Patent · US Active

Method and system for detecting vulnerabilities in source code

US8156483B2 · kind B2 · utility

43Cited by

7References

4Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Ryan Berg · Austin, US
Larry Rose · Chelmsford, US
John Peyton · Arlington, US
John J. Danahy · Bow, US
Robert A. Gottlieb · Westford, US
Chris Rehbein · Watertown, US

Key dates

Filing date	Jun 27, 2008
Grant date	Apr 10, 2012
Priority date	—
Expiry date	Jan 19, 2031

Classification

Technology area (CPC G)Physics
CPC primaryG06F11/3604
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A method and system of detecting vulnerabilities in source code. Source code is parsed into an intermediate representation. Models (e.g., in the form of lattices) are derived for the variables in the code and for the variables and/or expressions used in conjunction with routine calls. The models are then analyzed in conjunction with pre-specified rules about the routines to determine if the routine call posses one or more of pre-selected vulnerabilities.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.