Systems and methods of associating security vulnerabilities and assets
US8095984B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 2, 2006 |
| Grant date | Jan 10, 2012 |
| Priority date | — |
| Expiry date | Jan 30, 2029 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/577
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Systems and methods of associating security vulnerabilities and assets, and related Graphical User Interfaces (GUIs) and data structures, are disclosed. A definition of a security vulnerability, which includes multiple asset characteristics such as an asset platform that may be exploited via the security vulnerability and an asset platform that is affected when the exploited asset platform is exploited via the security vulnerability, is compared with definitions of one or more assets of an information system. An association between the security vulnerability and an asset is made if the definition of the asset includes a first asset characteristic of the security vulnerability definition and either the definition of the asset or the definition of another asset that has a relationship with the asset includes a second asset characteristic of the security vulnerability definition. The security vulnerability definition may also identify an asset platform that protects against the vulnerability.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.