Detection of malicious software packages
US10055576B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Oct 10, 2017 |
| Grant date | Aug 21, 2018 |
| Priority date | — |
| Expiry date | Oct 10, 2037 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/564
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Systems and methods for a security tool that verifies the security of a software package. An example method may involve identifying a plurality of components contained in a software package comprising one of a JAR file, an Android application package, a docker image, a container file, or a virtual machine image; comparing the components contained in the software package to a list of known components; classifying the software package as insecure when at least one of the components matches an insecure component, or as secure when each of the compared components matches a corresponding secure component on the list of known components; preventing addition of the software package to a software repository when the software package is classified as insecure; and when insecure, providing an interface to enable a user to request the components of the software package be added as a secure component on the list of known components.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.