Patent · US Active

Method and system for detecting vulnerabilities in source code

US7398517B2 · kind B2 · utility

31Cited by

6References

15Claims

0Family size

Assignee

Ounce Labs, Inc. · US

Inventors

Ryan Berg · Austin, US
Larry Rose · Chelmsford, US
John Peyton · Arlington, US
John J. Danahy · Bow, US
Robert A. Gottlieb · Westford, US
Chris Rehbein · Watertown, US

Key dates

Filing date	Jun 13, 2007
Grant date	Jul 8, 2008
Priority date	—
Expiry date	Jun 13, 2027

Classification

Technology area (CPC G)Physics
CPC primaryG06F11/3604
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A method and system of detecting vulnerabilities in source code. Source code is parsed into an intermediate representation. Models (e.g., in the form of lattices) are derived for the variables in the code and for the variables and/or expressions used in conjunction with routine calls. The models are then analyzed in conjunction with pre-specified rules about the routines to determine if the routine call posses one or more of pre-selected vulnerabilities.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.