Vulnerability tracing using scope and offset
US11868482B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 9, 2022 |
| Grant date | Jan 9, 2024 |
| Priority date | — |
| Expiry date | Nov 19, 2042 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/034
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Source code is managed through a source code management system and one or more static application security testing scanners check the source-code for vulnerabilities. The scanners generate vulnerability reports that are processed by a vulnerability tracker. The vulnerability tracker computes the scopes of identified vulnerabilities from the source-code and generates scope and offset fingerprints (e.g., hashes that uniquely identify vulnerabilities based on their surrounding scope). The fingerprints used for deduplication and vulnerability tracking. The vulnerability tracker may generate a refined vulnerability report that includes a set of deduplicated vulnerabilities with the corresponding fingerprints. The refined vulnerability report and related data may be stored in a vulnerability database for use in vulnerability management.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.