BitSight vs. NormShield: Cybersecurity Patent Dispute Ends in Dismissal
What would you like to do next?
Choose your path based on your current needs:
In a closely watched cybersecurity patent infringement dispute, BitSight Technologies, Inc. and NormShield, Inc. — operating under the brand Black Kite — reached a stipulated dismissal with prejudice on February 13, 2025, ending 527 days of litigation before Massachusetts District Court. Case No. 1:23-cv-12055 centered on five U.S. patents covering information technology security assessment systems, organizational behavior-based risk ratings, and security risk management methodologies — technology that sits at the commercial heart of the rapidly expanding cyber risk quantification market.
The dismissal, carrying no admission of liability from either party and requiring each side to bear its own costs and attorneys’ fees, reflects a litigation resolution pattern increasingly common in high-stakes IP disputes where commercial realities ultimately override legal attrition. For patent attorneys, in-house IP counsel, and R&D leaders operating in the cybersecurity software space, this case offers substantive lessons in assertion strategy, portfolio construction, and the commercial calculus behind stipulated dismissals.
📋 Case Summary
| Case Name | BitSight Technologies, Inc. v. NormShield, Inc. |
| Case Number | 1:23-cv-12055 (D. Mass.) |
| Court | U.S. District Court for the District of Massachusetts |
| Duration | Sep 2023 – Feb 2025 527 days |
| Outcome | Dismissed with Prejudice |
| Patents at Issue | |
| Accused Products | Black Kite’s information technology security assessment platform, risk rating methodologies, and security risk management systems |
Case Overview
The Parties
⚖️ Plaintiff
Boston-based cybersecurity company widely recognized as a pioneer in security ratings and continuous monitoring platforms.
🛡️ Defendant
Competing cybersecurity risk assessment provider offering third-party cyber risk intelligence and supply chain risk management tools.
The Patents at Issue
Five issued U.S. patents formed the basis of BitSight’s infringement claims:
- • US11652834B2 — IT security assessment systems
- • US9973524B2 — Methods for organizational behavior-based risk ratings
- • US9438615B2 — Security risk management
- • US10805331B2 — IT security assessment systems
- • US11777976B2 — IT security assessment systems
Developing a similar cybersecurity solution?
Check if your technology might infringe these or related patents.
Litigation Timeline & Procedural History
BitSight filed its complaint on September 5, 2023, selecting the U.S. District Court for the District of Massachusetts — a strategically logical venue given BitSight’s Boston headquarters and the district’s established familiarity with complex technology patent litigation. Chief Judge **Myong J. Joun** presided over the matter.
The case proceeded at the district court (first-instance) level and ran for 527 days before closing on February 13, 2025 — a duration consistent with complex multi-patent technology disputes that often extend 18 to 36 months before reaching trial or resolution. The 527-day timeline suggests the parties engaged in substantive pre-trial proceedings, including pleading amendments (reflected in the “first amended complaint” referenced in the dismissal stipulation), likely followed by discovery exchanges and early claim construction briefing before commercial considerations drove settlement discussions.
No trial occurred. The case closed through a Rule 41(a)(1)(A)(ii) stipulated dismissal — the procedural mechanism requiring agreement from all parties, executed here without court intervention beyond entry of the stipulation.
The Verdict & Legal Analysis
Outcome
The case was dismissed with prejudice pursuant to a joint stipulation filed under Federal Rule of Civil Procedure 41(a)(1)(A)(ii). Critical terms of the dismissal include:
- • All claims and counterclaims dismissed with prejudice — meaning neither party may relitigate these specific claims
- • Each party bears its own attorneys’ fees and costs — no fee-shifting under 35 U.S.C. § 285
- • No admission of liability by either party for any claim or allegation
- • No disclosed monetary damages or injunctive relief
Legal Significance
Because the dismissal was stipulated rather than adjudicated, no precedential claim construction or validity rulings emerged from this case. The five patents-in-suit — spanning application numbers from the US13 series (filed circa 2011) through the US17 series (filed circa 2020) — remain valid and enforceable. BitSight retains full rights to assert them in future proceedings against other defendants or in different forums.
The “dismissed with prejudice” designation, while precluding re-litigation against Black Kite on these specific claims, does not constitute a validity finding, an invalidity finding, or a license — a critical distinction for third parties monitoring these patents for freedom-to-operate purposes.
Filing a software or system patent?
Learn from this case. Use AI to draft stronger claims that can withstand litigation.
Power Your Patent Strategy with Eureka IP
From novelty searches to patent drafting, Eureka’s AI-powered tools help you navigate the patent landscape with confidence.
⚠️ Freedom to Operate (FTO) Analysis
This case highlights critical IP risks in the cybersecurity risk ratings market. Choose your next step:
📋 Understand This Case’s Impact
Learn about the specific risks and implications from this litigation.
- View BitSight’s extensive patent portfolio in this technology space
- See which companies are most active in cybersecurity patents
- Understand claim construction patterns for software patents
🔍 Check My Product’s Risk
Run a comprehensive FTO analysis for your own technology or product.
- Input your product description or technical features
- AI identifies potentially blocking patents
- Get actionable risk assessment report
High Risk Area
Cybersecurity risk rating & assessment platforms
5 Patents Asserted
Covering foundational methodologies
Strategic Dismissal
Avoided adverse judgment, no admission of liability
✅ Key Takeaways
For Patent Attorneys & Litigators
Multi-patent assertion strategies in overlapping technology fields increase leverage but also multiply litigation costs and discovery scope.
Search related case law →Rule 41(a)(1)(A)(ii) stipulated dismissals preserve plaintiff’s portfolio for future assertion — distinguish from consent judgments.
Explore precedents →No fee-shifting in mutual dismissals absent exceptional case findings under *Octane Fitness*.
Analyze fee awards →Retaining elite trial counsel at the outset signals credible defense posture and may accelerate commercial resolution.
Find IP counsel →For IP Professionals & R&D Leaders
BitSight’s five patents (US9438615B2 through US11777976B2) remain live and assertable — update freedom-to-operate analyses accordingly.
Start FTO analysis for my product →The cybersecurity risk rating and organizational behavior-based security scoring methodologies carry significant patent risk. Conduct FTO analysis before product launch.
Try AI patent drafting →Monitor BitSight’s patent prosecution activity for continuation applications extending these patent families.
Track patent families →Industry & Competitive Implications
The cybersecurity risk ratings market — occupied by BitSight, Black Kite, SecurityScorecard, and others — is experiencing rapid consolidation and intensifying IP competition as enterprise demand for third-party risk management grows. This litigation reflects a broader pattern: market leaders leveraging patent portfolios to create friction for fast-growing challengers.
Black Kite’s ability to emerge from 527 days of litigation without an adverse judgment, an injunction, or a disclosed damages payment — while continuing commercial operations — demonstrates that well-resourced defense strategies can neutralize even well-constructed multi-patent assertions. The mutual cost-bearing dismissal may also signal an underlying business resolution, potentially including cross-licensing, market segmentation, or commercial terms not disclosed in public filings.
For companies in adjacent spaces — supply chain risk management, cyber insurance underwriting platforms, and attack surface management — this case reinforces the importance of proactive patent landscape monitoring. BitSight’s portfolio, now unencumbered by this litigation, remains available for future assertion.
FAQ
What patents were involved in BitSight v. NormShield?
Five U.S. patents: US11652834B2, US9973524B2, US9438615B2, US10805331B2, and US11777976B2 — covering IT security assessment systems, organizational behavior risk ratings, and security risk management.
What was the basis for dismissal in Case No. 1:23-cv-12055?
The parties filed a joint stipulation of dismissal with prejudice under FRCP 41(a)(1)(A)(ii), with each party bearing its own costs. No liability was admitted.
How might this case affect cybersecurity patent litigation?
BitSight’s patents remain enforceable. Companies in the cyber risk ratings market should conduct updated freedom-to-operate analyses and monitor this portfolio for future assertions.
Explore related cybersecurity patent litigation cases, or search these patents on Google Patents and case filings on PACER for deeper due diligence.
Ready to Strengthen Your Patent Strategy?
Join thousands of IP professionals using Eureka to conduct prior art searches, draft patents, and analyze competitive landscapes.