METHOD, SYSTEM AND COMPUTER PROGRAM FOR DISTRIBUTING SOFTWARE PATCHES

US 20060265630A1
Filed: 05/15/2006
Published: 11/23/2006
Est. Priority Date: 05/19/2005
Status: Active Grant

First Claim

Patent Images

1. A method for maintaining a set of software products installed on a plurality of code execution entities, the method including the steps of:

providing a set of software patches each one for correcting at least one problem by modifying at least one software product, selecting a subset of the patches and at least one target entity for each selected patch according to a catalogue providing an indication of the exposure to the problems by each entity, building a distribution plan, wherein for each selected patch the distribution plan includes an activity for applying a software package on the corresponding target entities, the software package installing the selected patch when applied, submitting the distribution plan for execution, causing each entity to be scanned for determining the corresponding exposure to the problems, and updating the catalogue according to the result of the scanning.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A software patch management solution (200) is proposed. The devised solution is based on the idea of automating the installation of the patches through a software distribution infrastructure. For this purpose, an automation engine (225) is added to a distribution server (110). The automation engine interfaces with a patch provider (125) acting as a proxy, which stores a local copy of the patches (210) and of a patch catalogue (215) for detecting corresponding vulnerabilities. The automation engine automatically builds a distribution plan for deploying the patches to the relevant endpoints (115), according to a vulnerability catalogue (230) that stores the actual exposures of the endpoints. The distribution plan arranges the required activities in the correct order, so as to minimize the number of rebooting of the endpoints; the distribution plan ends with an activity for scanning the endpoints, so as to update the vulnerability catalogue accordingly.

47 Citations

View as Search Results

10 Claims

1. A method for maintaining a set of software products installed on a plurality of code execution entities, the method including the steps of:
- providing a set of software patches each one for correcting at least one problem by modifying at least one software product, selecting a subset of the patches and at least one target entity for each selected patch according to a catalogue providing an indication of the exposure to the problems by each entity, building a distribution plan, wherein for each selected patch the distribution plan includes an activity for applying a software package on the corresponding target entities, the software package installing the selected patch when applied, submitting the distribution plan for execution, causing each entity to be scanned for determining the corresponding exposure to the problems, and updating the catalogue according to the result of the scanning.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, wherein at least one of the selected patches is a serial patch requiring a deferrable rebooting for the installation, the step of building the distribution plan including:
    - for each serial patch, adding an activity for applying a corresponding serial software package without rebooting the corresponding target entities, and adding an activity for rebooting the target entities in response to the application of all the serial software packages.
  - 3. The method according to claim 2, wherein at least one of the selected patches is an exclusive patch requiring an immediate rebooting for the installation, the step of building the distribution plan further including:
    - for each exclusive patch, adding an activity for applying a corresponding exclusive software package in response to said rebooting.
  - 4. The method according to claim 3, wherein the activity for rebooting is included in the activity for applying the first exclusive software package in the distribution plan.
  - 5. The method according to claim 1, wherein the step of building the distribution plan further includes:
    - adding a further activity for performing said scanning in response to the application of all the software packages.
  - 6. The method according to claim 1, wherein the step of building the distribution plan further includes, for each selected patch, generating a query associated with the selected patch for extracting the target entities exhibiting the exposure to the corresponding at least one problem from the catalogue, and wherein the step of submitting the distribution plan includes running the query for each selected patch.
  - 7. The method according to claim 1, wherein at least one of the selected patches is superseded by a further selected patch, the step of building the distribution plan further including discarding the at least one superseded selected patch.
  - 8. The method according to claim 1, wherein at least one of the selected patches is embedded in a still further selected patch, the step of building the distribution plan further including discarding the at least one embedded selected patch.

9. A computer program in a computer readable medium for maintaining a set of software products installed on a plurality of code execution entities, comprising:
- means for providing a set of software patches each one for correcting at least one problem by modifying at least one software product, means for selecting a subset of the patches and at least one target entity for each selected patch according to a catalogue providing an indication of the exposure to the problems by each entity, means for building a distribution plan, wherein for each selected patch the distribution plan includes an activity for applying a software package on the corresponding target entities, the software package installing the selected patch when applied, means for submitting the distribution plan for execution, means for causing each entity to be scanned for determining the corresponding exposure to the problems, and means for updating the catalogue according to the result of the scanning.

10. A system for maintaining a set of software products installed on a plurality of code execution entities, comprising:
- means for providing a set of software patches each one for correcting at least one problem by modifying at least one software product, means for selecting a subset of the patches and at least one target entity for each selected patch according to a catalogue providing an indication of the exposure to the problems by each entity, means for building a distribution plan, wherein for each selected patch the distribution plan includes an activity for applying a software package on the corresponding target entities, the software package installing the selected patch when applied, means for submitting the distribution plan for execution, means for causing each entity to be scanned for determining the corresponding exposure to the problems, and means for updating the catalogue according to the result of the scanning.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Arcese, Mauro, Piciietti, Luigi, Gangemi, Rosario, Bernardini, Gianluca, Alberti, Enrica

Granted Patent

US 7,937,697 B2
Time in Patent Office

Days
Field of Search
US Class Current

714/38
CPC Class Codes

G06F 8/65 Updates security arrangemen...

METHOD, SYSTEM AND COMPUTER PROGRAM FOR DISTRIBUTING SOFTWARE PATCHES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

47 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD, SYSTEM AND COMPUTER PROGRAM FOR DISTRIBUTING SOFTWARE PATCHES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links