Method for finding vulnerabilities in a software project
US12386975B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jun 2, 2021 |
| Grant date | Aug 12, 2025 |
| Priority date | — |
| Expiry date | May 7, 2042 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/033
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method (500) for finding vulnerabilities in a software project. The method (500) comprising receiving (S502) a dependency file (202), specifying software components related to the software project; extracting (S506) information from the dependency file (202) using a dependency file parser (204), wherein the dependency file parser (204) is configured for a programming language of the dependency file (202), and wherein the extracted information comprises one or more dependency attributes; generating (S508) a first dependency common platform enumeration, CPE, (206) based on the one or more dependency attributes; receiving (S510) vulnerability CPEs (210) from a vulnerability database, VD, (212) wherein the vulnerability CPEs (210) comprises one or more vulnerability attributes; generating (S512) a first condensed dataset (214) of vulnerability CPEs by selecting the vulnerability CPEs (210) that has at least one vulnerability attribute that matches at least one dependency attribute in the first dependency CPE (206); evaluating (S514) the vulnerability CPEs from the first condensed dataset (214) of vulnerability CPEs by determining a confidence score for each vulnerability CPE, wherein…
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.