Assessment and analysis of software security flaws
First Claim
Patent Images
1. A computer-implemented method for providing access to security data related to a software application, the method comprising:
- creating a programmatic association between the software application and results of one or more security analysis tests performed against the software application wherein the results comprise references to flaws identified in source code of the software application;
storing the results for subsequent electronic access on a data storage server comprising a security-threat database;
providing access to the software application and instructions to access limited portions of the results stored in a central database using a unique key associated with an owner of the software application and the software application such that the results, including the source code, may be reviewed on demand by a user authenticated to use the unique key.
4 Assignments
0 Petitions
Accused Products
Abstract
Security analysis and vulnerability testing results are “packaged” or “bound to” the actual software it describes. By linking the results to the software itself, downstream users of the software can access information about the software, make informed decisions about implementation of the software, and analyze the security risk across an entire system by accessing all (or most) of the reports associated with the executables running on the system and summarizing the risks identified in the reports.
45 Citations
19 Claims
-
1. A computer-implemented method for providing access to security data related to a software application, the method comprising:
-
creating a programmatic association between the software application and results of one or more security analysis tests performed against the software application wherein the results comprise references to flaws identified in source code of the software application; storing the results for subsequent electronic access on a data storage server comprising a security-threat database; providing access to the software application and instructions to access limited portions of the results stored in a central database using a unique key associated with an owner of the software application and the software application such that the results, including the source code, may be reviewed on demand by a user authenticated to use the unique key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for providing access to security data related to a plurality of software applications, the system comprising:
-
at least one testing engine for performing a plurality of vulnerability tests on the software applications and associating results of the tests with the respective software application wherein the results comprise references to source code of the software application; a database for storing the results; and a communications server for receiving a request from a user of one of the software applications, the request including a unique key associated with an owner of the software application and the user, to access the results associated with the software application, and, based on the received request, provide the results, including the source code, associated with the software application to the user authenticated to use the unique key. - View Dependent Claims (14, 15, 16, 17, 18, 19)
-
Specification