Prioritizing security findings in a SAST tool based on historical security analysis

Assignee

• International Business Machines Corporation · US

Inventors

• Babita Sharma · Mississauga, CA
• Kristofer A. Duer · Manchester, US
• Richard Myer Goldberg · Thornhill, CA
• Stephen D. Teilhet · Milford, US
• Jeffrey C. Turnham · Newmarket, CA
• Shu Wang · Beijing, CN
• Hua Xiao · Nanhu, CN

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/0421
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A cloud-based static analysis security tool accessible by a set of application development environments is augmented to provide for anonymous knowledge sharing to facilitate reducing security vulnerabilities. To the end, a crowdsourcing platform and social network are associated with the application development environments. Access to the social network platform by users of the application development environments is enabled. The anonymous access enables users to post messages without exposing sensitive data associated with a particular application development environment. As the static analysis security tool is used, a knowledgebase of information regarding identified security findings, fix priorities, and so forth, is continuously updated. Social network content (e.g., in the form of analytics, workflow recommendations, and the like) is then published from the knowledgebase to provide users with security knowledge generated by the tool from the set of application development environments. The approach provides for secure and anonymous cross-organization information sharing based, for example, on analytics generated by an analytics platform.