile
`construction of downloadable.
`11
`downloadable."
` In the case of the Qualys Vulnerability
`12
`Management software, what's the -- what's the destination
` Q And based on that description in the patent,
`13
`computer?
`you -- you wrote the sentence that we looked at where it
`14
` MR. JARED SMITH: Objection; form.
`says, "The '844 patent focuses on inspecting files that
`15
` A That would be any of the clients that would be
`are downloaded onto a computer and verifying that the
`16
`accessing that server typically after a vulnerability
`code is not suspicious and will not cause any harm before
`17
`scan is performed.
`it is allowed to run on a client like a web browser."
`18
` Q (BY MR. RYAN SMITH) And those clients could
` And do you still believe that sentence in
`19
`access the server before the Vulnerability Management
`your report is accurate?
`20
`scan has been performed as well, right?
` MR. JARED SMITH: Objection; form.
`21
` A I believe that sentence is accurate of one
` MR. JARED SMITH: Objection; form.
`22
` A Depending on how it's deployed, it could. But
`specific way it works. I think it's important to look at
`23
`for infringement, it just has to be done at least once.
`the following sentence, "This is generally performed by
`24
`It doesn't have to be done all the time.
`looking at the contents of the file, generating a profile
`25
`PLANET DEPOS
`888.433.3767 | WWW.PLANETDEPOS.COM
`
`68
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`

`

`Case 4:18-cv-07229-YGR Document 195-14 Filed 05/10/21 Page 6 of 8
`HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`Transcript of Eric Cole, Ph.D.
`Conducted on March 2, 2021
`129
`
`33 (129 to 132)
`
`131
`
` A Well, there is Qualys scanner code, when it
`connects to the asset, that receives a copy of that
`downloadable but I think you're what you're asking is,
`does the scanner actually download the downloadable to
`the scanner itself, and what actually gets passed from
`the asset back to the scanner is the information that's
`used to create the security profile.
` Q (BY MR. RYAN SMITH) Right. I think we're on
`the same page, but just to confirm, what you're saying is
`the downloadable is not passed from the asset to the
`Qualys scanner? Right?
` MR. JARED SMITH: Objection. Asked and
`answered.
` A So you have the appliance of the scanner. You
`have the asset that's being scanned. The scanner code
`does connect and receive the asset. So vulnerability
`scanner is receiving the asset and then what's passed
`back to the actual appliance is information on the
`security profile. So the scanner absolutely receives the
`downloadable to perform the analysis.
` Q (BY MR. RYAN SMITH) But I'm not -- and -- but
`I'm - just trying to clarify what's actually being passed
`back between the scanner and the asset.
` But you would agree that the scanner does
`not -- strike that.
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`downloadable.
` Q (BY MR. RYAN SMITH) And you would agree --
`would you agree that to receive the downloadable means
`that a copy of the downloadable is moved from the asset
`to the scanner?
` MR. JARED SMITH: Objection; form.
` A I do not agree with that.
` Q (BY MR. RYAN SMITH) So under your infringement
`analysis, the scanner does not need to actually have a
`copy of the downloadable put onto the scanner, right?
` MR. JARED SMITH: Objection; form.
` A I do not see that requirement at all if we're
`just looking at Claim 1. You have a downloadable on the
`asset that's scanned, and what makes it a downloadable is
`that there are clients that connect -- it's from a source
`to a destination. So the action of clients accessing it
`makes it a downloadable.
` But there's no requirement in the claim
`language that says the infringing software has to
`actually download that downloadable. So it's receiving
`it, locally gathering the information. It's receiving
`the downloadable. There's nothing in the claim language
`that says it has to be downloaded. And then it's
`creating information that gets downloaded that's used to
`form the security profile and links it to that
`
`132
`
`1234567891
`
`downloadable.
` Q (BY MR. RYAN SMITH) So under your
`understanding of the claims of the '844 patent --
`actually, strike that.
` So the way you understand the Qualys
`products operate is, Qualys scanners don't actually
`obtain a download of the downloadable, right?
` MR. JARED SMITH: Objection; form.
` A Right, in the infringement read -- because I
`don't believe that's how Qualys scanners worked.
` Q (BY MR. RYAN SMITH) Okay. How do you think
`the Qualys scanners work?
` A That the Qualys scanners connect to the asset.
`They received the downloadable, analyze it, pull out --
`if we're talking '844 -- suspicious code and downloads
`that suspicious code link to the downloadable to the
`scanner to then create the DSP.
` Q You would agree that the Qualys -- strike that.
` The downloadable is never copied into the
`Qualys scanner, right?
` MR. JARED SMITH: Objection; form.
` A Can you repeat the question?
` Q (BY MR. RYAN SMITH) The downloadable is never
`copied into the Qualys scanner, right?
` MR. JARED SMITH: Same objection.
`
` You would agree that the asset doesn't
`pass a copy of the downloadable to the Qualys scanner,
`right?
` MR. JARED SMITH: Objection; asked and
`answered.
` A So once again, if we have the physical box, the
`physical appliance that's running the scanner, the
`scanner connects to the asset and there is a scanner code
`on the asset that receives that downloadable so the
`scanner absolutely receives a copy of that downloadable
`0
`to do the analysis but then what it actually passes back
`11
`to the physical box is the information needed to generate
`12
`security profile.
`13
` While the scanner does receive a copy of
`14
`the downloadable, it doesn't actually take the
`15
`downloadable and download it to the physical appliance
`16
`itself. But the scanner absolutely receives a copy of
`17
`the downloadable.
`18
` Q (BY MR. RYAN SMITH) So you're not aware of
`19
`any -- strike that.
`20
` And that's also true with -- strike that
`21
`again.
`22
` I think earlier we talk about Cloud
`23
`Agents. Would you agree that a cloud agent does not copy
`24
`a downloadable?
`25
`PLANET DEPOS
`888.433.3767 | WWW.PLANETDEPOS.COM
`
`130
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`

`

`Case 4:18-cv-07229-YGR Document 195-14 Filed 05/10/21 Page 7 of 8
`HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`Transcript of Eric Cole, Ph.D.
`Conducted on March 2, 2021
`149
`first Qualys software that's actually doing all those
`infringing components.
` Q (BY MR. RYAN SMITH) But the -- the memory --
`the first rule set would not be stored in memory until
`after the end user clicks start to initiate the scan,
`right?
` A Right. So once the scan initiated, then Qualys
`would go in and its software would go in and load into
`memory the first rule set, so it's the system that's
`doing the infringing.
` Q But -- and you said the memory -- the memory
`we're talking about is the memory in the scanner, right?
` A That is correct. It's a memory in the scanner
`because these are computers.
` Q And each scanner is its own computer?
` A Well, typically with Cloud-based systems, there
`could be virtualization in play, but once again, even
`with virtualization, you would consider that to be a
`computer system even though it's virtualized.
` Q So does the scanner -- we're talking about
`scanner appliances. Isn't a scanner appliance just its
`own computer?
` MR. JARED SMITH: Form.
` A Okay.
` Q (BY MR. RYAN SMITH) So would you agree that --
`150
`
`152
`
` The infringement analysis says I just have
` THE WITNESS: Wait. Sorry. I thought
`to show that some are, which I did, and you're trying to
`Jared -- Jared wanted to get a comment in.
`say, well, if I can show one that doesn't and it doesn't
` A I did not realize you were -- you were asking
`infringe, but that's not how infringement works.
`about a scanner appliance there, but yeah, if it's the
`appliance, then it's the appliance that has the memory
` Q So just to be clear, you -- you didn't figure
`that loads the rule set.
`out how many Qualys customers were using Vulnerability
`Management for web servers and how many customers were
` Q (BY MR. RYAN SMITH) And the appliance would be
`using Vulnerability Management for other types of
`the computer, right?
` A That is correct.
`devices, right?
` MR. JARED SMITH: Objection; form.
` Q Would you agree that Vulnerability Management
`0
` A Once again, to determine infringement, I just
`could be used to scan operating systems? If you want to
`11
`need to show, which I do throughout my report, that some
`reference somewhere from your report, you can take a look
`12
`customers use Vulnerability Management for web servers.
`at 352.
`13
`I didn't need to come up and I wasn't asked to come up
` A Is that paragraph or page?
`14
`with exact percentages.
` Q Paragraph.
`15
` A Thank you.
` Q (BY MR. RYAN SMITH) And if we can go to the
`16
` Typically any computer that's going to be
`next paragraph, Paragraph 353, I believe it notes that
`17
`scanned has an operating system, so the operating system
`there are numerous different Vulnerability Management
`18
`is -- is going to be scanned by the mobility management
`categories.
`19
`tool.
` In total, if you look at the portion of
`20
`the document you quoted in page 146 of your report, is it
` Q And you would agree that not every computer
`21
`true there's 18 different categories of vulnerable --
`being scanned by mobility management is a web server?
`22
` A Once again, not every system that's scanned has
`strike that.
`23
`to be a web server, but many of them are web servers
` There's 18 different vulnerability
`24
`since web servers are the most common types of servers
`categories listed in Page 146 of your report?
`25
`PLANET DEPOS
`888.433.3767 | WWW.PLANETDEPOS.COM
`
`1234567891
`
`38 (149 to 152)
`
`151
`
`that are out on the Internet.
` Q What percentage of -- of servers on the
`Internet are web servers?
` A I -- I don't know that exact number offhand.
` Q And Vulnerability Management could be used with
`SMTP/POP servers; is that right?
` MR. JARED SMITH: Objection; form.
` A Yes. Vulnerability Management can scan many
`types of systems. Not all of them are web servers, but
`some of them are web servers. And once again, for
`infringement, you just have to show that some are. You
`don't have to show that all are, but there's a wide range
`of non-web servers that the Vulnerability Management can
`scan.
` Q (BY MR. RYAN SMITH) And you didn't rule out
`the possibility that there were some Qualys customers
`that used Vulnerability Management for things other than
`web servers?
` A Once again, there's -- there's always
`exceptions for infringement. I don't have to prove that
`every customer that uses vulnerability manager is running
`a web server. If some of them don't, that doesn't mean
`that the ones that do, it still doesn't infringe. So
`I -- I feel like you're reversing the infringement
`analysis.
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`

`

`Case 4:18-cv-07229-YGR Document 195-14 Filed 05/10/21 Page 8 of 8
`HIGHLY CONFIDENTIAL - ATTORNEYS' EYES ONLY
`Transcript of Eric Cole, Ph.D.
`Conducted on March 2, 2021
`257
`
`65 (257 to 260)
`
`259
`
`STATE OF TEXAS )
` I, Kelly Hassell, RPR, CLR, CSR in and for the State
`of Texas, do hereby certify that, pursuant to the
`agreement hereinbefore set forth, there came before me on
`the 2nd day of March, A.D., 2021, at 7:15 a.m., at the
`offices of Eric Cole, PhD, located at 44651 Provincetown
`Drive, in the City of Ashburn, State of Virginia, the
`following named person, to wit: ERIC COLE, PhD, who was
`by me duly cautioned and sworn to testify the truth, the
`whole truth and nothing but the truth, of his knowledge
`touching and concerning the matters in controversy in
`this cause; and that he was thereupon carefully examined
`upon his oath, and his examination was reduced to writing
`under my supervision; that the deposition is a true
`record of the testimony given by the witness, same to be
`sworn to and subscribed by said witness before any Notary
`Public, pursuant to the agreement of the parties; and
`that the amount of time used by each party at the
`deposition is as follows:
` Mr. Ryan Smith - 7 hours, 2 minutes,
` Mr. Jared Smith - 19 minutes;
` I further certify that I am neither attorney or
`counsel for, nor related to or employed by, any of the
`parties to the action in which this deposition is taken,
`and further that I am not a relative or employee of any
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`Vulnerability Management on web servers or some other
`type of device, did they?
` MR. JARED SMITH: Objection; form.
` A I would have to see the -- sorry. I would have
`to see the page to confirm.
` Q (BY MR. RYAN SMITH) But -- but having reviewed
`it with your counsel just now in the questions, you don't
`recall anything in this document talking about --
`specifically about web servers being made available?
` A I would have to look at the page. I didn't
`memorize it. We're seven-plus hours into this, so I'm a
`little tired. So I would have to see the page to confirm
`that.
` Q And I think earlier when you testified -- or
`let me ask -- questions from counsel, you said there --
`there may be more examples in this document about web
`servers being scanned before being made available to web
`clients.
` Are you aware of any other examples than
`the ones you have been asked about just now?
` A I remember reviewing this document. I saw
`several. I don't have that memorized, so I -- I would
`have to go through the document and read it to point them
`out.
` Q So sitting here right now, you wouldn't be able
`
`1234567891
`
`258
`
`to point us to any other examples?
` A I did not memorize this document. No, I would
`not.
` MR. RYAN SMITH: Okay. Thanks. That's
`all.
` MR. JARED SMITH: Nothing further for me.
` THE VIDEOGRAPHER: Okay. This marks the
`end of the deposition of Eric Cole, Ph.D. We are going
`off the record at 4:45 p.m.
`(End of proceedings at 4:45 p.m.)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`attorney or counsel employed by the parties hereto, or
`financially interested in the action.
` In witness whereof, I have hereunto set my hand and
`affixed my seal this 11th day of March , A.D., 2021.
` I further certify that before the completion of the
`deposition, the deponent and/or a party did not request
`to review the transcript pursuant to Federal Rule
`30(e)(1).
`
`
`0
`
`11
` ___________________________
`12
` KELLY HASSELL, CSR No. 5729
`13
` Cert. Expires 10/31/22
`14
` Planet Depos
`15
` Firm Registration No. 686
`16
` 451 Hungerford Drive
`17
` Suite 400
`18
` Rockville, Maryland 20850
`19
` 888-433-3767
`20
`
`21
`
`22
`
`23
`
`24
`
`25
`PLANET DEPOS
`888.433.3767 | WWW.PLANETDEPOS.COM
`
`260
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`1234567891
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`