Patent · US Active

Eliminating false reports of security vulnerabilities when testing computer software

US8584246B2 · kind B2 · utility

7Cited by

16References

13Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Yinnon A. Haviv · Kalanswa, IL
Roee Hay · Haifa, IL
Marco Pistoia · Amawalk, US
Adi Sharabani · Ramat Gan, IL
Takaaki Tateishi · Yamato, JP
Omer Tripp · Herzliya, IL
Omri Weisman · Nes Ziona, IL

Key dates

Filing date	Oct 13, 2009
Grant date	Nov 12, 2013
Priority date	—
Expiry date	May 25, 2032

Classification

Technology area (CPC G)Physics
CPC primaryG06F11/3692
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A system for eliminating false reports of security vulnerabilities when testing computer software, including a taint analysis engine configured to identify a tainted variable v in a computer application, a data mapping identification engine configured to identify a variable x within the application that holds data derived from v, where x is in a different format than v, an AddData identification engine configured to identify an AddData operation within the application that is performed on x, a signature identification engine configured to identify a Sign operation within the application that is performed on the results of the AddData operation on x, a signature comparison identification engine configured to identify an operation within the application that compares the results of the Sign operation with another value.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.