Assessing risk associated with a computer technology
First Claim
1. A method of determining risk associated with a computer technology, comprising:
- identifying, by a computing device, a plurality of vulnerability occurrences associated with the computer technology;
determining, by the computing device, a number of vulnerability occurrences of the plurality of vulnerability occurrences associated with the computer technology over a predetermined period of time;
assigning, by the computing device, a weighted value to each of the determined vulnerability occurrences to determine a weighted vulnerability occurrence score, wherein the weighted value corresponds to a time period within the predetermined time period that each of the determined vulnerability occurrences occurred, wherein a weight of the weighted value assigned to the determined vulnerability occurrences is higher for vulnerability occurrences that occur in a first time period and lower for vulnerability occurrences that occur in a second time period;
determining, by the computing device, a severity of each of the determined vulnerability occurrences associated with the computer technology;
determining, by the computing device, an average severity for the determined vulnerability occurrences associated with the computer technology;
combining, by the computing device, the weighted vulnerability occurrence score with the determined average severity to determine a vulnerability security score for the computer technology; and
comparing, by the computing device, the determined vulnerability security score with determined vulnerability security scores for another computer technology for the predetermined period of time.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods of assessing vulnerability or risk associated with a computer technology are presented. The system and method may include receiving a listing of vulnerability occurrences associated with the computer technology and determining a severity of each of the vulnerability occurrences. The number of occurrences and severity may be combined to determine a vulnerability security score which provides an objective measure of the risk or vulnerability of the computer technology based on historical data. The vulnerability security score may then be used to make risk based decisions regarding implementation of the computer technology, elimination of use of the technology, and the like.
-
Citations
21 Claims
-
1. A method of determining risk associated with a computer technology, comprising:
-
identifying, by a computing device, a plurality of vulnerability occurrences associated with the computer technology; determining, by the computing device, a number of vulnerability occurrences of the plurality of vulnerability occurrences associated with the computer technology over a predetermined period of time; assigning, by the computing device, a weighted value to each of the determined vulnerability occurrences to determine a weighted vulnerability occurrence score, wherein the weighted value corresponds to a time period within the predetermined time period that each of the determined vulnerability occurrences occurred, wherein a weight of the weighted value assigned to the determined vulnerability occurrences is higher for vulnerability occurrences that occur in a first time period and lower for vulnerability occurrences that occur in a second time period; determining, by the computing device, a severity of each of the determined vulnerability occurrences associated with the computer technology; determining, by the computing device, an average severity for the determined vulnerability occurrences associated with the computer technology; combining, by the computing device, the weighted vulnerability occurrence score with the determined average severity to determine a vulnerability security score for the computer technology; and comparing, by the computing device, the determined vulnerability security score with determined vulnerability security scores for another computer technology for the predetermined period of time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of determining risk associated with a computer technology, comprising:
-
receiving, by a computing device, a listing of vulnerability occurrences associated with the computer technology; assigning, by the computing device, a weighted value to each of the received vulnerability occurrences to determine a weighted vulnerability occurrence score, wherein the weighted value corresponds to a time period that each of the received vulnerability occurrences occurred, wherein a weight of the weighted value assigned to the determined vulnerability occurrences is higher for vulnerability occurrences that occur in a first time period and lower for vulnerability occurrences that occur in a second time period; determining, by the computing device, a severity of each of the vulnerability occurrences associated with the computer technology; determining, by the computing device, an average severity for the vulnerability occurrences associated with the computer technology; combining, by the computing device, the determined average severity with the weighted vulnerability occurrence score; determining, by the computing device, a vulnerability security score for the computer technology based on the combined determined average severity and weighted vulnerability occurrence score; and comparing, by the computing device, the determined vulnerability security score with determined vulnerability security scores for another computer technology. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. One or more non-transitory computer-readable media storing computer readable instructions that, when executed, cause a processor to perform a method, comprising:
-
identifying a plurality of vulnerability occurrences associated with the computer technology; determining a number of vulnerability occurrences of the plurality of vulnerability occurrences associated with the computer technology over a predetermined period of time; assigning a weighted value to each of the determined vulnerability occurrences to determine a weighted vulnerability occurrence score, wherein the weighted value corresponds to a time period within the predetermined period of time that each of the determined vulnerability occurrences occurred, wherein a weight of the weighted value assigned to the determined vulnerability occurrences is higher for vulnerability occurrences that occur in a first time period and lower for vulnerability occurrences that occur in a second time period; determining a severity of each of the determined vulnerability occurrences associated with the computer technology; determining an average severity for the determined vulnerability occurrences associated with the computer technology; combining the weighted vulnerability occurrence score with the determined average severity to determine a vulnerability security score for the computer technology; and comparing the determined vulnerability security score with determined vulnerability security scores for another computer technology for the predetermined period of time. - View Dependent Claims (17, 18, 19, 20, 21)
-
Specification