Automated determination of vulnerability importance
First Claim
1. A method, in a data processing system comprising a processor and a memory coupled to the processor, the memory comprising instructions that are executed by the processor to cause the processor to be configured to implement a vulnerability importance identification mechanism for automatically determining an importance of vulnerabilities identified in an application, the method comprising:
- scanning, by scanning logic in the vulnerability importance identification mechanism, an identified application for a set of vulnerabilities with uncertain importance, wherein each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance fails to have an associated importance;
for each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance;
identifying, by the scanning logic, a set of characteristics, wherein the set of characteristics includes a location of the vulnerability with uncertain importance within source code of the application (including a file name and line number(s)), a host name where the application resides, a domain name associated with the application, and a pathname to the application;
utilizing the set of characteristics associated with the vulnerability with uncertain importance, determining, by scoring logic in the vulnerability importance identification mechanism, a level of importance for the vulnerability with uncertain importance; and
assigning, by importance identification logic in the vulnerability importance identification mechanism, the level of importance to the vulnerability with uncertain importance thereby forming an identified level of importance; and
with a respective identified level of importance assigned to each vulnerability, with uncertain importance in the set of vulnerabilities with uncertain importance thereby forming a set of vulnerabilities with identified level of importance, presenting, by the vulnerability importance identification mechanism, the set of vulnerabilities with identified level of importance to a user so that the set of vulnerabilities with identified level of importance are addressed by the user based on the respective identified level of importance.
1 Assignment
0 Petitions
Accused Products
Abstract
A mechanism is provided for automatically determining an importance of vulnerabilities identified in an application. An identified application is scanned for a set of vulnerabilities with uncertain importance. For each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance, a set of characteristics is identified, a level of importance for the vulnerability with uncertain importance is determined utilizing the set of characteristics, and the level of importance is assigned to the vulnerability with uncertain importance thereby forming an identified vulnerability. With a respective level of importance assigned to each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance thereby forming a set of vulnerabilities with identified importance, the set of vulnerabilities with identified importance are presented to a user so that the set of vulnerabilities with identified importance may be addressed by the user based on the respective level of importance.
-
Citations
18 Claims
-
1. A method, in a data processing system comprising a processor and a memory coupled to the processor, the memory comprising instructions that are executed by the processor to cause the processor to be configured to implement a vulnerability importance identification mechanism for automatically determining an importance of vulnerabilities identified in an application, the method comprising:
-
scanning, by scanning logic in the vulnerability importance identification mechanism, an identified application for a set of vulnerabilities with uncertain importance, wherein each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance fails to have an associated importance; for each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance; identifying, by the scanning logic, a set of characteristics, wherein the set of characteristics includes a location of the vulnerability with uncertain importance within source code of the application (including a file name and line number(s)), a host name where the application resides, a domain name associated with the application, and a pathname to the application; utilizing the set of characteristics associated with the vulnerability with uncertain importance, determining, by scoring logic in the vulnerability importance identification mechanism, a level of importance for the vulnerability with uncertain importance; and assigning, by importance identification logic in the vulnerability importance identification mechanism, the level of importance to the vulnerability with uncertain importance thereby forming an identified level of importance; and with a respective identified level of importance assigned to each vulnerability, with uncertain importance in the set of vulnerabilities with uncertain importance thereby forming a set of vulnerabilities with identified level of importance, presenting, by the vulnerability importance identification mechanism, the set of vulnerabilities with identified level of importance to a user so that the set of vulnerabilities with identified level of importance are addressed by the user based on the respective identified level of importance. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer program product comprising a computer readable storage medium having a computer readable program stored therein, wherein the computer readable program, when executed on a computing device, causes the computing device to implement a vulnerability importance identification mechanism for automatically determining an importance of vulnerabilities identified in an application, and further causes the computing device to:
-
scan, by scanning logic in the vulnerability importance identification mechanism, an identified application for a set of vulnerabilities with uncertain importance, wherein each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance fails to have an associated importance; for each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance; identify, by the scanning logic, a set of characteristics, wherein the set of characteristics includes a location of the vulnerability with uncertain importance within source code of the application (including a file name and line number(s)), a host name where the application resides, a domain name associated with the application, and a pathname to the application; utilizing the set of characteristics associated with the vulnerability with uncertain importance, determine, by scoring logic in the vulnerability importance identification mechanism, a level of importance for the vulnerability with uncertain importance; and assign, by importance identification logic in the vulnerability importance identification mechanism, the level of importance to the vulnerability with uncertain importance thereby forming an identified level of importance; and with a respective identified level of importance assigned to each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance thereby forming a set of vulnerabilities with identified level of importance, present, by the vulnerability importance identification mechanism, the set of vulnerabilities with identified level of importance to a user so that the set of vulnerabilities with identified level of importance are addressed by the user based on the respective identified level of importance. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. An apparatus comprising:
-
a processor; and a memory coupled to the processor, wherein the memory comprises instructions which, when executed by the processor, cause the processor to implement a vulnerability importance identification mechanism for automatically determining an importance of vulnerabilities identified in an application, and further cause the processor to; scan, by scanning logic in the vulnerability importance identification mechanism, an identified application for a set of vulnerabilities with uncertain importance, wherein each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance fails to have an associated importance; for each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance; identify, by the scanning logic, a set of characteristics, wherein the set of characteristics includes a location of the vulnerability with uncertain importance within source code of the application (including a file name and line number(s)), a host name where the application resides, a domain name associated with the application, and a pathname to the application; utilizing the set of characteristics associated with the vulnerability with uncertain importance, determine, by scoring logic in the vulnerability importance identification mechanism, a level of importance for the vulnerability with uncertain importance; and assign, by importance identification logic in the vulnerability importance identification mechanism, the level of importance to the vulnerability with uncertain importance thereby forming an identified level of importance; and with a respective identified level of importance assigned to each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance thereby forming a set of vulnerabilities with identified level of importance, present, by the vulnerability importance identification mechanism, the set of vulnerabilities with identified level of importance to a user so that the set of vulnerabilities with identified level of importance are addressed by the user based on the respective identified level of importance. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification