Open source vulnerability remediation tool

Assignee

• Visa International Service Association · US

Inventors

• Vinjith Nagaraja · Pflugerville, US
• Raymond Scott Brammer · West Granby, US
• James Myers · Round Rock, US
• Christopher John Barkley Gutierrez · San Mateo, US
• Ireneusz Pazdzierniak · Foster City, US
• Shanshan Jiang · Foster City, US
• Karim Mawani · Foster City, US
• Pankaj Rathore · Austin, US
• Jerry Wald · San Francisco, US
• David Worth · Naperville, US
• Dhruv Vig · Austin, US
• Archana Taparia · Foster City, US
• Robert Chifamba · Austin, US
• Vamshi Ramarapu · Austin, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/033
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method and system for remediating vulnerable code libraries, including open source libraries, in a software application. An application, that uses code libraries, and information regarding known library vulnerabilities are received, then it is determined if one or more libraries in the application are vulnerable based upon the information. For each of the one or more vulnerable libraries, a library version that minimizes risk is determined. The determined library version is incorporated into the application to form a test application, and an application test is performed on the test application. If an application test score on the test application is below a predetermined threshold, the determined library version is incorporated into a final application precursor. A final application can be determined from the final application precursor for each of the one or more vulnerable libraries.