Enabling access to aggregated software security information

US 8,234,706 B2
Filed: 06/20/2007
Issued: 07/31/2012
Est. Priority Date: 09/08/2006
Status: Active Grant

First Claim

Patent Images

1. A method for enabling access to security data comprising:

accessing data associated with software security from a plurality of electronic sources by using a web crawler to retrieve security data from web sites, databases, message boards and online sources;

aggregating said data from said plurality of electronic sources;

identifying attributes associated with said data to enable organization of the data;

assigning a trust rating to the data to identify trusted security data based on the attributes for the data or web sites, databases, message boards and on-line sources from which the security data was retrieved;

enabling access to said aggregated data through a graphical user interface that can be used to analyze said data according to said attributes;

enabling access to a security relationship visualizer to display a graph for security relationships of security elements including a software product, a security researcher and a security domain specific keyword and to allow navigation between related security elements; and

providing a dynamic security snap-shot to show security developments during a defined time window for a security topic.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for enabling access to software security data is provided. The method includes accessing data associated with software vulnerabilities from a plurality of on-line sources. The method further includes aggregating the data from the plurality of on-line sources and identifying attributes associated with the data. The method also includes enabling access to the aggregated data through a graphical user interface that can be used to analyze the data according to the attributes.

85 Citations

View as Search Results

20 Claims

1. A method for enabling access to security data comprising:
- accessing data associated with software security from a plurality of electronic sources by using a web crawler to retrieve security data from web sites, databases, message boards and online sources;
  
  aggregating said data from said plurality of electronic sources;
  
  identifying attributes associated with said data to enable organization of the data;
  
  assigning a trust rating to the data to identify trusted security data based on the attributes for the data or web sites, databases, message boards and on-line sources from which the security data was retrieved;
  
  enabling access to said aggregated data through a graphical user interface that can be used to analyze said data according to said attributes;
  
  enabling access to a security relationship visualizer to display a graph for security relationships of security elements including a software product, a security researcher and a security domain specific keyword and to allow navigation between related security elements; and
  
  providing a dynamic security snap-shot to show security developments during a defined time window for a security topic.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising:
    - determining a relationship between a first portion of said data and a second portion of said data based on said attributes; and
      
      presenting said relationship graphically on said user interface.
  - 3. The method of claim 1 further comprising:
    - determining a trend associated with a first portion of said data based on said attributes; and
      
      presenting said trend graphically on said user interface.
  - 4. The method of claim 1 further comprising:
    - accessing a key word associated with said data; and
      
      presenting graphically analysis of said data according to said key word.
  - 5. The method of claim 1 further comprising:
    - accessing a message posting associated with said data; and
      
      presenting graphically a relationship between said message posting and said data.
  - 6. The method of claim 1 further comprising:
    - ranking said data according to a determined importance; and
      
      presenting graphically said ranking according to said importance.
  - 7. The method of claim 1 further including:
    - organizing a portion of said data according to a plurality of information levels wherein each of said information levels are hierarchically related.

8. Instructions on a computer-usable memory wherein said instructions when executed cause a computer system to perform a method for enabling access to aggregated software security data, said computer-implemented method comprising:
- accessing data associated with software security from a plurality of on-line sources;
  
  aggregating said data from said plurality of on-line sources;
  
  identifying attributes associated with said data;
  
  determining a trust level associated with a portion of said data;
  
  presenting graphically the trust level associated with the portion of said data;
  
  enabling access to said aggregated data through a graphical user interface that can be used to analyze said data according to said attributes;
  
  enabling access to a security relationship visualizer to display a graph for security relationships of security elements including a software product, a security researcher and a security domain specific keyword and to allow navigation between related security elements; and
  
  providing a dynamic security snap-shot to show security developments and web postings during a defined time window for a security topic.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The instructions of claim 8 wherein said method further comprises:
    - determining a relationship between a first portion of said data and a second portion of said data; and
      
      presenting said relationship on said graphical user interface.
  - 10. The instructions of claim 8 wherein said method further comprises:
    - determining a trend associated with a first portion of said data; and
      
      presenting said trend graphically on said user interface.
  - 11. The instructions of claim 8 further comprising:
    - accessing a key word associated with said data; and
      
      presenting graphically analysis of said data according to said key word.
  - 12. The instructions of claim 8 further comprising:
    - accessing a message posting associated with said data; and
      
      presenting graphically a relationship between said message posting and said data.
  - 13. The instructions of claim 8 wherein said method further comprises:
    - organizing a portion of said data according to a plurality of information levels wherein each of said information levels are hierarchically related.

14. A system for enabling access to software security data comprising:
- a software security data collector module for accessing data associated with software security from a plurality of on-line sources;
  
  a software security data compiler for aggregating said data from said plurality of on-line sources into a computer memory;
  
  a software security data attribute identifier module for identifying attributes associated with said data using a processor;
  
  a trust determiner to determine a level of trust for data based on the attributes for the data or an online source location from which the data was obtained using a processor;
  
  a graphical user interface for enabling access to said aggregated data using a display device, wherein said graphical user interface can be used to analyze said data according to said attributesa security relationship visualizer to display a graph for security relationships of security elements including a software product, a security researcher and a security domain specific keyword and to allow navigation between related security elements; and
  
  a dashboard module to provide a dynamic security snap-shot using a display device and to show security developments during a defined time window for a security topic.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The system of claim 14 further comprising:
    - a data relationship determiner module for determining a relationship between a first portion of said data and a second portion of said data based on said attributes wherein said relationship can be presented on said graphical user interface.
  - 16. The system of claim 14 further comprising:
    - a trend determiner module for determining a trend associated with a number of posts for a particular security topic that are increasing or decreasing over a predetermined period of time, wherein said trend can be presented on said user interface.
  - 17. The system of claim 14 further comprising:
    - a keyword accessor module for accessing a key word associated with said data wherein analysis of said data based on said keyword can be presented on said graphical user interface.
  - 18. The system of claim 14 further comprising:
    - a message accessor module for accessing a message posting associated with said data wherein a relationship between said message posting and said data can be presented on said graphical user interface.
  - 19. The system of claim 14 further comprising:
    - a data ranking module for ranking said data according to a determined importance wherein said ranking according to said importance can be presented on said graphical user interface.
  - 20. The system of claim 14 wherein the dashboard module further comprises a snapshot of security community happenings and security messages in last week, a past month and a long-trend portion.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Zhang, Dongmei, Dang, Yingnong, Hou, Xiaohui, Huang, Song, Wang, Jian
Primary Examiner(s)
EL HADY, NABIL M

Application Number

US11/820,759
Publication Number

US 20080065646A1
Time in Patent Office

1,868 Days
Field of Search

726 22- 25, 709/203, 709/217, 709/224, 707/706, 707708-710, 707/728
US Class Current

726/22
CPC Class Codes

G06Q 10/00 Administration; Management

Enabling access to aggregated software security information

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Enabling access to aggregated software security information

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links