Expert system for detecting software security threats
First Claim
1. A computer-implemented method for vulnerability risk management of an enterprise computer system, comprising the steps of:
- receiving, by an expert system, a list of potential vulnerabilities of the enterprise computer system from a vulnerability risk management module, wherein the expert system and the vulnerability risk management module are instantiated by a cloud computing system;
converting a potential vulnerability on the list of potential vulnerabilities into a set of facts;
verifying that the potential vulnerability is not a false positive by testing a rule against the set of facts;
executing an action associated with the rule that modifies a fact of the set of facts to produce a modified set of facts when the conditions of the rule have been satisfied;
incorporating the modified set of facts into a refined list of vulnerabilities; and
transmitting the refined list of vulnerabilities to the vulnerability risk management module.
2 Assignments
0 Petitions
Accused Products
Abstract
An instance of a vulnerability risk management (VRM) module and a vulnerability management expert decision system (VMEDS) module are instantiated in a cloud. The VMEDS module imports scan results from a VRM vulnerability database and saves them as vulnerabilities to be reviewed in a VMEDS database. The VMEDS module converts vulnerabilities into facts. The VMEDS module builds a rule set in the knowledge base to verify whether certain vulnerabilities are false positives. Rules related to a vulnerability are received in plain English from a web-based front-end application. The VMEDS module tests each rule against all of the facts using the Rete algorithm. The VMEDS module executes the action associated with the rule derived from the Rete algorithm. The VMEDS module stores the results associated with the executing of the action in the VMEDS database and forwards the results to the VRM module.
44 Citations
20 Claims
-
1. A computer-implemented method for vulnerability risk management of an enterprise computer system, comprising the steps of:
-
receiving, by an expert system, a list of potential vulnerabilities of the enterprise computer system from a vulnerability risk management module, wherein the expert system and the vulnerability risk management module are instantiated by a cloud computing system; converting a potential vulnerability on the list of potential vulnerabilities into a set of facts; verifying that the potential vulnerability is not a false positive by testing a rule against the set of facts; executing an action associated with the rule that modifies a fact of the set of facts to produce a modified set of facts when the conditions of the rule have been satisfied; incorporating the modified set of facts into a refined list of vulnerabilities; and transmitting the refined list of vulnerabilities to the vulnerability risk management module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for vulnerability risk management of an enterprise computer system, comprising:
-
a processor interfacing with a memory, the processor being programmable to; receive a list of potential vulnerabilities of the enterprise computer system from a vulnerability risk management module, wherein the expert system and the vulnerability risk management module are instantiated by a cloud computing system; convert a potential vulnerability on the list of potential vulnerabilities into a set of facts; verify that the potential vulnerability is not a false positive by testing a rule against the set of facts; execute an action associated with the rule that modifies a fact of the set of facts to produce a modified set of facts when the conditions of the rule have been satisfied; incorporate the modified set of facts into a refined list of vulnerabilities; and transmit the refined list of vulnerabilities to the vulnerability risk management module. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable storage medium including instructions that, when accessed by a processing system, cause the processing system to perform a method for vulnerability risk management of an enterprise computer system, comprising the steps of:
-
receiving, by an expert system, a list of potential vulnerabilities of the enterprise computer system from a vulnerability risk management module, wherein the expert system and the vulnerability risk management module are instantiated by a cloud computing system; converting a potential vulnerability on the list of potential vulnerabilities into a set of facts; verifying that the potential vulnerability is not a false positive by testing a rule against the set of facts; executing an action associated with the rule that modifies a fact of the set of facts to produce a modified set of facts when the conditions of the rule have been satisfied; incorporating the modified set of facts into a refined list of vulnerabilities; and transmitting the refined list of vulnerabilities to the vulnerability risk management module. - View Dependent Claims (20)
-
Specification