Automated determination of vulnerability importance

US 10,235,528 B2
Filed: 11/09/2016
Issued: 03/19/2019
Est. Priority Date: 11/09/2016
Status: Active Grant

First Claim

Patent Images

1. A method, in a data processing system comprising a processor and a memory coupled to the processor, the memory comprising instructions that are executed by the processor to cause the processor to be configured to implement a vulnerability importance identification mechanism for automatically determining an importance of vulnerabilities identified in an application, the method comprising:

scanning, by scanning logic in the vulnerability importance identification mechanism, an identified application for a set of vulnerabilities with uncertain importance, wherein each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance fails to have an associated importance;

for each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance;

identifying, by the scanning logic, a set of characteristics, wherein the set of characteristics includes a location of the vulnerability with uncertain importance within source code of the application (including a file name and line number(s)), a host name where the application resides, a domain name associated with the application, and a pathname to the application;

utilizing the set of characteristics associated with the vulnerability with uncertain importance, determining, by scoring logic in the vulnerability importance identification mechanism, a level of importance for the vulnerability with uncertain importance; and

assigning, by importance identification logic in the vulnerability importance identification mechanism, the level of importance to the vulnerability with uncertain importance thereby forming an identified level of importance; and

with a respective identified level of importance assigned to each vulnerability, with uncertain importance in the set of vulnerabilities with uncertain importance thereby forming a set of vulnerabilities with identified level of importance, presenting, by the vulnerability importance identification mechanism, the set of vulnerabilities with identified level of importance to a user so that the set of vulnerabilities with identified level of importance are addressed by the user based on the respective identified level of importance.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism is provided for automatically determining an importance of vulnerabilities identified in an application. An identified application is scanned for a set of vulnerabilities with uncertain importance. For each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance, a set of characteristics is identified, a level of importance for the vulnerability with uncertain importance is determined utilizing the set of characteristics, and the level of importance is assigned to the vulnerability with uncertain importance thereby forming an identified vulnerability. With a respective level of importance assigned to each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance thereby forming a set of vulnerabilities with identified importance, the set of vulnerabilities with identified importance are presented to a user so that the set of vulnerabilities with identified importance may be addressed by the user based on the respective level of importance.

Citations

18 Claims

1. A method, in a data processing system comprising a processor and a memory coupled to the processor, the memory comprising instructions that are executed by the processor to cause the processor to be configured to implement a vulnerability importance identification mechanism for automatically determining an importance of vulnerabilities identified in an application, the method comprising:
- scanning, by scanning logic in the vulnerability importance identification mechanism, an identified application for a set of vulnerabilities with uncertain importance, wherein each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance fails to have an associated importance;
  
  for each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance;
  
  identifying, by the scanning logic, a set of characteristics, wherein the set of characteristics includes a location of the vulnerability with uncertain importance within source code of the application (including a file name and line number(s)), a host name where the application resides, a domain name associated with the application, and a pathname to the application;
  
  utilizing the set of characteristics associated with the vulnerability with uncertain importance, determining, by scoring logic in the vulnerability importance identification mechanism, a level of importance for the vulnerability with uncertain importance; and
  
  assigning, by importance identification logic in the vulnerability importance identification mechanism, the level of importance to the vulnerability with uncertain importance thereby forming an identified level of importance; and
  
  with a respective identified level of importance assigned to each vulnerability, with uncertain importance in the set of vulnerabilities with uncertain importance thereby forming a set of vulnerabilities with identified level of importance, presenting, by the vulnerability importance identification mechanism, the set of vulnerabilities with identified level of importance to a user so that the set of vulnerabilities with identified level of importance are addressed by the user based on the respective identified level of importance.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein determining the level of importance for the vulnerability with uncertain importance comprises:
    - for each vulnerability with uncertain importance of the set of vulnerabilities with uncertain importance;
      
      comparing, by comparison logic in the vulnerability importance identification mechanism, the set of characteristics for the vulnerability with uncertain importance to a set of characteristics of other vulnerabilities that have an identified level of importance;
      
      responsive to the set of characteristics associated with the vulnerability with uncertain importance being greater than or equal to a predetermined similarity threshold of the set of characteristics associated with a vulnerability with an identified level of importance, utilizing, by the scoring logic, metric levels associated with vulnerability with the identified level of importance as metric levels for the vulnerability with uncertain importance; and
      
      determining, by the scoring logic, the level of importance for the vulnerability with uncertain importance based on the metric levels for the vulnerability with uncertain importance.
  - 3. The method of claim 2, further comprising:
    - for each vulnerability with uncertain importance of the set of vulnerabilities with uncertain importance;
      
      responsive to the set of characteristics associated with the vulnerability with uncertain importance being less than the predetermined similarity threshold of the set of characteristics associated with a vulnerability with an identified level of importance, utilizing, by the scoring logic, metric levels assigned by the user as the metric levels for the vulnerability with uncertain importance.
  - 4. The method of claim 2, wherein the metrics include “
    - Access Complexity,”
      
      “
      
      Authentication,”
      
      “
      
      Confidentiality Impact,”
      
      “
      
      Integrity Impact,”
      
      “
      
      Availability Impact,”
      
      “
      
      Exploitability,”
      
      “
      
      Remediation Level,” and
      
      “
      
      Report Confidence.”
  - 5. The method of claim 1, wherein determining the level of importance for the vulnerability with uncertain importance comprises:
    - sorting, by the scanning logic, the set of vulnerabilities with uncertain importance based on the set of characteristics associated with each vulnerability with uncertain importance;
      
      presenting, by the scanning logic, a sorted set of vulnerabilities with uncertain importance to the user; and
      
      for each vulnerability with uncertain importance of the set of vulnerabilities with uncertain importance;
      
      utilizing, by the scoring logic, metric levels assigned by the user as the metric levels for the vulnerability with uncertain importance; and
      
      determining, by the scoring logic, the level of importance for the vulnerability with uncertain importance based on the metric levels for the vulnerability with uncertain importance.
  - 6. The method of claim 1, wherein assigning the level of importance to the vulnerability with uncertain importance further comprises:
    - recalculating, by the scoring logic, the level of importance for the vulnerability with uncertain importance based on a level of importance assigned to a vulnerability with identified level of importance.

7. A computer program product comprising a computer readable storage medium having a computer readable program stored therein, wherein the computer readable program, when executed on a computing device, causes the computing device to implement a vulnerability importance identification mechanism for automatically determining an importance of vulnerabilities identified in an application, and further causes the computing device to:
- scan, by scanning logic in the vulnerability importance identification mechanism, an identified application for a set of vulnerabilities with uncertain importance, wherein each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance fails to have an associated importance;
  
  for each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance;
  
  identify, by the scanning logic, a set of characteristics, wherein the set of characteristics includes a location of the vulnerability with uncertain importance within source code of the application (including a file name and line number(s)), a host name where the application resides, a domain name associated with the application, and a pathname to the application;
  
  utilizing the set of characteristics associated with the vulnerability with uncertain importance, determine, by scoring logic in the vulnerability importance identification mechanism, a level of importance for the vulnerability with uncertain importance; and
  
  assign, by importance identification logic in the vulnerability importance identification mechanism, the level of importance to the vulnerability with uncertain importance thereby forming an identified level of importance; and
  
  with a respective identified level of importance assigned to each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance thereby forming a set of vulnerabilities with identified level of importance, present, by the vulnerability importance identification mechanism, the set of vulnerabilities with identified level of importance to a user so that the set of vulnerabilities with identified level of importance are addressed by the user based on the respective identified level of importance.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer program product of claim 7, wherein the computer readable program to determine the level of importance for the vulnerability with uncertain importance further causes the computing device to:
    - for each vulnerability with uncertain importance of the set of vulnerabilities with uncertain importance;
      
      compare by comparison logic in the vulnerability importance identification mechanism, the set of characteristics for the vulnerability with uncertain importance to a set of characteristics of other vulnerabilities that have an identified level of importance;
      
      responsive to the set of characteristics associated with the vulnerability with uncertain importance being greater than or equal to a predetermined similarity threshold of the set of characteristics associated with a vulnerability with an identified level of importance, utilize, by the scoring logic, metric levels associated with vulnerability with the identified level of importance as metric levels for the vulnerability with uncertain importance; and
      
      determine, by the scoring logic, the level of importance for the vulnerability with uncertain importance based on the metric levels for the vulnerability with uncertain importance.
  - 9. The computer program product of claim 8, wherein the computer readable program further causes the computing device to:
    - for each vulnerability with uncertain importance of the set of vulnerabilities with uncertain importance;
      
      responsive to the set of characteristics associated with the vulnerability with uncertain importance being less than the predetermined similarity threshold of the set of characteristics associated with a vulnerability with an identified level of importance, utilize, by the scoring logic, metric levels assigned by the user as the metric levels for the vulnerability with uncertain importance.
  - 10. The computer program product of claim 8, wherein the metrics include “
    - Access Complexity,”
      
      “
      
      Authentication,”
      
      “
      
      Confidentiality Impact,”
      
      “
      
      Integrity Impact,”
      
      “
      
      Availability Impact,”
      
      “
      
      Exploitability,”
      
      “
      
      Remediation Level,” and
      
      “
      
      Report Confidence.”
  - 11. The computer program product of claim 7, wherein the computer readable program to determine the level of importance for the vulnerability with uncertain importance further causes the computing device to:
    - sort, by the scanning logic the set of vulnerabilities with uncertain importance based on the set of characteristics associated with each vulnerability with uncertain importance;
      
      present, by the scanning logic, a sorted set of vulnerabilities with uncertain importance to the user; and
      
      for each vulnerability with uncertain importance of the set of vulnerabilities with uncertain importance;
      
      utilize, by the scoring logic, metric levels assigned by the user as the metric levels for the vulnerability with uncertain importance; and
      
      determine by the scoring logic, the level of importance for the vulnerability with uncertain importance based on the metric levels for the vulnerability with uncertain importance.
  - 12. The computer program product of claim 7, wherein the computer readable program to assign the level of importance to the vulnerability with uncertain importance further causes the computing device to:
    - recalculate, by the scoring logic, the level of importance for the vulnerability with uncertain importance based on a level of importance assigned to a vulnerability with identified level of importance.

13. An apparatus comprising:
- a processor; and
  
  a memory coupled to the processor, wherein the memory comprises instructions which, when executed by the processor, cause the processor to implement a vulnerability importance identification mechanism for automatically determining an importance of vulnerabilities identified in an application, and further cause the processor to;
  
  scan, by scanning logic in the vulnerability importance identification mechanism, an identified application for a set of vulnerabilities with uncertain importance, wherein each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance fails to have an associated importance;
  
  for each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance;
  
  identify, by the scanning logic, a set of characteristics, wherein the set of characteristics includes a location of the vulnerability with uncertain importance within source code of the application (including a file name and line number(s)), a host name where the application resides, a domain name associated with the application, and a pathname to the application;
  
  utilizing the set of characteristics associated with the vulnerability with uncertain importance, determine, by scoring logic in the vulnerability importance identification mechanism, a level of importance for the vulnerability with uncertain importance; and
  
  assign, by importance identification logic in the vulnerability importance identification mechanism, the level of importance to the vulnerability with uncertain importance thereby forming an identified level of importance; and
  
  with a respective identified level of importance assigned to each vulnerability with uncertain importance in the set of vulnerabilities with uncertain importance thereby forming a set of vulnerabilities with identified level of importance, present, by the vulnerability importance identification mechanism, the set of vulnerabilities with identified level of importance to a user so that the set of vulnerabilities with identified level of importance are addressed by the user based on the respective identified level of importance.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The apparatus of claim 13, wherein the instructions to determine the level of importance for the vulnerability with uncertain importance further cause the processor to:
    - for each vulnerability with uncertain importance of the set of vulnerabilities with uncertain importance;
      
      compare by comparison logic in the vulnerability importance identification mechanism, the set of characteristics for the vulnerability with uncertain importance to a set of characteristics of other vulnerabilities that have an identified level of importance;
      
      responsive to the set of characteristics associated with the vulnerability with uncertain importance being greater than or equal to a predetermined similarity threshold of the set of characteristics associated with a vulnerability with an identified level of importance, utilize, by the scoring logic, metric levels associated with vulnerability with the identified level of importance as metric levels for the vulnerability with uncertain importance; and
      
      determine, by the scoring logic, the level of importance for the vulnerability with uncertain importance based on the metric levels for the vulnerability with uncertain importance.
  - 15. The apparatus of claim 14, wherein the instructions further cause the processor to:
    - for each vulnerability with uncertain importance of the set of vulnerabilities with uncertain importance;
      
      responsive to the set of characteristics associated with the vulnerability with uncertain importance being less than the predetermined similarity threshold of the set of characteristics associated with a vulnerability with an identified level of importance, utilize, by the scoring logic, metric levels assigned by the user as the metric levels for the vulnerability with uncertain importance.
  - 16. The apparatus of claim 14, wherein the metrics include “
    - Access Complexity,”
      
      “
      
      Authentication,”
      
      “
      
      Confidentiality Impact,”
      
      “
      
      Integrity impact,”
      
      “
      
      Availability Impact,”
      
      “
      
      Exploitability,”
      
      “
      
      Remediation Level,” and
      
      “
      
      Report Confidence.”
  - 17. The apparatus of claim 13, wherein the instructions to determine the level of importance for the vulnerability with uncertain importance further cause the processor to:
    - sort, by the scanning logic the set of vulnerabilities with uncertain importance based on the set of characteristics associated with each vulnerability with uncertain importance;
      
      present, by the scanning logic, a sorted set of vulnerabilities with uncertain importance to the user; and
      
      for each vulnerability with uncertain importance of the set of vulnerabilities with uncertain importance;
      
      utilize, by the scoring logic, metric levels assigned by the user as the metric levels for the vulnerability with uncertain importance; and
      
      determine by the scoring logic, the level of importance for the vulnerability with uncertain importance based on the metric levels for the vulnerability with uncertain importance.
  - 18. The apparatus of claim 13, wherein the instructions to assign the level of importance to the vulnerability with uncertain importance further cause the processor to:
    - recalculate, by the scoring logic, the level of importance for the vulnerability with uncertain importance based on a level of importance assigned to a vulnerability with identified level of importance.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Diu, Wayne
Primary Examiner(s)
Wang, Harris C

Application Number

US15/346,890
Publication Number

US 20180129811A1
Time in Patent Office

860 Days
Field of Search

726 25
US Class Current
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

G06F 2221/033 Test or assess software

Automated determination of vulnerability importance

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Automated determination of vulnerability importance

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links