Crowd-sourced security analysis
First Claim
1. A method to reduce security vulnerability in association with a cloud-based static analysis security tool that is accessible by a set of application development environments, comprising:
- associating a social networking platform with the application development environments, the social networking platform being accessible by users of the application development environments anonymously;
prior to publishing a message received for posting from an anonymous user, filtering the message and, responsive to the filtering, automatically obfuscating sensitive data associated with a particular application development environment included in the message;
receiving security findings generated as users of the application development environments use the cloud-based static analysis security tool;
processing the received security findings into a knowledgebase; and
providing social network content associated with the processed security findings from the knowledgebase as crowdsourced security knowledge generated from use of the cloud-based static analysis security tool by users of the application development environments.
1 Assignment
0 Petitions
Accused Products
Abstract
A cloud-based static analysis security tool that is accessible by a set of application development environments is augmented to provide for anonymous knowledge sharing to facilitate reducing security vulnerabilities. To the end, a crowdsourcing platform and social network are associated with the application development environments. Access to the social network platform by users of the application development environments is enabled. The anonymous access enables users to post messages without exposing sensitive data associated with a particular application development environment. As the static analysis security tool is used, a knowledgebase of information regarding identified security findings, fix priorities, and so forth, is continuously updated. Social network content (e.g., in the form of analytics, workflow recommendations, and the like) is then published from the knowledgebase to provide users with security knowledge generated by the tool from the set of application development environments. The approach provides for secure and anonymous cross-organization information sharing.
-
Citations
20 Claims
-
1. A method to reduce security vulnerability in association with a cloud-based static analysis security tool that is accessible by a set of application development environments, comprising:
-
associating a social networking platform with the application development environments, the social networking platform being accessible by users of the application development environments anonymously; prior to publishing a message received for posting from an anonymous user, filtering the message and, responsive to the filtering, automatically obfuscating sensitive data associated with a particular application development environment included in the message; receiving security findings generated as users of the application development environments use the cloud-based static analysis security tool; processing the received security findings into a knowledgebase; and providing social network content associated with the processed security findings from the knowledgebase as crowdsourced security knowledge generated from use of the cloud-based static analysis security tool by users of the application development environments. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Apparatus, comprising:
-
a processor; computer memory holding computer program instructions executed by one or more processors to reduce security vulnerability in association with a cloud-based static analysis security tool that is accessible by a set of application development environments, the computer program instructions operative to; associate a social networking platform with the application development environments, the social networking platform being accessible by users of the application development environments anonymously; prior to publishing a message received for posting from an anonymous user, filter the message and, responsive to the filtering, automatically obfuscate sensitive data associated with a particular application development environment included in the message; receive security findings generated as users of the application development environments use the cloud-based static analysis security tool; process the received security findings into a knowledgebase; and provide social network content associated with the processed security findings from the knowledgebase as crowdsourced security knowledge generated from use of the cloud-based static analysis security tool by users of the application development environments. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product in a non-transitory computer readable medium for use in one or more data processing systems, the computer program product holding computer program instructions executed by the one or more data processing systems to reduce security vulnerability in association with a cloud-based static analysis security tool that is accessible by a set of application development environments, the computer program instructions operative to:
-
associate a social networking platform with the application development environments, the social networking platform being accessible by users of the application development environments anonymously; prior to publishing a message received for posting from an anonymous user, filter the message and, responsive to the filtering, automatically obfuscate sensitive data associated with a particular application development environment included in the message; receive security findings generated as users of the application development environments use the cloud-based static analysis security tool; process the received security findings into a knowledgebase; and provide social network content associated with the processed security findings from the knowledgebase as crowdsourced security knowledge generated from use of the cloud-based static analysis security tool by users of the application development environments. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification