Assessing risk associated with a computer technology

US 8,819,442 B1
Filed: 06/08/2009
Issued: 08/26/2014
Est. Priority Date: 06/08/2009
Status: Active Grant

First Claim

Patent Images

1. A method of determining risk associated with a computer technology, comprising:

identifying, by a computing device, a plurality of vulnerability occurrences associated with the computer technology;

determining, by the computing device, a number of vulnerability occurrences of the plurality of vulnerability occurrences associated with the computer technology over a predetermined period of time;

assigning, by the computing device, a weighted value to each of the determined vulnerability occurrences to determine a weighted vulnerability occurrence score, wherein the weighted value corresponds to a time period within the predetermined time period that each of the determined vulnerability occurrences occurred, wherein a weight of the weighted value assigned to the determined vulnerability occurrences is higher for vulnerability occurrences that occur in a first time period and lower for vulnerability occurrences that occur in a second time period;

determining, by the computing device, a severity of each of the determined vulnerability occurrences associated with the computer technology;

determining, by the computing device, an average severity for the determined vulnerability occurrences associated with the computer technology;

combining, by the computing device, the weighted vulnerability occurrence score with the determined average severity to determine a vulnerability security score for the computer technology; and

comparing, by the computing device, the determined vulnerability security score with determined vulnerability security scores for another computer technology for the predetermined period of time.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of assessing vulnerability or risk associated with a computer technology are presented. The system and method may include receiving a listing of vulnerability occurrences associated with the computer technology and determining a severity of each of the vulnerability occurrences. The number of occurrences and severity may be combined to determine a vulnerability security score which provides an objective measure of the risk or vulnerability of the computer technology based on historical data. The vulnerability security score may then be used to make risk based decisions regarding implementation of the computer technology, elimination of use of the technology, and the like.

Citations

21 Claims

1. A method of determining risk associated with a computer technology, comprising:
- identifying, by a computing device, a plurality of vulnerability occurrences associated with the computer technology;
  
  determining, by the computing device, a number of vulnerability occurrences of the plurality of vulnerability occurrences associated with the computer technology over a predetermined period of time;
  
  assigning, by the computing device, a weighted value to each of the determined vulnerability occurrences to determine a weighted vulnerability occurrence score, wherein the weighted value corresponds to a time period within the predetermined time period that each of the determined vulnerability occurrences occurred, wherein a weight of the weighted value assigned to the determined vulnerability occurrences is higher for vulnerability occurrences that occur in a first time period and lower for vulnerability occurrences that occur in a second time period;
  
  determining, by the computing device, a severity of each of the determined vulnerability occurrences associated with the computer technology;
  
  determining, by the computing device, an average severity for the determined vulnerability occurrences associated with the computer technology;
  
  combining, by the computing device, the weighted vulnerability occurrence score with the determined average severity to determine a vulnerability security score for the computer technology; and
  
  comparing, by the computing device, the determined vulnerability security score with determined vulnerability security scores for another computer technology for the predetermined period of time.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further including determining future vulnerability potential of the computer technology based on the determined vulnerability security score.
  - 3. The method of claim 1, wherein the predetermined period of time is a lifetime of the computer technology.
  - 4. The method of claim 1, further including generating reports based on the determined vulnerability security score of the computer technology.
  - 5. The method of claim 1, further including repeating the method for a second computer technology, the second computer technology being in a category with the computer technology.
  - 6. The method of claim 5, wherein the category is at least one of type of computer technology, developer of the computer technology and version of the computer technology.
  - 7. The method of claim 1, further comprising:
    - ranking the computer technology by the determined number of vulnerability occurrences over the predetermined time period.
  - 8. The method of claim 1, further comprising:
    - ranking the computer technology by the determined severity of the vulnerability occurrences.

9. A method of determining risk associated with a computer technology, comprising:
- receiving, by a computing device, a listing of vulnerability occurrences associated with the computer technology;
  
  assigning, by the computing device, a weighted value to each of the received vulnerability occurrences to determine a weighted vulnerability occurrence score, wherein the weighted value corresponds to a time period that each of the received vulnerability occurrences occurred, wherein a weight of the weighted value assigned to the determined vulnerability occurrences is higher for vulnerability occurrences that occur in a first time period and lower for vulnerability occurrences that occur in a second time period;
  
  determining, by the computing device, a severity of each of the vulnerability occurrences associated with the computer technology;
  
  determining, by the computing device, an average severity for the vulnerability occurrences associated with the computer technology;
  
  combining, by the computing device, the determined average severity with the weighted vulnerability occurrence score;
  
  determining, by the computing device, a vulnerability security score for the computer technology based on the combined determined average severity and weighted vulnerability occurrence score; and
  
  comparing, by the computing device, the determined vulnerability security score with determined vulnerability security scores for another computer technology.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, further including determining a future risk of vulnerability associated with the computer technology based on the determined vulnerability security score.
  - 11. The method of claim 9, wherein the received listing of vulnerability occurrences is a listing of vulnerability occurrences over a predetermined period of time.
  - 12. The method of claim 11, wherein the predetermined period of time is a lifetime of the computer technology.
  - 13. The method of claim 9, further including generating reports based on the determined vulnerability security score of the computer technology.
  - 14. The method of claim 9, further including repeating the method for a second computer technology, the second computer technology being in a category with the computer technology.
  - 15. The method of claim 14, wherein the category is at least one of type of computer technology, developer of the computer technology and version of the computer technology.

16. One or more non-transitory computer-readable media storing computer readable instructions that, when executed, cause a processor to perform a method, comprising:
- identifying a plurality of vulnerability occurrences associated with the computer technology;
  
  determining a number of vulnerability occurrences of the plurality of vulnerability occurrences associated with the computer technology over a predetermined period of time;
  
  assigning a weighted value to each of the determined vulnerability occurrences to determine a weighted vulnerability occurrence score, wherein the weighted value corresponds to a time period within the predetermined period of time that each of the determined vulnerability occurrences occurred, wherein a weight of the weighted value assigned to the determined vulnerability occurrences is higher for vulnerability occurrences that occur in a first time period and lower for vulnerability occurrences that occur in a second time period;
  
  determining a severity of each of the determined vulnerability occurrences associated with the computer technology;
  
  determining an average severity for the determined vulnerability occurrences associated with the computer technology;
  
  combining the weighted vulnerability occurrence score with the determined average severity to determine a vulnerability security score for the computer technology; and
  
  comparing the determined vulnerability security score with determined vulnerability security scores for another computer technology for the predetermined period of time.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The one or more non-transitory computer-readable media of claim 16, the method further including determining future vulnerability potential of the computer technology based on the determined vulnerability security score.
  - 18. The one or more non-transitory computer-readable media of claim 16, wherein the predetermined period of time is a lifetime of the computer technology.
  - 19. The one or more non-transitory computer-readable media of claim 16, the method further including generating reports based on the determined vulnerability security score of the computer technology.
  - 20. The one or more non-transitory computer-readable media of claim 16, the method further including repeating the method for a second computer technology, the second computer technology being in a category with the computer technology.
  - 21. The one or more non-transitory computer-readable media of claim 20, wherein the category is at least one of type of computer technology, developer of the computer technology and version of the computer technology.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Quinlan, Philip Howard, Gehrig, Jeffrey Ronald
Primary Examiner(s)
SCOTT, RANDY A

Application Number

US12/479,958
Time in Patent Office

1,905 Days
Field of Search

713/180, 713/185, 713/189, 726/1, 726/22, 726/25, 726/23, 726/26
US Class Current

713/180
CPC Class Codes

H04L 2463/121   Timestamp

H04L 63/108   when the policy decisions a...

H04L 63/1433   Vulnerability analysis

Assessing risk associated with a computer technology

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Assessing risk associated with a computer technology

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links