Device and method for remediating vulnerabilities
First Claim
1. A computer-implemented method, comprising:
- receiving, by a computer, data describing a first software component used by a software product;
receiving, by the computer, vulnerability data describing first and second vulnerabilities in the first software component;
calculating, by the computer, a vulnerability score for the software product, based upon the vulnerability data for the first software component;
receiving, by the computer, an updated status of the first and second vulnerabilities in the first software component, wherein receiving the updated status includes receiving an approved waiver of the first vulnerability in the first software component and wherein the updated status reflects that the second vulnerability has been remediated by patching or revising the software component or the software product;
receiving, by the computer, an update indicating that a second software component is no longer used by the software product;
recalculating, by the computer, the vulnerability score for the software product based upon the updated status of the first and second vulnerabilities and based upon the update that the second software component is no longer used by the software product; and
presenting, by the computer, the recalculated vulnerability score for the software product to a display device to a user.
2 Assignments
0 Petitions
Accused Products
Abstract
Exemplary methods, apparatuses, and systems receive data describing a first software component used by a software product and vulnerability data describing a vulnerability in the first software component. A vulnerability score is calculated for the software product based upon the vulnerability data for the first software component. The vulnerability score is recalculated for the software product based upon receiving an updated status of the vulnerability in the first software component from bug tracking software, a waiver of the vulnerability of a software component, the addition of another software component, or another update to the software product or component(s). The task of remediation of the vulnerability in the first software component can be assigned to a user and tracked. A user interface is provided to enable users to monitor the vulnerabilities of software products or components.
-
Citations
16 Claims
-
1. A computer-implemented method, comprising:
-
receiving, by a computer, data describing a first software component used by a software product; receiving, by the computer, vulnerability data describing first and second vulnerabilities in the first software component; calculating, by the computer, a vulnerability score for the software product, based upon the vulnerability data for the first software component; receiving, by the computer, an updated status of the first and second vulnerabilities in the first software component, wherein receiving the updated status includes receiving an approved waiver of the first vulnerability in the first software component and wherein the updated status reflects that the second vulnerability has been remediated by patching or revising the software component or the software product; receiving, by the computer, an update indicating that a second software component is no longer used by the software product; recalculating, by the computer, the vulnerability score for the software product based upon the updated status of the first and second vulnerabilities and based upon the update that the second software component is no longer used by the software product; and presenting, by the computer, the recalculated vulnerability score for the software product to a display device to a user. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable medium storing instructions, which when executed by a processing device, cause the processing device to perform method comprising:
-
receiving, by a computer, data describing a first software component used by a software product; receiving, by the computer, vulnerability data describing first and second vulnerabilities in the first software component; calculating, by the computer, a vulnerability score for the software product, based upon the vulnerability data for the first software component; receiving, by the computer, an updated status of the first and second vulnerabilities in the first software component, wherein receiving the updated status includes receiving an approved waiver of the first vulnerability in the first software component and wherein the updated status reflects that the second vulnerability has been remediated by patching or revising the software component or the software product; receiving, by the computer, an update indicating that a second software component is no longer used by the software product; recalculating, by the computer, the vulnerability score for the software product based upon the updated status of the first and second vulnerabilities and based upon the update that the second software component is no longer used by the software product; and presenting, by the computer, the recalculated vulnerability score for the software product to a display device to a user. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus comprising:
-
a processing device; and a memory coupled to the processing device, the memory storing instructions which, when executed by the processing device, cause the apparatus to; receive data describing a software component used by a software product; receive vulnerability data describing first and second vulnerabilities in the software component; calculate a vulnerability score for the software product based upon the vulnerability data for the software component; receive an updated status of the first and second vulnerabilities in the first software component, wherein receiving the updated status includes receiving an approved waiver of the first vulnerability in the first software component and wherein the updated status reflects that the second vulnerability has been remediated by patching or revising the software component or the software product; receive an update indicating that a second software component is no longer used by the software product; recalculate the vulnerability score for the software product based upon the updated status of the first and second vulnerabilities and based upon the update that the second software component is no longer used by the software product; and present the recalculated vulnerability score for the software product to a display device to a user. - View Dependent Claims (16)
-
Specification