Method, Apparatus, and Program Product for Autonomic Patch Risk Assessment

US 20080222626A1
Filed: 05/27/2008
Published: 09/11/2008
Est. Priority Date: 08/02/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method for automatic patch risk assessment, the method comprising:

receiving a patch to be installed to upgrade an application on an endpoint device;

collecting activity information from a monitor of the endpoint device;

identifying a list of files that would be affected by the patch; and

determining a risk level for the patch based on the collected activity information and the list of files that would be affected by the patch.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An automatic risk assessment system is provided that determines a risk for the patch based on collected activity metrics, file weights, a list of files affected by the patch, and other factors. An application monitor collects metrics from the application to determine the level of activity of the application or other component to be patched. The patch may have associated therewith metadata including a list of files that will be affected by the patch. Policies may store information about how risk is to be assessed. This information may include, for example, file weights and information defining categories of risk.

34 Citations

View as Search Results

20 Claims

1. A method for automatic patch risk assessment, the method comprising:
- receiving a patch to be installed to upgrade an application on an endpoint device;
  
  collecting activity information from a monitor of the endpoint device;
  
  identifying a list of files that would be affected by the patch; and
  
  determining a risk level for the patch based on the collected activity information and the list of files that would be affected by the patch.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the list of files that would be affected by the patch is obtained from metadata associated with the patch.
  - 3. The method of claim 1, wherein the list of files that would be affected by the patch includes operating system registry changes.
  - 4. The method of claim 1, wherein the risk level for the patch is determined based on how frequently the application is used, whether the application is associated with given customer, or whether the application is associated with a service level agreement.
  - 5. The method of claim 1, wherein the risk level for the patch is determined based on a risk assessment policy.
  - 6. The method of claim 4, wherein the risk assessment policy includes weights for files within the list of files that would be affected by the patch.
  - 7. The method of claim 4, wherein the risk assessment policy includes categories of risk.
  - 8. The method of claim 1, wherein the activity information includes an amount of a resource being used by the endpoint device or an amount of available hard disk space.

9. An automatic patch risk assessment system comprising:
- a monitor that collects activity information for an endpoint device; and
  
  an analysis component that receives a patch to be installed to upgrade an application on the endpoint device, identifies a list of files that would be affected by the patch, and determines a risk level for the patch based on the collected activity information and the list of files that would be affected by the patch.
- View Dependent Claims (10, 11, 12)
- - 10. The automatic patch risk assessment system of claim 9, wherein the risk level for the patch is determined based on a risk assessment policy.
  - 11. The automatic patch risk assessment system of claim 10, wherein the risk assessment policy includes weights for files within the list of files that would be affected by the patch.
  - 12. The automatic patch risk assessment system of claim 10, wherein the risk assessment policy includes categories of risk.

13. A computer program product comprising:
- a computer usable medium having computer usable program code for automatic patch risk assessment, the computer program product including;
  
  computer usable code for receiving a patch to be installed to upgrade an application on an endpoint device;
  
  computer usable code for collecting activity information from a monitor of the endpoint device;
  
  computer usable code for identifying a list of files that would be affected by the patch; and
  
  computer usable code for determining a risk level for the patch based on the collected activity information and the list of files that would be affected by the patch.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The computer program product of claim 13, wherein the list of files that would be affected by the patch is obtained from metadata associated with the patch.
  - 15. The computer program product of claim 13, wherein the list of files that would be affected by the patch includes operating system registry changes.
  - 16. The computer program product of claim 13, wherein the risk level for the patch is determined based on how frequently the application is used, whether the application is associated with given customer, or whether the application is associated with a service level agreement.
  - 17. The computer program product of claim 13, wherein the risk level for the patch is determined based on a risk assessment policy.
  - 18. The computer program product of claim 16, wherein the risk assessment policy includes weights for files within the list of files that would be affected by the patch.
  - 19. The computer program product of claim 16, wherein the risk assessment policy includes categories of risk.
  - 20. The method of claim 13, wherein the activity information includes an amount of a resource being used by the endpoint device or an amount of available hard disk space.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Ramachandran, Puthukode G., Tsai, Minto, Troche, Edmund, Kumar Hirsave, Praveen Prasanna

Application Number

US12/127,552
Publication Number

US 20080222626A1
Time in Patent Office

Days
Field of Search
US Class Current

717/168
CPC Class Codes

G06F 11/3409 for performance assessment

G06F 11/3466 Performance evaluation by t...

Method, Apparatus, and Program Product for Autonomic Patch Risk Assessment

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method, Apparatus, and Program Product for Autonomic Patch Risk Assessment

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links