Method and apparatus for mitigating software vulnerabilities
First Claim
Patent Images
1. A computerized method for mitigating software vulnerabilities in components of a software application, comprising:
- receiving, at a client device, a plurality of components for a software application, wherein the plurality of components includes;
components that form at least one software application, and one or more additional components for one or more of the components that form the at least one software application;
wherein the one or more additional components are pre-defined alternate component versions which functionally replicate their corresponding component from the one or more components that form the at least one software application but employ different programming logic to prevent vulnerability exploitation;
in response to information identifying at least one compromised component of the components that form the at least one software application, where the compromise comprises a vulnerability, selecting a non-compromised alternate component version for each compromised component from the one or more additional components, wherein the alternate component version restricts functionality problems caused by the vulnerability of the identified compromised component;
replacing, when the at least one software application is currently installed, the each compromised component by loading its corresponding selected non-compromised alternate component version; and
installing, when the at least one software application is not currently installed, the at least one software application using the non-compromised alternate component version for the each compromised component.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for mitigating software vulnerabilities is disclosed. In some embodiments, information associated with software application installation is processed. The information comprises mappings between each component and a currently installed component version. In response to information identifying at least one compromised component version for at least one software application, an alternate component version for each compromised component version is selected and used to install the at least one software application.
12 Citations
25 Claims
-
1. A computerized method for mitigating software vulnerabilities in components of a software application, comprising:
-
receiving, at a client device, a plurality of components for a software application, wherein the plurality of components includes;
components that form at least one software application, and one or more additional components for one or more of the components that form the at least one software application;wherein the one or more additional components are pre-defined alternate component versions which functionally replicate their corresponding component from the one or more components that form the at least one software application but employ different programming logic to prevent vulnerability exploitation; in response to information identifying at least one compromised component of the components that form the at least one software application, where the compromise comprises a vulnerability, selecting a non-compromised alternate component version for each compromised component from the one or more additional components, wherein the alternate component version restricts functionality problems caused by the vulnerability of the identified compromised component; replacing, when the at least one software application is currently installed, the each compromised component by loading its corresponding selected non-compromised alternate component version; and installing, when the at least one software application is not currently installed, the at least one software application using the non-compromised alternate component version for the each compromised component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computerized system for mitigating software vulnerabilities in components of a software application, comprising:
-
at least one server; a non-transitory computer readable storage medium comprising instructions stored thereon that when executed by the at least one server cause the computerized system to; generate a plurality of components for a software application, wherein the plurality of components includes;
one or more components that form the software application, and one or more alternate components for each of the one or more components that form the software application;wherein the one or more alternate components are pre-defined alternative component which functionally replicate their corresponding component from the one or more components that form the software application but employ different programming logic to prevent vulnerability exploitation; in response to information identifying at least one compromised component of the components for the software application, where the compromise comprises a vulnerability, selecting a non-compromised alternate component for each compromised component, wherein the alternate component restricts functionality problems caused by the vulnerability of the identified compromised component; and communicating information identifying the at least one compromised component and instructions for installing the non-compromised alternate component for each compromised component. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A computerized apparatus for mitigating software vulnerabilities in components of a software application, comprising:
-
a computer having one or more processors coupled to a non-transitory memory device, the non-transitory memory device comprising instructions that when executed by the one or more processors cause the computerized apparatus to perform a method comprising; receiving, at a client device, a plurality of components for a software application, wherein the plurality of components includes;
components that form at least one software application, and one or more additional components for one or more of the components that form the at least one software application;wherein the one or more additional components are pre-defined alternate component versions which functionally replicate their corresponding component from the one or more components that form the at least one software application but employ different programming logic to prevent vulnerability exploitation; in response to information identifying at least one compromised component of the components that form the at least one software application, where the compromise comprises a vulnerability, selecting a non-compromised alternate component version for each compromised component from the one or more additional components, wherein the alternate component version restricts functionality problems caused by the vulnerability of the identified compromised component; replacing, when the at least one software application is currently installed, the each compromised component by loading its corresponding selected non-compromised alternate component version; and installing, when the at least one software application is not currently installed, the at least one software application using the non-compromised alternate component version for the each compromised component. - View Dependent Claims (19, 20)
-
-
21. A computerized method of distributing a plurality of component versions to mitigate software vulnerabilities in components of a software application, comprising:
-
generating a plurality of components for each component a software application, wherein the plurality of components includes;
one or more components that form the software application, and one or more alternate components for each of the one or more components that form the software application;wherein the one or more alternate components are pre-defined alternative components which functionally replicate their corresponding component from the one or more components that form the software application but employ different programming logic to prevent vulnerability exploitation; and communicating the plurality of components for the software application to a plurality of client computerized devices, wherein at least one non-compromised alternate component replaces at least one compromised component on at least one of the plurality of client computerized devices, wherein the at least one compromised component has been identified to include a vulnerability and wherein the alternate component restricts functionality problems caused by the vulnerability of the identified compromised component. - View Dependent Claims (22, 23, 24)
-
-
25. A computerized system for distributing a plurality of component versions to mitigate software vulnerabilities in components of a software application, comprising:
-
a plurality of client computerized devices, a distribution module coupled to the plurality of client computerized devices, wherein the distribution module; generates a plurality of components for each component a software application, wherein the plurality of components includes;
one or more components that form the software application, and one or more alternate components for each of the one or more components that form the software application;wherein the one or more alternate components are pre-defined alternative component versions which functionally replicate their corresponding component from the one or more components that form the software application but employ different programming logic to prevent vulnerability exploitation; communicates the plurality of components for the software application to a plurality of client computerized devices using distribution information, wherein at least one non-compromised alternate component replaces at least one compromised component on at least one of the plurality of client computerized devices where the compromise comprises a vulnerability, wherein the at least one non-compromised alternate component restricts functionality problems caused by the vulnerability of the identified compromised component, and wherein the distribution information indicates one of the plurality of components to install at the at least one client computerized device for the each component of the software application.
-
Specification