VULNERABILITY VECTOR INFORMATION ANALYSIS
First Claim
Patent Images
1. A method of analyzing vulnerability vector information comprising:
- collecting information for a test performed by a vulnerability assessment tool to detect a vulnerability;
determining attributes of the test from the collected information;
comparing, by a processor, the attributes with entries in a security vulnerabilities information source describing vulnerabilities;
determining, from the comparison, whether the attributes match an entry of the entries in the security vulnerabilities information source for one of the vulnerabilities; and
if a matching entry is determined, storing information from the matching entry with the collected information in a vulnerability management data storage system.
2 Assignments
0 Petitions
Accused Products
Abstract
Analyzing vulnerability vector information includes collecting information for a test performed by a vulnerability assessment tool to detect a vulnerability. Attributes of the test are determined from the collected information and are used to determine if there any matches with information in a security vulnerabilities information source.
22 Citations
15 Claims
-
1. A method of analyzing vulnerability vector information comprising:
-
collecting information for a test performed by a vulnerability assessment tool to detect a vulnerability; determining attributes of the test from the collected information; comparing, by a processor, the attributes with entries in a security vulnerabilities information source describing vulnerabilities; determining, from the comparison, whether the attributes match an entry of the entries in the security vulnerabilities information source for one of the vulnerabilities; and if a matching entry is determined, storing information from the matching entry with the collected information in a vulnerability management data storage system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A vulnerability management system comprising:
-
a vulnerability data management storage system; and a processor executing; an attribute extraction module to determine attributes of a test performed by a vulnerability assessment tool to detect a vulnerability, wherein the attributes are determined from information collected from the vulnerability assessment tool describing the test, and a vulnerability assessment tool to compare the attributes with entries in a security vulnerabilities information source describing vulnerabilities and determine, from the comparison, whether the attributes match an entry of the entries in the security vulnerabilities information source for one of the vulnerabilities, and if a matching entry is determined, storing information from the matching entry with the collected information in the vulnerability management data storage system. - View Dependent Claims (14)
-
-
15. A non-transitory computer readable medium including machine readable instructions that when executed by a processor cause the processor to:
-
determine attributes of a test performed by a vulnerability assessment tool to detect a vulnerability, wherein the attributes are determined from information collected from the vulnerability assessment tool describing the test, and the attributes include an identifier of a system that is vulnerable or causing the vulnerability, a vulnerability location, and a vulnerability type; determine whether the attributes match information for a vulnerability stored in a security vulnerabilities information source; and if a matching entry is determined, store information from the matching entry with the collected information in a vulnerability management data storage system, wherein the stored information includes a vulnerability ID used by the security vulnerabilities information source to identify the vulnerability and an identification of a patch to remediate the vulnerability.
-
Specification