Patent · US Active

System and method for vulnerability risk analysis

US9317692B2 · kind B2 · utility

26Cited by

1References

20Claims

0Family size

Assignee

Symantec Corporation · US

Inventors

Matthew Elder · Germantown, US
Darrell Kienzle · Vienna, US
Pratyusa K. Manadhata · Princeton, US
Ryan Persaud · West Palm Beach, US

Key dates

Filing date	May 21, 2010
Grant date	Apr 19, 2016
Priority date	—
Expiry date	Jan 5, 2032

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1433
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Embodiments of the present invention are directed to a method and system for automated risk analysis. The method includes accessing host configuration information of a host and querying a vulnerability database based on the host configuration information. The method further includes receiving a list of vulnerabilities and accessing a plurality of vulnerability scores. The list of vulnerabilities corresponds to vulnerabilities of the host. Vulnerabilities can be removed from the list based on checking for installed fixes corresponding to vulnerability. A composite risk score can then be determined for the host and each software product of the host based on the plurality of vulnerability scores. An aggregate risk score can then be determined for the host and each software product of the host based on the plurality of vulnerability scores.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.