Enforcing alignment of approved changes and deployed changes in the software change life-cycle
First Claim
1. A method to be executed by a processor, comprising:
- intercepting, by a host computer, a host content change request indicating a change to a persistent object on the host computer;
determining whether the change is authorized, as indicated by a set of change authorization policies; and
allowing the change to take effect when the change is authorized;
allowing the change to take effect when the change is not authorized for an initial period;
logging information about the host content change request when the change is not authorized during the initial period; and
blocking the change from taking effect when the change is not authorized after the initial period,wherein the set of change authorization policies is configurable to define whether the persistent object can be changed.
9 Assignments
0 Petitions
Accused Products
Abstract
On a host, host content change requests are intercepted in real-time. In a tracking mode, the change requests are logged and allowed to take effect on the host. In an enforcement mode, the change requests are logged and additionally compared against authorized change policies and a determination is made whether to allow the change to take effect or to block the changes, thereby enforcing the authorized change policies on the host. Tracking and enforcement can be done in real-time. In either mode and at any time, the logged changes can be reconciled against a set of approved change orders in order to identify classes of changes, including changes that were deployed but not approved and changes that were approved but not deployed.
326 Citations
19 Claims
-
1. A method to be executed by a processor, comprising:
-
intercepting, by a host computer, a host content change request indicating a change to a persistent object on the host computer; determining whether the change is authorized, as indicated by a set of change authorization policies; and allowing the change to take effect when the change is authorized; allowing the change to take effect when the change is not authorized for an initial period; logging information about the host content change request when the change is not authorized during the initial period; and blocking the change from taking effect when the change is not authorized after the initial period, wherein the set of change authorization policies is configurable to define whether the persistent object can be changed. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. Logic encoded in one or more non-transitory computer readable media having computer-executable instructions and when executed by a processor is operable to perform operations comprising:
-
intercepting a host content change request indicating a change to a persistent object on a host; determining whether the change is authorized, as indicated by a set of change authorization policies; and allowing the change to take effect when the change is authorized; logging information about the host content change request; obtaining a log representing a set of host content change requests; filtering the log to select change requests which meet a condition to form a filtered log; comparing the filtered log to a set of approved change orders for any one or more of a plurality of persistent objects on the host; identifying at least one correlation between the set of host content change requests and the set of approved change orders; and providing user-readable data representing the at least one correlation, wherein the set of change authorization policies is configurable to define whether the persistent object can be changed. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A host, comprising:
-
a memory element for storing data; and a processor operable to execute instructions associated with the data, wherein the processor and the memory element cooperate when the processor executes the instructions, such that the host is configured to; intercept a host content change request indicating a change to a persistent object on the host; determine whether the change is authorized, as indicated by a set of change authorization policies; and allow the change to take effect when the change is authorized; log information about the host content change request from a plurality of time windows; obtain a log for each time window of the plurality of time windows; identify a bug during a time window of the plurality of time windows; and identify a set of persistent objects from the log of the time window of the bug, wherein the set of change authorization policies is configurable to define whether the persistent object can be changed. - View Dependent Claims (14, 15, 16, 17)
-
-
18. At least one non-transitory computer readable medium having computer-executable instructions stored therein, and when executed by a host computer, cause the host computer to:
-
intercept a host content change request indicating a change to a persistent object on the host computer; determine whether the change is authorized, as indicated by a set of change authorization policies; and allow the change to take effect when the change is authorized; allow the change to take effect when the change is not authorized for an initial period; log information about the host content change request when the change is not authorized during the initial period; and block the change from taking effect when the change is not authorized after the initial period, wherein the set of change authorization policies is configurable to define whether the persistent object can be changed.
-
-
19. At least one non-transitory computer readable medium having computer-executable instructions stored therein, and when executed by a host computer, cause the host computer to:
-
intercept a host content change request indicating a change to a persistent object on the host computer; determine whether the change is authorized, as indicated by a set of change authorization policies; and allow the change to take effect when the change is authorized; log information about the host content change request from a plurality of time windows; obtain a log for each time window of the plurality of time windows; identify a bug during a time window of the plurality of time windows; and identify a set of persistent objects from the log of the time window of the bug, wherein the set of change authorization policies is configurable to define whether the persistent object can be changed.
-
Specification