Remediation of known defects and vulnerabilities in cloud application packages
First Claim
1. A method for applying a remediation policy to a cloud application package having a set of components, the cloud application package being associated with a catalog of cloud application packages, comprising:
- in response to discovery of a new defect or vulnerability, comparing information from a deployment description against a data set of known problems associated with the one or more of the components, the deployment description representing the set of components and their interrelationships;
for each of the one or more components, identifying one or more known problems that satisfy a given criteria;
with respect to at least one of the components for which at least one known problem satisfying the given criteria has been identified, applying the remediation policy to attempt to rectify the known problem; and
after applying the remediation policy, replacing an old version of the cloud application package in the catalog of cloud application packages with a new version;
wherein at least one of the comparing, identifying, applying and replacing operations are carried out in software executing in a hardware element.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for applying remediation policy to a cloud application package having a set of components is described. The method is initiated in response to discovery of a new vulnerability. It begins by comparing information from a deployment description against a data set of known problems associated with the one or more of the components. The deployment description represents the set of components and their interrelationships. For each of the one or more components, one or more known problems that satisfy a given severity and/or complexity criteria are identified. Thereafter, and with respect to at least one of the components for which one known problem satisfying the given criteria has been identified, the remediation policy (e.g., an update, a replacement, a patch, an additional installable) is applied to attempt to rectify the known problem. After applying the policy, the old version of the package is replaced with the new version.
-
Citations
7 Claims
-
1. A method for applying a remediation policy to a cloud application package having a set of components, the cloud application package being associated with a catalog of cloud application packages, comprising:
-
in response to discovery of a new defect or vulnerability, comparing information from a deployment description against a data set of known problems associated with the one or more of the components, the deployment description representing the set of components and their interrelationships; for each of the one or more components, identifying one or more known problems that satisfy a given criteria; with respect to at least one of the components for which at least one known problem satisfying the given criteria has been identified, applying the remediation policy to attempt to rectify the known problem; and after applying the remediation policy, replacing an old version of the cloud application package in the catalog of cloud application packages with a new version; wherein at least one of the comparing, identifying, applying and replacing operations are carried out in software executing in a hardware element. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsGiammaria, Alberto, Peters, Christopher Andrew, Spatzier, Thomas
-
Primary Examiner(s)Deng, Anna
-
Application NumberUS14/503,056Publication NumberTime in Patent Office420 DaysField of Search717124-127US Class Current1/1CPC Class CodesG06F 11/3688 for test execution, e.g. sc...G06F 21/577 Assessing vulnerabilities a...G06F 8/65 Updates security arrangemen...G06F 8/71 Version control security ar...H04L 63/00 Network architectures or ne...H04L 63/1441 Countermeasures against mal...H04L 65/40 Support for services or app...H04L 67/10 in which an application is ...H04L 67/1095 Replication or mirroring of...
