System for managing security index scores

US 20050283622A1
Filed: 06/17/2004
Published: 12/22/2005
Est. Priority Date: 06/17/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method for managing installation of software code based on security level of a computer system, the method comprising:

receiving a request to install a package of software on the computer system;

deriving from a security index associated with the package of software code a security index score for the package of software code; and

determining whether to permit the install of the package of software code based on a comparison between the security index score and a security threshold specified for the computer system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for managing security index scores is provided. A security index that rates the security level of a portion of code is associated with the code. Development tools, such as packaging utilities, compilers, integrated development environments, and the like, may warn the user if the security level of the portion of the code is low. Source code repository tools, such as concurrent versioning systems, may deny submitted source code if the security index is below a threshold or below a previous version. Installation tools may warn a user or refuse to install a software package if an associated security index is low. Security index scores may be maintained and digitally signed by a trusted third party.

55 Citations

View as Search Results

20 Claims

1. A method for managing installation of software code based on security level of a computer system, the method comprising:
- receiving a request to install a package of software on the computer system;
  
  deriving from a security index associated with the package of software code a security index score for the package of software code; and
  
  determining whether to permit the install of the package of software code based on a comparison between the security index score and a security threshold specified for the computer system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein deriving a security index score includes receiving the security index from a trusted third party.
  - 3. The method of claim 2, wherein the security index is digitally signed by the trusted third party.
  - 4. The method of claim 1, wherein the install includes one of compiling the package of software code, preparing a patch for the package of software code, submitting the package of software code to a source code repository, checking in the package of software code at a source code repository, and installing the package of software code to a persistent storage.
  - 5. The method of claim 1, wherein determining whether to permit the install includes:
    - responsive to the security index score having a predetermined relationship to the security threshold, denying the install.
  - 6. The method of claim 1, wherein determining whether to permit the install includes:
    - responsive to the security index score having a predetermined relationship to the security threshold, presenting a warning to a user.
  - 7. The method of claim 6, wherein the warning prompts the user to indicate whether to permit the install.
  - 8. The method of claim 1, wherein determining whether to permit the install includes:
    - responsive to the security index score having a predetermined relationship to the security threshold, permitting the install.
  - 9. The method of claim 1, wherein the security threshold is a score for a previous version of the package of software code.

10. A computer program product, in a computer readable medium, for managing installation of software code based on security level of a computer system, the computer program product comprising:
- instructions for receiving a request to install a package of software on the computer system;
  
  instructions for deriving from a security index associated with the package of software code a security index score for the package of software code; and
  
  instructions for determining whether to permit the install of the package of software code based on a comparison between the security index score and a security threshold specified for the computer system.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer program product of claim 10, wherein the instructions for deriving a security index score include instructions for receiving the security index from a trusted third party.
  - 12. The computer program product of claim 11, wherein the security index is digitally signed by the trusted third party.
  - 13. The computer program product of claim 10, wherein the install includes one of compiling the package of software code, preparing a patch for the package of software code, submitting the package of software code to a source code repository, checking in the package of software code at a source code repository, and installing the package of software code.
  - 14. The computer program product of claim 10, wherein the instructions for determining whether to permit the install include:
    - instructions, responsive to the security index score having a predetermined relationship to the security threshold, for denying the install.
  - 15. The computer program product of claim 10, wherein the instructions for determining whether to permit the install include:
    - instructions, responsive to the security index score having a predetermined relationship to the security threshold, for presenting a warning to a user.
  - 16. The computer program product of claim 15, wherein the warning prompts the user to indicate whether to permit the install.
  - 17. The computer program product of claim 10, wherein the instructions for determining whether to permit the install include:
    - instructions, responsive to the security index score having a predetermined relationship to the security threshold, for permitting the install.
  - 18. The computer program product of claim 10, wherein the security threshold is a score for a previous version of the package of software code.

19. An apparatus for managing installation of software code based on security level of a computer system, the apparatus comprising:
- means for receiving a request to install a package of software on the computer system;
  
  means for deriving from a security index associated with the package of software code a security index score for the package of software code; and
  
  means for determining whether to permit the install of the package of software code based on a comparison between the security index score and a security threshold specified for the computer system.
- View Dependent Claims (20)
- - 20. The apparatus of claim 19, wherein the install includes one of compiling the package of software code, preparing a patch for the package of software code, submitting the package of software code to a source code repository, checking in the package of software code at a source code repository, and installing the package of software code to a persistent storage.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Ratliff, Emily Jane, Kirkland, Dustin C., Hall, Kylene Jo

Application Number

US10/870,529
Publication Number

US 20050283622A1
Time in Patent Office

Days
Field of Search
US Class Current

713/190
CPC Class Codes

G06F 21/51 at application loading time...

G06F 8/41 Compilation

System for managing security index scores

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

55 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System for managing security index scores

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links