Computer system for distributed discovery of vulnerabilities in applications
First Claim
1. A data processing method comprising:
- using a computer, inviting a distributed plurality of researcher computers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party;
using the computer, assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher computer from among a subset of the researcher computers;
using control logic that is logically interposed between the particular researcher computer and the particular network under test, monitoring networked data communications between the particular researcher computer and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulnerability of the particular network under test;
validating a report of the candidate security vulnerability of the particular network under test that is received from the particular researcher computer;
wherein the validating comprises attempting duplication of the candidate security vulnerability after receiving the report;
performing one or more remediation operations on the particular network under test based at least in part upon the report;
wherein the method is performed using one or more computing devices.
1 Assignment
0 Petitions
Accused Products
Abstract
In one aspect, the disclosure provides: A method comprising: inviting a distributed plurality of researchers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; assessing reputation and skills of one or more of the researchers, and accepting a subset of the researchers who have a positive reputation and sufficient skills to perform the investigations of the computer vulnerabilities; assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher from among the subset of the researchers; using a computer that is logically interposed between the particular researcher and the particular network under test, monitoring communications between the particular researcher and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulnerability of the particular network under test; validating a report of the candidate security vulnerability of the particular network under test that is received from the particular researcher; determining and providing an award to the particular researcher in response to successfully validating the report of the candidate security vulnerability of the particular network under test that is received from the particular researcher.
-
Citations
22 Claims
-
1. A data processing method comprising:
-
using a computer, inviting a distributed plurality of researcher computers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; using the computer, assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher computer from among a subset of the researcher computers; using control logic that is logically interposed between the particular researcher computer and the particular network under test, monitoring networked data communications between the particular researcher computer and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulnerability of the particular network under test; validating a report of the candidate security vulnerability of the particular network under test that is received from the particular researcher computer; wherein the validating comprises attempting duplication of the candidate security vulnerability after receiving the report; performing one or more remediation operations on the particular network under test based at least in part upon the report; wherein the method is performed using one or more computing devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer system comprising:
-
a first computer that is communicatively coupled to a plurality of networks under test, an automated scanning system and a vulnerability database, and that is logically interposed in a network topology between the plurality of networks under test and a distributed plurality of researcher computers; one or more non-transitory computer-readable storage media in the first computer storing one or more sequences of instructions which when executed cause performing; using the first computer, inviting the distributed plurality of researcher computers to participate in one or more computer vulnerability research projects directed to identifying computer vulnerabilities of one or more networks and/or computers that are owned or operated by a third party; assigning a particular computer vulnerability research project, relating to a particular network under test, to a particular researcher computer from among a subset of the researcher computers; using a second computer, monitoring networked data communications between the particular researcher computer and the particular network under test, wherein the communications relate to attempting to identify a candidate security vulnerability of the particular network under test; validating a report of the candidate security vulnerability of the particular network under test that is received from the particular researcher computer; wherein the validating comprises attempting duplication of the candidate security vulnerability after receiving the report; performing one or more remediation operations on the particular network under test based at least in part upon the report. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification