×

Vulnerability contextualization

  • US 10,708,292 B2
  • Filed: 11/28/2017
  • Issued: 07/07/2020
  • Est. Priority Date: 11/28/2017
  • Status: Active Grant
First Claim
Patent Images

1. A method for contextualizing vulnerabilities, the method performed by a server including a processor and a non-transitory computer readable medium with computer-executable instructions stored thereon, such that when the instructions are executed by the processor, the server performs the method comprising:

  • importing raw vulnerability data from a vulnerability scanner, the raw vulnerability data including one or more vulnerability data wherein each vulnerability data includes a vulnerability identification (ID) and an asset value;

    importing an asset inventory from an asset database;

    merging the asset inventory and the raw vulnerability data to obtain contextual vulnerability data, the contextual vulnerability data including one or more vulnerability data linked to a vulnerability ID, an asset value, and an asset owner;

    categorizing the contextual vulnerability data; and

    generating a report of the categorized contextual vulnerability data, wherein categorizing the contextual vulnerability data includes at least one of,determining whether a vulnerability is a duplicate, and in response to the vulnerability being a duplicate, categorizing the vulnerability as duplicate;

    determining whether an exception is approved for the vulnerability, and in response to the exception being approved, categorizing the vulnerability as exception;

    determining whether the vulnerability is superseded, and in response to the vulnerability being superseded, categorizing the vulnerability as superseded;

    determining whether the vulnerability has a fix, and in response to the vulnerability not having a fix, categorizing the vulnerability as not having a fix;

    determining whether the vulnerability is a patch, and in response to the vulnerability having a patch, categorizing the vulnerability as the patch in progress; and

    determining whether the vulnerability is application dependent, in response to the vulnerability being application dependent, categorizing the vulnerability as application dependent, and in response to the vulnerability being application independent, categorizing the vulnerability as infrastructure.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×