`
`Exhibit 19
`
`REDACTED VERSION OF DOCUMENT
`SOUGHT TO BE SEALED
`
`
`
`Case 4:18-cv-07229-YGR Document 201-17 Filed 06/01/21 Page 2 of 8
`
` IN THE UNITED STATES DISTRICT COURT
` FOR THE NORTHERN DISTRICT OF CALIFORNIA
` OAKLAND DIVISION
`----------------------------x
`FINJAN, INC., a Delaware :
`Corporation, :
` Plaintiff, : Case No.:
`vs. : 4:18-CV-07229-YGR
`QUALYS, INC., a Delaware :
`Corporation, :
` Defendant. :
`----------------------------x
`
` HIGHLY CONFIDENTIAL - OUTSIDE ATTORNEYS' EYES ONLY
`
` Videotaped Deposition of QUALYS, INC.,
` by and through its corporate designee,
` HOLGER KRUSE
` Conducted Virtually
` Monday, September 14, 2020
` 9:00 a.m. PDT
`
`Job No.: 320088
`Pages: 1 - 197
`Reported By: Theresa A. White, CSR, RPR, RMR, CRR
`
`1 2 3 4 5 6 7 8 9 1
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`
`
`Case 4:18-cv-07229-YGR Document 201-17 Filed 06/01/21 Page 3 of 8
`HIGHLY CONFIDENTIAL - OUTSIDE ATTORNEYS' EYES ONLY
`Transcript of Holger Kruse, Corporate Designee
`
`
`
`Case 4:18-cv-07229-YGR Document 201-17 Filed 06/01/21 Page 4 of 8
`HIGHLY CONFIDENTIAL - OUTSIDE ATTORNEYS' EYES ONLY
`Transcript of Holger Kruse, Corporate Designee
`
`
`
`09:04:38
`09:04:41
`09:04:41
`09:04:42
`09:04:46
`09:04:49
`09:04:53
`09:04:57
`09:05:00
`09:05:03
`09:05:05
`09:05:08
`09:05:13
`09:05:15
`09:05:18
`09:05:23
`09:05:26
`09:05:29
`09:05:31
`09:05:33
`09:05:33
`09:05:35
`09:05:38
`09:05:39
`09:05:41
`
`Case 4:18-cv-07229-YGR Document 201-17 Filed 06/01/21 Page 5 of 8
`HIGHLY CONFIDENTIAL - OUTSIDE ATTORNEYS' EYES ONLY
`Transcript of Holger Kruse, Corporate Designee
`Conducted on September 14, 2020
`
`9
`
`management, policy compliance and web application
`scanning?
` MR. MAYS: Same objection.
` THE WITNESS: There may be indirect use of
`the results. The scan types which we receive are
`always one of these three types, but there may be
`products in the front end which make use of this
`data for other purposes. I'm not aware of any
`details of how this data might be used.
` Q (By Mr. Lee) Can you elaborate? What do
`you mean by "indirect use of the results"?
` A Well, the results of scans are stored in
`the data center, and we have multiple different
`products which make use of scan results in
`different ways. Vulnerability management and
`policy compliance are the core products, but other
`products have been layered around it which may
`also make use of those results in different ways.
` Q Which products make indirect use of the
`results?
` A I don't have any details. I just know
`that the data has been imported into other
`products in the past.
` MR. MAYS: And objection. Outside the
`scope.
`
`PLANET DEPOS
`888.433.3767 | WWW.PLANETDEPOS.COM
`
`1 2 3 4 5 6 7 8 9 1
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`
`
`12:55:37
`12:55:39
`12:55:44
`12:55:47
`12:55:51
`12:55:53
`12:55:57
`12:55:58
`12:56:00
`12:56:04
`12:56:04
`12:56:06
`12:56:06
`12:56:11
`12:56:15
`12:56:19
`12:56:22
`12:56:26
`12:56:29
`12:56:29
`12:56:33
`12:56:38
`12:56:41
`12:56:44
`12:56:48
`
`Case 4:18-cv-07229-YGR Document 201-17 Filed 06/01/21 Page 6 of 8
`HIGHLY CONFIDENTIAL - OUTSIDE ATTORNEYS' EYES ONLY
`Transcript of Holger Kruse, Corporate Designee
`Conducted on September 14, 2020
`
`134
`
` THE WITNESS: That has historic reasons.
`It's because the way the scanner appliances work,
`it would be difficult for us to have a completely
`separate scan engine running parallel with ML. It
`is easier for the external engine to piggyback
`onto the architecture we already have, with the ML
`extension.
` Q (By Mr. Lee) Do you see there is
`something that says "NOC Host Messages"?
` A Yes.
` Q Do you have any understanding of what that
`is?
` A Yes. NOC host is -- N-O-C stands for
`network operations center. NOC host is a service
`that is run in the data center where we keep
`events and telemetry information. For instance,
`scanner health information, sensor data,
`temperature, hard-disc problems, those kinds of
`things.
` So it is common for scan engines to report
`any unusual events that happen during the scan to
`NOC host as scan events.
` Q What does the webcrawl module do when it
`receives these NOC host messages from WAS?
` MR. MAYS: Objection. Form. Outside the
`
`PLANET DEPOS
`888.433.3767 | WWW.PLANETDEPOS.COM
`
`1 2 3 4 5 6 7 8 9 1
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`
`
`12:56:49
`12:56:50
`12:56:53
`12:56:58
`12:57:01
`12:57:02
`12:57:06
`12:57:07
`12:57:10
`12:57:10
`12:57:13
`12:57:14
`12:57:16
`12:57:19
`12:57:22
`12:57:26
`12:57:28
`12:57:30
`12:57:31
`12:57:35
`12:57:38
`12:57:43
`12:57:48
`12:57:48
`12:57:50
`
`Case 4:18-cv-07229-YGR Document 201-17 Filed 06/01/21 Page 7 of 8
`HIGHLY CONFIDENTIAL - OUTSIDE ATTORNEYS' EYES ONLY
`Transcript of Holger Kruse, Corporate Designee
`Conducted on September 14, 2020
`
`135
`
`scope.
` THE WITNESS: It passes them on to a small
`client. This is called HostMon. And the client
`then sends them to the data center.
` Q (By Mr. Lee) Do you see that there is a
`box called Vulnsigs?
` A Yes.
` Q With an arrow pointing to WAS?
` A Yes.
` Q Do you have an understanding what Vulnsigs
`is here?
` A We already talked about this Vulnsigs.
`It's our vulnerability signature repository, and
`this is shared both by regular ML -- I'm sorry.
`By regular VM and PC scans and also by WAS. It
`has signatures for both -- of all three types of
`scans in it.
` Q (By Mr. Lee) Do you have any idea what
`"global config" and "test payloads" refers to?
` A No. That would have to be answered by the
`WAS team.
` Q Do you see there is a thing called JSEN?
` A Yes.
` Q Do you have any understanding what that
`is?
`
`PLANET DEPOS
`888.433.3767 | WWW.PLANETDEPOS.COM
`
`1 2 3 4 5 6 7 8 9 1
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`
`
`12:57:50
`12:57:57
`12:58:00
`12:58:09
`12:58:15
`12:58:16
`12:58:17
`12:58:17
`12:58:19
`12:58:21
`12:58:24
`12:58:27
`12:58:29
`12:58:35
`12:58:36
`12:58:38
`12:58:40
`12:58:48
`12:58:51
`12:58:56
`12:58:57
`12:58:59
`12:59:02
`12:59:04
`12:59:05
`
`Case 4:18-cv-07229-YGR Document 201-17 Filed 06/01/21 Page 8 of 8
`HIGHLY CONFIDENTIAL - OUTSIDE ATTORNEYS' EYES ONLY
`Transcript of Holger Kruse, Corporate Designee
`Conducted on September 14, 2020
`
`136
`
` A Not precisely. I've seen it, the term
`used in connection with web applications, but I
`don't know precisely what it is.
` Q What does WAS do with the Vulnsigs it
`receives?
` MR. MAYS: Objection to form. Outside the
`scope.
` THE WITNESS: The details would have to be
`answered by the WAS team. In general,
`vulnerability signatures drive a scan. They
`determine what a scan should do, and WAS does the
`same, but I don't know the details of how -- of
`what kind of detections are in Vulnsigs and how
`they are used.
` Q (By Mr. Lee) Can you go to the next page,
`Bates ending in 9785?
` A Sure. Yes.
` Q Do you see in the second bullet it says
`"Crawl, parentheses, WebKit, comma, curl"?
` A Yes.
` Q Do you have any understanding what that
`crawl refers to?
` MR. LEE: Objection. Outside the scope.
` THE WITNESS: My understanding, and this
`may be incomplete, is that as part of web
`
`PLANET DEPOS
`888.433.3767 | WWW.PLANETDEPOS.COM
`
`1 2 3 4 5 6 7 8 9 1
`
`0
`11
`12
`13
`14
`15
`16
`17
`18
`19
`20
`21
`22
`23
`24
`25
`
`