Automated secure software development management, risk assessment, and risk remediation
US10740469B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 28, 2017 |
| Grant date | Aug 11, 2020 |
| Priority date | — |
| Expiry date | Jul 13, 2038 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06Q10/0635
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Methods and apparatuses are described for automated secure software development management, risk assessment and risk remediation. A server generates security requirements for a software application under development based upon a plurality of technical attributes and a threat model. The server creates a first set of development tasks based upon the generated security requirements. The server scans source code to identify one or more security vulnerabilities and creates a second set of development tasks based upon the identified vulnerabilities. The server generates a security risk score based upon the generated security requirements and the identified vulnerabilities. The server deploys the software application under development to a production computing system upon determining that the security risk score satisfies a criterion. The server generates security findings based upon operation of the software application after being deployed to the production computing system, and creates a third set of development tasks based upon the findings.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.