Identifying data associated with security issue attributes

US 8,302,197 B2
Filed: 06/28/2007
Issued: 10/30/2012
Est. Priority Date: 06/28/2007
Status: Active Grant

First Claim

Patent Images

1. A method for identifying data related to a software security issue comprising:

determining one or more attributes associated with a software security issue of a software product, said software security issue including a vulnerability of said software product;

aggregating software security data from a plurality of on-line sources;

analyzing said aggregated software security data for said one or more attributes;

associating a first portion of said aggregated data with said software security issue, using at least one processor, based on matching said one or more attributes with contents of said first portion of said aggregated data based on said analyzing;

identifying a seed document from said first portion of said aggregated data based on the seed document being received from a data store provided by a vendor of the software product; and

determining a similarity between said seed document and one or more other documents included in a second portion of said aggregated data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for identifying data related to a software security issue is provided. The method includes accessing a software security issue and determining one or more attributes associated with the software security issue. The method also includes accessing aggregated software security data retrieved from a plurality of on-line sources and searching the aggregated software security data for the attributes associated with the security issue. The method further includes associating a portion of the aggregated data with the security issue based on matching the attributes associated with the security issue with contents of the portion of the aggregated data.

80 Citations

View as Search Results

20 Claims

1. A method for identifying data related to a software security issue comprising:
- determining one or more attributes associated with a software security issue of a software product, said software security issue including a vulnerability of said software product;
  
  aggregating software security data from a plurality of on-line sources;
  
  analyzing said aggregated software security data for said one or more attributes;
  
  associating a first portion of said aggregated data with said software security issue, using at least one processor, based on matching said one or more attributes with contents of said first portion of said aggregated data based on said analyzing;
  
  identifying a seed document from said first portion of said aggregated data based on the seed document being received from a data store provided by a vendor of the software product; and
  
  determining a similarity between said seed document and one or more other documents included in a second portion of said aggregated data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising:
    - using a learning approach to determine a weight value for at least one of said one or more attributes, said weight value for determining said similarity between said seed document and said one or more other documents included in said second portion of said aggregated data.
  - 3. The method of claim 2 wherein said weight value is used to determine if said first portion of said aggregated data is associated with said security issue.
  - 4. The method of claim 1 wherein said first portion of said aggregated data includes a set of documents associated with said security issue.
  - 5. The method of claim 1 further comprising:
    - associating said second portion of said aggregated data with said software security issue based on said similarity.
  - 6. The method of claim 1 wherein said matching includes finding an exact match or a partial match to at least one of said one or more attributes.
  - 7. The method of claim 1 wherein said matching includes determining a probability that said contents of said first portion of said aggregated data matches said one or more attributes.

8. A computer storage device having instructions which when executed cause a computer system to perform steps comprising:
- determining one or more attributes associated with a software security issue of a software product, said software security issue including a vulnerability of said software product;
  
  analyzing aggregated software security data, which is aggregated from a plurality of on-line sources, for said one or more attributes;
  
  associating a first portion of said aggregated data with said software security issue based on matching said one or more attributes with contents of said first portion of said aggregated data based on said analyzing;
  
  identifying a seed document from said first portion of said aggregated data based on the seed document being received from a data store provided by a vendor of the software product; and
  
  determining a similarity between said seed document and one or more other documents included in a second portion of said aggregated data.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The computer storage device of claim 8 wherein the instructions when executed cause the computer system to use a learning approach to determine a weight value for at least one of said one or more attributes, said weight value for determining said similarity between said seed document and said one or more other documents included in said second portion of said aggregated data.
  - 10. The computer storage device of claim 9 wherein said weight value is used to determine if said first portion of said aggregated data is associated with said security issue.
  - 11. The computer storage device of claim 8 wherein said first portion of said aggregated data includes a set of documents associated with said security issue.
  - 12. The computer storage device of claim 8 wherein said matching includes finding an exact match or a partial match to at least one of said one or more attributes.

13. A system for identifying data associated with a software security issue comprising:
- one or more processors;
  
  an attribute determiner module, implemented using at least one of the one or more processors, for determining one or more attributes associated with said software security issue of a software product, said software security issue including a vulnerability of said software product;
  
  a data accessor module, implemented using at least one of the one or more processors, for accessing aggregated software security data that is aggregated from a plurality of on-line sources;
  
  a search module, implemented using at least one of the one or more processors, for analyzing said aggregated software security data for said one or more attributes; and
  
  an associator module, implemented using at least one of the one or more processors, that associates a portion of said aggregated data with said software security issue based on matching said one or more attributes with contents of said portion of said aggregated data, that identifies a seed document from said portion of said aggregated data based on the seed document being received from a data store provided by a vendor of the software product, and that determines a similarity between said seed document and one or more other documents included in another portion of said aggregated data.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system of claim 13 wherein said matching includes finding an exact match or a partial match to at least one of said one or more attributes.
  - 15. The system of claim 13 wherein said matching comprises determining a probability that said contents of said portion of said aggregated data matches said one or more attributes.
  - 16. The system of claim 13 further comprising:
    - an attribute weight determiner module, implemented using at least one of the one or more processors, for determining a weight value for at least one of said one or more attributes.
  - 17. The system of claim 16 wherein said weight value is used to determine if said portion of said aggregated data is associated with said security issue.
  - 18. The system of claim 13 wherein said portion of said aggregated data includes a document associated with said security issue.
  - 19. The system of claim 13 wherein said portion of said aggregated data is provided to a user.
  - 20. The system of claim 13 wherein said associator module associates said another portion of said aggregated data with said software security issue based on said similarity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Huang, Song, Dang, Yingnong, Hou, Xiaohui, Wang, Jian, Zhang, Dongmei
Primary Examiner(s)
Zecher, Cordelia

Application Number

US11/823,731
Publication Number

US 20090007272A1
Time in Patent Office

1,951 Days
Field of Search

726/26, 726/25
US Class Current

726/25
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

Identifying data associated with security issue attributes

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

80 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Identifying data associated with security issue attributes

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links