Automated software compliance analysis
First Claim
1. One or more non-transitory computer-readable storage media storing computer-executable instructions for causing a computing system to perform processing to analyze whether a software program may create a compliance issue, the processing comprising:
- automatically determining, with a compliance tool specified by the computer-executable instructions, a plurality of data source identifiers corresponding to data sources accessed by the software program, the automatically determining comprising;
analyzing a configuration file of a software program for data binding information, the data binding information indicating data source identifiers associated with respective data sources;
determining a plurality of user interface controls associated with the software program; and
determining data source identifiers for data sources bound to at least one of the plurality of user interface controls;
automatically associating at least a portion of the plurality of data source identifiers with one or more formalized compliance terms using the compliance tool, the automatically associating comprising;
comparing the at least a portion of the data source identifiers with a collection of data source identifiers;
determining whether one or more of the plurality of data sources identifiers correspond to critical data sources based on comparing respective data source identifiers of the plurality of data sources identifiers with the collection; and
analyzing the at least a portion of the data source identifiers with the compliance tool using at least one formalized compliance norm comprising at least one of the one or more formalized compliance terms to provide compliance results; and
outputting to a user the compliance results.
1 Assignment
0 Petitions
Accused Products
Abstract
A plurality of data sources accessed by a software program are automatically determined by a compliance tool. At least a portion of the data sources are automatically associated with one or more formalized compliance terms using the compliance tool. At least a portion of the data sources is analyzed by the compliance tool using at least one formalized compliance norm that include at least one of the one or more formalized compliance terms to provide compliance results. The compliance results are output to a user.
26 Citations
20 Claims
-
1. One or more non-transitory computer-readable storage media storing computer-executable instructions for causing a computing system to perform processing to analyze whether a software program may create a compliance issue, the processing comprising:
-
automatically determining, with a compliance tool specified by the computer-executable instructions, a plurality of data source identifiers corresponding to data sources accessed by the software program, the automatically determining comprising; analyzing a configuration file of a software program for data binding information, the data binding information indicating data source identifiers associated with respective data sources; determining a plurality of user interface controls associated with the software program; and determining data source identifiers for data sources bound to at least one of the plurality of user interface controls; automatically associating at least a portion of the plurality of data source identifiers with one or more formalized compliance terms using the compliance tool, the automatically associating comprising; comparing the at least a portion of the data source identifiers with a collection of data source identifiers; determining whether one or more of the plurality of data sources identifiers correspond to critical data sources based on comparing respective data source identifiers of the plurality of data sources identifiers with the collection; and analyzing the at least a portion of the data source identifiers with the compliance tool using at least one formalized compliance norm comprising at least one of the one or more formalized compliance terms to provide compliance results; and outputting to a user the compliance results. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computing system that implements a compliance tool, the computing system comprising:
-
one or more memories; one or more processing units coupled to the one or more memories; and one or more non-transitory computer readable storage media storing instructions that, when loaded into the memories, cause the one or more processing units to perform operations for; analyzing a configuration file of a software application for data binding information, the data binding information indicating a plurality of data source identifiers associated with respective data sources; calling a method of a software application authoring tool to determine user interface controls associated with the software application; calling methods associated with the user interface controls to determine data source identifiers of data sources associated with the user interface controls; determining whether the data source identifiers associated with the user interface controls and the configuration file are associated with critical or non-critical data sources; associating at least a portion of the data source identifiers associated with the user interface controls and the configuration file with one or more formalized compliance terms, the associating based at least in part on whether a respective data source identifier of the at least a portion of the data source identifiers is associated with a critical or non-critical data source; analyzing the at least a portion of the data source identifiers using at least one formalized compliance norm comprising at least one of the formalized compliance terms; and outputting for display a visual representation of the formalized compliance norm and associated formalized compliance terms, wherein the visual representation indicates formalized compliance terms that may be associated with a potential compliance issue. - View Dependent Claims (17)
-
-
18. In a computing system comprising a memory and one or more processors, a method of evaluating a potential compliance issue associated with at least one formalized compliance norm, the method comprising:
-
analyzing a configuration file of a software application for data binding information, the data binding information indicating a plurality of data source identifiers associated with respective data sources accessed by the software application; determining a plurality of user interface controls associated with the software application; determining data source identifiers for data sources bound to at least one of the plurality of user interface controls; and adding the data source identifiers for the data sources bound to at least one of the plurality of user interface controls to the plurality of data source identifiers determined from the configuration file; determining whether at least a portion of the data source identifiers determined from the configuration file and the user interface controls are associated with critical or non-critical data source; associating the at least a portion of the data source identifiers with one or more formalized compliance terms at least in part based on whether a respective data source identifier is associated with a critical or non-critical data source; analyzing the at least a portion of the data source identifiers using at least one formalized compliance norm comprising at least one of the one or more formalized compliance terms; and outputting for display a visual representation of the formalized compliance norm and associated formalized compliance terms, wherein the visual representation indicates formalized compliance terms that may be associated with a potential compliance issue. - View Dependent Claims (19, 20)
-
Specification