Adaptive vulnerability management based on diverse vulnerability information
US11729197B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Nov 19, 2019 |
| Grant date | Aug 15, 2023 |
| Priority date | — |
| Expiry date | Feb 25, 2042 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L67/1097
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Embodiments include a method for vulnerability management of a computer system. The method includes collecting vulnerability information over a network from a publishing source. The vulnerability information includes a known vulnerability of a first computer asset, where at least some of the vulnerability information is a set of cybersecurity vulnerabilities and exposures (CVEs) published online. Further, at least some of the CVEs is in a human-readable format. The method further includes collecting system information of the computer system subject to the vulnerability management, where the system information includes information about a second computer asset of the computer system. The method further includes processing the collected vulnerability information and the collected system information by interpreting the human-readable CVEs and correlating the interpreted CVEs with the collected system information. A potential vulnerability of the second computer asset is identified based on the correlation between the interpreted CVEs and the collected system information.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.