System and method for determining security vulnerabilities
First Claim
1. A method for determining security vulnerabilities, the method comprising:
- receiving an organization profile of one or more products used by an organization, the organization profile including characteristics of each of the one or more products;
comparing the characteristics of each of the one or more products to a plurality of product records, each product record identifying one or more security vulnerabilities associated with the product record and one or more fixes associated with the one or more security vulnerabilities; and
determining the presence of at least one of the one or more security vulnerabilities for at least one of the one or more products in response to comparing the characteristics of the at least one of the one or more products to the plurality of product records.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for determining security vulnerabilities includes receiving a profile of one or more products used by an organization, the profile including characteristics of each product. The method further includes comparing the characteristics of each product to a plurality of product records, each product record including one or more security vulnerabilities associated with the product record and one or more fixes associated with each security vulnerability. The method further includes determining at least one of the one or more security vulnerabilities for at least one of the one or more products in response to comparing the characteristics of the at least one of the one or more products to the product record.
206 Citations
40 Claims
-
1. A method for determining security vulnerabilities, the method comprising:
-
receiving an organization profile of one or more products used by an organization, the organization profile including characteristics of each of the one or more products;
comparing the characteristics of each of the one or more products to a plurality of product records, each product record identifying one or more security vulnerabilities associated with the product record and one or more fixes associated with the one or more security vulnerabilities; and
determining the presence of at least one of the one or more security vulnerabilities for at least one of the one or more products in response to comparing the characteristics of the at least one of the one or more products to the plurality of product records. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for tracking vulnerabilities in an organization, the system comprising:
-
an organization profile, the organization profile being associated with a particular organization and identifying one or more products used by the particular organization, the organization profile including characteristics of each of the one or more products;
a security vulnerabilities database, the securities vulnerability database having one or more product records, each of the one or more product records being associated with at least one product and including information on one or more security vulnerabilities associated with the at least one product; and
a search engine in communication with the organization profile and the security vulnerability database, the search engine operable to determine at least one security vulnerability of the organization in response to comparing the characteristics of at least one of the one or more products to at least one of the one or more product records. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A method of assessing the vulnerability of an organization, the method comprising:
-
identifying at least one security vulnerability associated with one or more products used by the organization; and
determining a risk rating for the security vulnerability in response to characteristics of the security vulnerability. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A method of tracking security vulnerabilities across an organization, the method comprising:
-
assigning one or more security vulnerabilities to a particular individual within the organization, each of the one or more assigned security vulnerabilities being associated with one or more products used by the organization;
assigning a pending designation to a status for each of the one or more assigned security vulnerabilities; and
changing the status of one of the one or more security vulnerabilities from a pending designation to a complete designation in response to the one of the one or more security vulnerabilities being addressed by the individual. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification