FORM 2
THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENTS RULES, 2003
COMPLETE SPECIFICATION (See section 10, rule 13)
“A SYSTEM AND A METHOD FOR REAL TIME VULNERABILITY MANAGEMENT IN A COMPUTING
SYSTEM”
ZENSAR TECHNOLOGIES LIMITED a company Incorporated in India under the Companies Act, 1956, Zensar knowledge park, Plot # 4, MIDC, Kharadi, off Nagar road, Pune-411014, Maharashtra, India
The following specification particularly describes the invention and the manner in which it is to be performed.

TECHNICAL FIELD
The present disclosure relates in general to computing systems. More particularly, but not exclusively, to a method and a system for real time management of vulnerabilities in the computing systems.
BACKGROUND
In today’s world, network security is very important for home networks as well as in the business world. A strong network security system helps reduce a risk of cyber-attacks causing data loss, theft, and sabotage. To secure the network, proper management of the network vulnerabilities is required. In general, a network vulnerability is a weakness or flaw in software, hardware, or organizational processes, which when compromised by a threat, may result in a security breach.
Today most of the Information Technology (IT) organizations perform network security assessment manually over periodic interval. A network security assessment is an audit that is designed to find vulnerabilities which are at risk of being compromised and may impact business operations or lead to leakage of sensitive business information. Since network security is a top priority for all organizations, organizations have started using real time vulnerability identification system, to generate alerts in real time, in case any vulnerability is detected.
Most of the organizations use mainly three security assessment phases. In a first phase, the Operating System (OS) is being hardened i.e., anti-virus agent is installed in the computing system, password expiry policy for the users is imposed on the computing system, and similar actions are performed to limit potential weaknesses that make systems vulnerable to cyber-attacks. In a second phase, all the application installed are scanned to detect any malicious software being installed in the computing system. The anti-virus agent tries to block the installation and generates alerts to security team.
In a third phase, the application running on the system (Web Application/Mobile Application), ports etc., which are exposed over internet/intranet are scanned and detected vulnerabilities are shared with application owner or developers. In return the developer team fixes the vulnerabilities. However, it takes huge amount of time by the developers to fix the applications and after fixing the corresponding findings are reassessed by the security team. In case any of the

findings pointed out by security team are still open, again the same is sent back to the developers. This chain continues until all the findings pointed out by security team get fixed.
Now once all the vulnerabilities are fixed, the application is approved for use. Since, the organizations do not conduct security scans continuously, problem may again arise if any vulnerability, specifically zero-day newly reported vulnerabilities, is detected after the application is approved for use. Moreover, even if the organizations conduct continuous security scans, the fixes/solutions to the detected vulnerabilities are not provided in real-time. If the vulnerabilities are not resolved in time, it not only affects the performance of computing systems but at the same time also gives a scope to an internal or external attacker for exploiting the vulnerabilities resulting in huge reputational/business/data loss, and even system failure.
Therefore, a couple of technical challenges may be determined including how to continuously perform the security scan to identify vulnerabilities in the computing system and how to initiate a real-time action soon after a vulnerability is detected in the computing system.
The information disclosed in this background of the disclosure section is only for enhancement of understanding of the general background of the invention and should not be taken as an acknowledgement or any form of suggestion that this information forms the prior art already known to a person skilled in the art.
SUMMARY
The current invention provides a solution to the above-identified problems by proposing a vulnerability management system and a method which not only identify vulnerabilities in computing systems but also mitigates the identified vulnerabilities in real time.
In one non-limiting embodiment of the present disclosure, a method of managing vulnerabilities in a computing system is disclosed. The method comprises monitoring, by a vulnerability management system, one or more databases which are being updated continuously with at least one of bug and fix information and software update information pertaining to a plurality of software applications. The method further comprises identifying, upon detecting an update in at least one of the bug and fix information and the software update information, one or more software applications of the plurality of software applications, running on the computing system, being affected due to the detected update. Further, the method comprises updating in real-

time the one or more software applications, by using at least one of the bug and fix information and the software update information, in such a manner that the updated one or more software applications mitigate risk of vulnerabilities in the computing system being caused while using the one or more software applications.
In another non-limiting embodiment of the present disclosure, a vulnerability management system for managing vulnerabilities in a computing system is disclosed. The vulnerability management system comprises a monitoring unit to monitor one or more databases which are being updated continuously with at least one of bug and fix information and software update information pertaining to a plurality of software applications. The vulnerability management system further comprises an identifying unit to identify, upon detecting an update in at least one of the bug and fix information and the software update information, one or more software applications of the plurality of software applications, running on the computing system, being affected due to the detected update. Furthermore, the vulnerability management system comprises an updating unit to update, in real-time, the one or more software applications, by using at least one of the bug and fix information and the software update information, in such a manner that the updated one or more software applications mitigate risk of vulnerabilities in the computing system being caused while using the one or more software applications.
The foregoing summary is illustrative only and is not intended to be in any way limiting. In addition to the illustrative aspects, embodiments, and features described above, further aspects, embodiments, and features will become apparent by reference to the drawings and the following detailed description.
BRIEF DESCRIPTION OF THE ACCOMPANYING DRAWINGS
The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate exemplary embodiments and, together with the description, serve to explain the disclosed principles. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. The same numbers are used throughout the figures to reference like features and components. Some embodiments of system and/or methods in accordance with embodiments of the present subject matter are now described, by way of example only, and with reference to the accompanying figures, in which:

Figure 1 shows an exemplary environment 100 for managing vulnerabilities in a computing system, in accordance with some embodiments of the present disclosure;
Figure 2 shows a block diagram 200 illustrating a vulnerability management system for managing vulnerabilities in a computing system, in accordance with some embodiments of the present disclosure;
Figure 3 depicts a flowchart of a method 300 for managing vulnerabilities in a computing system, in accordance with some embodiments of the present disclosure; and
Figure 4 illustrates a block diagram of an exemplary computer system 400 for implementing embodiments consistent with the present disclosure.
It should be appreciated by those skilled in the art that any block diagrams herein represent conceptual views of illustrative systems embodying the principles of the present subject matter. Similarly, it will be appreciated that any flow charts, flow diagrams, state transition diagrams, pseudo code, and the like represent various processes which may be substantially represented in computer readable medium and executed by a computer or processor, whether or not such computer or processor is explicitly shown.
DETAILED DESCRIPTION
In the present document, the word “exemplary” is used herein to mean “serving as an example, instance, or illustration.” Any embodiment or implementation of the present subject matter described herein as “exemplary” is not necessarily to be construed as preferred or advantageous over other embodiments.
While the disclosure is susceptible to various modifications and alternative forms, specific embodiment thereof has been shown by way of example in the drawings and will be described in detail below. It should be understood, however that it is not intended to limit the disclosure to the particular forms disclosed, but on the contrary, the disclosure is to cover all modifications, equivalents, and alternative falling within the spirit and the scope of the disclosure.
The terms “comprises”, “comprising”, “includes”, or any other variations thereof, are intended to cover a non-exclusive inclusion, such that a setup, device or method that comprises a list of components or steps does not include only those components or steps but may include other

components or steps not expressly listed or inherent to such setup or device or method. In other words, one or more elements in a system or apparatus proceeded by “comprises… a” does not, without more constraints, preclude the existence of other elements or additional elements in the system or method.
Disclosed herein is a vulnerability management system (hereinafter also referred as “system”) and a method for real-time management of vulnerabilities (i.e., identification and mitigation) in a computing system. Software is an important part of any computing system, which may be broadly divided into two categories: operating systems and application software. Operating system manages hardware such as memory (RAM/HDD), I/O units, CPU etc. and creates an interface between the hardware and users. Application software is the category of programs that do something useful for the user. Examples of application software include, but not limited to, a word processor, a spreadsheet, a web browser, an email client, a media player etc. Each application of the computing system runs on some port. In computer networking, a port is a process-specific or an application-specific software construct serving as a communication endpoint.
In cybersecurity world, main risk/threat lies in the software level (operating systems and application software) and the user level. Attackers/hackers (internal or external) may try to exploit vulnerabilities in the computing system in different ways. For example, the attacker may scan a target network or computing system to gather information about live hosts and services running on the computing system. The information may include which of the hosts are running, what all services the hosts are running, what all ports on the system are running, etc. Based on the results of scanning, the attacker may detect vulnerabilities (such as secure shell (SSH) vulnerability, SQL injection vulnerability etc.) in the computing system and deep drive into the computing systems by exploiting the detected vulnerabilities. The attacker may also download important and confidential data, encrypt data and ask for some Ransome, modify or delete critical data etc. This may result in huge reputational/business/data loss and even system failure.
The system disclosed in the present disclosure addresses this issue by providing a real-time vulnerability management technique that identifies the vulnerabilities in the computing system (infrastructure level / Application Level (Web Application / Mobile Application etc.)) and mitigates the same in real time. Thus, the proposed technique enhances the security of the computing system.

In the following detailed description of the embodiments of the disclosure, reference is made to the accompanying drawings that form a part hereof, and in which are shown by way of illustration specific embodiments in which the disclosure may be practiced. These embodiments are described in sufficient detail to enable those skilled in the art to practice the disclosure, and it is to be understood that other embodiments may be utilized and that changes may be made without departing from the scope of the present disclosure. The following description is, therefore, not to be taken in a limiting sense.
Figure 1 shows an exemplary environment 100 of an organization for managing vulnerabilities in a computing system 106, in accordance with some embodiments of the present disclosure. The organization may have different computing systems such as, but not limited to, a server 106A, a device running software applications 106B, or any other computing resources 106C. The computing systems 106A, 106B, 106C are collectively referred as the computing system 106. For the sake of simplicity only three computing systems are shown in figure 1 however, there may be a plurality of computing systems in an organization, and hence the scope of the present disclosure is not limited to the examples shown in Figure 1. The computing system 106 may use different software resources such as, but not limited to, mobile applications, web applications, servers, and third-party software’s for web serving, reverse proxying, caching, load balancing, media streaming, and more.
In an organization, a plurality of software applications run on these computing systems 106. The software applications or the computing system on which these software applications are running, may become outdated or may have any bug/vulnerability which an attacker may exploit causing huge loss to the organization. The exemplary environment 100 further comprises one or more databases 104 and a vulnerability management system 102. It may be understood to a person skilled in art that the present invention is not limited to the environment shown in figure 1 and may be implemented in various environments as well, other than as shown in figure 1.
The one or more databases 104 may comprise bug and fix information and software update information pertaining to software applications running on the computing system 106. The one or more databases 104 may be continuously updated with the bug-fix and software update information by authorized bodies. The bug and fix information indicates information about any vulnerability in the software applications and corresponding patch/solution for fixing that

vulnerability. Whereas the software update information indicates information about updates or upgrades for the software applications. The bug and fix information and the software update information are generally available at least in publicly known databases such as the Common Vulnerability Exposure (CVE) database, Common Weakness Enumeration (CWE) database, and Open Web Application Security Project (OWASP).
CVE is a vulnerability database comprising a list of publicly disclosed computer system security flaws or vulnerabilities. The CVE project creates a system for identifying and organizing vulnerabilities and exposures. CVE consists of a list of entries, each of which has an identification number, a description, and a public reference. Each CVE lists a specific vulnerability or exposure. A vulnerability is assigned a CVE identification number by an authorized authority. The authority then writes a description of the vulnerability and provides references for advisories and solutions for the vulnerability.
CWE is a community developed formal list or dictionary of common software and hardware weaknesses that may occur in architecture, design, code, or implementation that may lead to exploitable security vulnerabilities. CWE serves as a common language for describing security weaknesses and provides a common baseline standard for weakness identification, mitigation, and prevention efforts. CWE allows developers to minimize weaknesses in the software as early in the lifecycle as possible, improving overall security. CWE refers to the types of software weaknesses, rather than specific instances of vulnerabilities within products or systems while CVE refers to a specific instance of a vulnerability within a product or system.
OWASP is a non-profit foundation dedicated to web application security. OWASP produces freely available articles, methodologies, documentation, tools, and technologies in the field of web application security.
It may be noted that in the current disclosure these databases are collectively referred as one or more databases 104. However, according to the embodiments, present disclosure may be implemented using other databases also which may serve as a repository for the bug and fix information and software update information as discussed above. The databases 104 are continuously updated by authorized bodies with new findings of bug-fix information and software update/upgrade information about different software applications. Since the databases 104 are accessible to public, any attacker may exploit the information present in the databases 104 to cause

any harm to the organization. Thus, it is important for the organization to fix/update the software applications as and when any new finding is detected in the databases 104. The vulnerability management system 102 is used for real time updating the software applications with the information available in the databases 104.
Now, figure 1 is explained in conjunction with figure 2 which shows a block diagram 200 illustrating the vulnerability management system 102 for identifying and mitigating the vulnerabilities in the computing system 106, in accordance with some embodiments of the present disclosure. The vulnerability management system 102 uses artificial intelligence and natural language processing for implementing various functionalities.
According to an embodiment of the present disclosure, the vulnerability management system 102 may comprise an input/output interface 202, a processor 204, a memory 206, and various units 208. The I/O interface 202 may include a variety of software and hardware interfaces, for example, a web interface, a graphical user interface, input device, output device and the like. The I/O interface 202 may allow the vulnerability management system 102 to interact with the databases 104 and the computing system 106 directly or through other devices. The memory 206 is communicatively coupled to the processor 204. The memory 206 stores information such as bug-fix and software update information 210 and test case information 212. The memory 206 may further store necessary commands needed for execution of various operation of the vulnerability management system 102 and for updating software’s or packages, for configuring firewall rule etc. The memory 206 may also store state of the computing system 106, various syntaxes of programming languages, information about configurations and installations of various software’s etc. Further, the units 208 may comprise a monitoring unit 214, a detecting unit 216, an identifying unit 218, an updating unit 220, a verifying unit 222, a recommending unit 224, a report generating unit 226, and other units 228. Further, the units 214-228 may be dedicated hardware units capable of performing various operations of the vulnerability management system 102. However, according to other embodiments, the units 214-228 may be a processor (such as the processor 204) or an application-specific integrated circuit (ASIC) or any circuitry capable of executing instructions stored in the memory 206 of the vulnerability management system 102. In one embodiment, a processor (such as the processor 204) may collectively perform the operations of the various units 214-228.

In the exemplary environment shown in figure 1, the vulnerability management system 102 may be in sync with the databases 104 that maintain information about all vulnerabilities and corresponding mitigation. Further, the vulnerability management system 102 may be in communication with the computing system 106 or any other electronic asset used in the organization on which the plurality of software applications is running. It may happen that one or more software applications from the plurality of software applications may get outdated or may have any bug/vulnerability. Such information may be continuously updated in the databases 104 which is further used by the system 102 for mitigating the vulnerabilities.
For example, the monitoring unit 214 of the vulnerability management system 102 continuously monitors the databases 104. The detecting unit 216 checks if any new finding[s] or update[s] (i.e., software update or software vulnerability) is/are detected in the databases 104. In case any new finding[s] or update[s] is/are detected, the vulnerability management system 102 fetches details of the new finding[s] or update[s]. According to the present disclosure, the finding[s] or update[s] are referred to as ‘bug and fix information and software update information’ 210. The ‘bug and fix information and software update information’ 210 are locally stored in the memory 206 for providing the most effective solution/suggestions for eradicating the security risk in any new software application.
Once the bug and fix information and software update information are detected and stored in the memory 206, in next step, the identifying unit 218 may scan the computing system 106 to identify those software applications and assets which may be affected due to the detected update. In other words, the identifying unit 218 identifies software applications that have now become vulnerable or outdated and may cause harm to the organization. It should be noted that the scanning starts automatically as soon as any update is detected in the databases 104. The vulnerability management system 102 gets access of the source code of the identified vulnerable or outdated software applications (when web/mobile application related vulnerability being detected) and starts performing necessary actions to eliminate the detected vulnerability in the identified vulnerable or outdated software applications.
Once the vulnerable or outdated software applications are identified, in next step, the updating unit 220 of the system 102 updates, in real-time, the identified vulnerable or outdated software applications, by using at least one of the bug and fix information and the software update

information. Hence, the update software applications help in mitigating the risk of vulnerabilities (i.e., risk which could have been caused while using the outdated/vulnerable software applications) in the computing system 106. It should be noted here that the vulnerability management system 102 stores an initial state of the computing system 106 in the memory. The initial state of the computing system corresponds to a state of the computing system 106 before being updated by the updating unit 220. The storing of the initial state information helps the system 102 to verify whether the computing system 106 is working properly or not after being updated with new versions of the software applications running over them.
For this, the vulnerability management system 102 comprises the verifying unit 222 to verify functionalities of the computing system 106 after the identified vulnerable or outdated software applications are being updated. The verifying unit 222 executes one or more sample test cases on the computing system 106. These sample test cases are fetched from the test case information 212 prestored stored in the memory 206. The test case information 212 may comprise test cases for different possible scenarios and corresponding expected/desired results. For example, table 1 lists few test cases for a login page.

Sr No. Test case Expected Result
1. Data in password field is either visible as asterisk or bullet signs. Positive
2. The time taken to log in with a valid username and password. Less than 10 seconds
3. A user cannot enter the characters more than the specified range in each field (Username and Password). Positive
4. Verify the Login page against SQL injection attack. Negative
5. Verify the implementation of SSL certificate. Positive
Table 1: Sample test cases for a login page

The verifying unit 222 determines the result of the execution of the one or more test cases and compares the determined results with expected results. Based on the result of comparison, the verifying unit 222 determines whether the updated software applications are working fine or not on the computing system 106. When any one of the one or more of the determined results do not match with corresponding expected results, the verifying unit 222 determines that the updated software applications are not working properly. In that case, the verifying unit 222 may restore that computing system 106 to its initial state. That is, the verifying unit 222 retains the previous versions of the software applications on the computing system 106 rather than updating them with the new ones. Further, the verifying unit 222 may notify an administrator of the computing system 106 (system owner/application owner/ business owners) along with the detected vulnerabilities and performed operation details.
Alternatively, when all of the one or more of the determined results match with corresponding expected results, the verifying unit 222 determines that the updated software applications are working properly and allows the computing system 106 with the execution of the updated one or more software applications.
In another non-limiting embodiment, the vulnerability management system 102 comprises a report generating unit 226 that generates a report and sends the report to a device associated with the system administrator. The report comprises information pertaining to the detected vulnerabilities (bug and fix information and the software update information) corresponding to the identified outdated/vulnerable software applications, operational changes in the computing system caused while updating the one or more software applications, and execution results of the one or more test cases.
In another non-limiting embodiment, all the operations being performed by the vulnerability management system 102 may be shown in a dashboard on the device associated with the system administrator. The dashboard may show statistics using graph or curve to show what all vulnerabilities are detected, what all operations are performed to counter the vulnerabilities, what all test cases are executed successfully or failed etc. The system administrator may utilize the received report and dashboard information to enhance the security of the computing system 106. The system administrator may inform the cyber security team and developers if the detected vulnerabilities are not automatically resolved by the vulnerability management system 102 so that

the detected vulnerabilities may be fixed manually before any attacker exploits them. After communicating the success/failure notification to the system administrator, the initial state of the computing system 106 is removed from the memory 206.
In another non-limiting embodiment, the vulnerability management system 102 comprises a recommending unit 224. The recommending unit 224 may be in sync with the ‘bug and fix information and software update information’ 210 stored in the memory 206. The recommending unit 224 may continuously analyze and learn about the vulnerabilities resolved while updating the software applications of the computing system 106. The recommending unit 224 may also suggest the bug-fix information and the software update information for resolving the previously learnt vulnerabilities detected in one or more new software applications running on the computing system 106 thereby eliminating the risk of cyber-attack on the new applications. Thus, if any resolved vulnerability is detected in future, the vulnerability management system 102 may automatically resolve that vulnerability without considering the databases 104.
In another non-limiting embodiment of the present disclosure, the vulnerability management system 102 comprises other units 228 such as a Natural Language Processing (NLP) unit. The vulnerability management system 102 in association with the NLP unit understands relevant information from repositories. For example, in case of Nginx upgrade, the vulnerability management system 102 refers to the link “http://nginx.org” and pull-out information related to its configuration files and commands specified there which are necessary for execution.
It should be noted that the disclosure describes about mitigation of vulnerabilities in software applications. The software applications may comprise any of web applications, mobile applications, microservices, application programming interfaces (APIs) running or hosted on the computing system 106 over internet or intranet. Thus, the vulnerability management system 102 identifies at all levels including code level, application level, infrastructure level and mitigates the same in real time.
The invention is now described with the help of few examples.
Example 1: from infrastructure perspective:
Suppose on Date 12-NOV-2020 at 14:39 pm CVE for Nginx 1.10.1 version is updated.

Since the vulnerability management system 102 is in sync with the databases (i.e., CVE and OWASP), the detecting unit 216 may detect the update. Upon detecting the update, the identifying unit 218 automatically starts scanning to identify those computing system(s) and software applications in the organization that are running with the vulnerable Nginx version. Consider for example that host “abc.xyz.zensar.com” having IP address of 10.42.210.36 is running the vulnerable Nginx Version and the host “abc.xyz.zensar.com” is hosting important and critical business applications. Thus, it becomes necessary to ensure that Nginx version is upgraded and at same time the vulnerable Nginx version hosting the web application does not go down.
The vulnerability management system 102 performs following operations:
After detecting the Nginx update in the database, the vulnerability management system 102 obtains necessary information about Nginx from the computing system 106 (current version on Nginx, on which port it is running its services, path where web application build is present, configuration file, TLS certificate directory [required in case test case fails]). The vulnerability management system 102 creates a separate directory for backup that stores necessary configuration files for roll-back operation.
The vulnerability management system 102 fetches a command from the memory 206 for upgrading the Nginx. The updating unit 220 sends the command to a client agent running on the computing system 10.42.210.36, host abc.xyz.zensar.com to upgrade the Nginx to latest version (1.10.1).
The vulnerability management system 102, after upgrading the Nginx, executes some test cases to check whether or not applications hosted over Nginx are running perfectly or not. If all the test cases are executed successfully, the Nginx upgraded version 1.10.1 is made persistent in the computing system 106. The vulnerability management system 102 may scan the computing system 106 again to confirm whether Nginx version is upgraded or not. The vulnerability management system 102 sends the success notification, resolved vulnerability details along with logs to the system administrator or the concerned team (business owner / developers).
If any of the test cases fails, the vulnerability management system 102 rolls back the operations (i.e., Nginx is rolled back to version 1.10.0). The failure notification along with

vulnerability details and how to mitigate the same is communicated to the system administrator. Thereafter, the backup stored in the directory is deleted.
Example 2: From Application (Web/Mobile Application) perspective:
Consider that at time 15:43 pm on 12-NOV-2020 CWE is reported on official website: Observation Name: User credentials are sent in clear text, Cleartext submission of
password
Classification: OWASP Top 10 2017 – A3 Sensitive Data Exposure, A2 Broken
Authentication, CWE-319: Cleartext Transmission of Sensitive Information
The vulnerability management system 102 performs following operations:
The monitoring unit 214 continuously monitors the database and the detecting unit 216 detects the update in the database. The identifying unit 218 runs security scan to identify which all software applications in the organization are having this vulnerability. The vulnerability management system 102 stores the affected files in the memory.
The vulnerability management system 102 may implement natural language processing for understanding the vulnerability. Consider that in CWE, the remediation steps specified is encryption of password field (while transmission) at front end side and decrypting the same while at backend processing. The vulnerability management system 102 then navigates to frontend code and find where the code functionality is implemented. The vulnerability management system 102 updates the code functionality by implementing the encryption and decryption into the code.
The vulnerability management system 102 then runs some test cases, probably the login test, to ensure whether login functionality is working or not. If test case(s) are executed successfully, the changes in the code are committed. If any of the test cases is failed, the vulnerability management system 102 rolls back the operation and restarts the computing system 106. For both success/failure the detailed report along with executed operations is sent to the system administrator.
Thus, the vulnerability management system 102 provides an easier, efficient, and secure way of real-time identification and mitigation of vulnerabilities in the computing system 106.

Figure 3 depicts a flowchart illustrating a method for managing vulnerabilities in a computing system, in accordance with some embodiments of the present disclosure.
As illustrated in figure 3, the method 300 includes one or more blocks illustrating a method to manage vulnerabilities in a computing system 106. The method 300 may be described in the general context of computer executable instructions. Generally, computer executable instructions can include routines, programs, objects, components, data structures, procedures, modules, and functions, which perform specific functions or implement specific abstract data types.
The order in which the method 300 is described is not intended to be construed as a limitation, and any number of the described method blocks may be combined in any order to implement the method. Additionally, individual blocks may be deleted from the methods without departing from the spirit and scope of the subject matter described herein. Furthermore, the method may be implemented in any suitable hardware, software, firmware, or combination thereof.
At block 302, the monitoring unit 214 monitors one or more databases 104 which are updated continuously with at least one of bug and fix information and software update information pertaining to a plurality of software applications. As discussed above, the one or more databases comprise[s] at least one of Common Vulnerability Exposure (CVE) database, Common Weakness Enumeration (CWE) database, and Open Web Application Security Project (OWASP). The one or more software applications may comprise any of web applications, mobile applications, application programming interfaces (APIs), and microservices running on the computing system 106 over internet or intranet.
At block 304, the detecting unit 216 detects if there is any update in at least one of the bug and fix information and the software update information stored in the memory 206.
At block 306, after detecting an update in at least one of the bug and fix information and the software update information, the identifying unit 218 identifies one or more software applications of the plurality of software applications, running on the computing system, where the one or more software applications are affected due to the detected update.
At block 308, the updating unit 220 updates, in real-time, the one or more software applications, by using at least one of the bug and fix information and the software update

information, in a manner such that the updated one or more software applications mitigate risk of vulnerabilities in the computing system 106 being caused while using the one or more software applications.
In an additional non-limiting embodiment, the method 300 may further comprise following additional steps.
At block 310, the verifying unit 222 verifies functionality of the computing system 106 upon being updated with the updated one or more software applications. The verifying unit 222 executes one or more test cases on the computing system 106 and determines the results of the execution of the one or more test cases.
At block 312, the verifying unit 222 compares the determined results vis-à-vis expected results. It may be noted that the expected results are determined based on previous execution of the one or more software applications on the computing system 106 and are stored in the memory 206.
At block 314, the verifying unit 222 restores the computing system 106 to an initial state with the one or more software applications. In one embodiment, the verifying unit 222 restores the computing system 106, when a mismatch is detected during the comparison of the determined results and the previously stored results.
At block 316, the verifying unit 222 allows the computing system 106 with the execution of the updated one or more software applications when no mismatch is detected during the comparison.
At block 318, a report generating unit 226 generates and sends a detailed report to a device associated with an administrator of the computing system 106. The report may comprise information pertaining to the bug and fix information and the software update information corresponding to the identified one or more software applications, operational changes in the computing system caused while updating the one or more software applications, and execution results of the one or more test cases.
In an additional non-limiting embodiment of the present disclosure, a recommending unit 224 learns about one or more vulnerabilities being resolved while updating the one or more

software applications implemented on the computing system and suggests at least one of the bug and fix information and the software update information for resolving the previously learnt one or more vulnerabilities detected in one or more new software applications.
Computer System
Figure 4 illustrates a block diagram of an exemplary computer system 400 for implementing embodiments consistent with the present invention. In an embodiment, the computer system 400 can be the vulnerability management system 102 which is used for managing vulnerabilities in a computing system 106. According to an embodiment, the computer system 400 may receive a database update 410 which may indicate that the database 104 has been updated with at least one of bug and fix information and software update information.
The computer system 400 may comprise a central processing unit (“CPU” or “processor”) 402. The processor 402 may comprise at least one data processor for executing program components for executing user- or system-generated business processes. The processor 402 may include specialized processing units such as integrated system (bus) controllers, memory management control units, floating point units, graphics processing units, digital signal processing units, etc.
The processor 402 may be disposed in communication with one or more input/output (I/O) devices (411 and 412) via I/O interface 401. The I/O interface 401 may employ communication protocols/methods such as, without limitation, audio, analog, digital, stereo, IEEE-1394, serial bus, Universal Serial Bus (USB), infrared, PS/2, BNC, coaxial, component, composite, Digital Visual Interface (DVI), high-definition multimedia interface (HDMI), Radio Frequency (RF) antennas, S-Video, Video Graphics Array (VGA), IEEE 802.n /b/g/n/x, Bluetooth, cellular (e.g., Code-Division Multiple Access (CDMA), High-Speed Packet Access (HSPA+), Global System For Mobile Communications (GSM), Long-Term Evolution (LTE) or the like), etc.
Using the I/O interface 401, the computer system 400 may communicate with one or more I/O devices (411 and 412).
In some embodiments, the processor 402 may be disposed in communication with a communication network 409 via a network interface 403. The network interface 403 may communicate with the communication network 409. The network interface 403 may employ

connection protocols including, without limitation, direct connect, Ethernet (e.g., twisted pair 10/100/1000 Base T), Transmission Control Protocol/Internet Protocol (TCP/IP), token ring, IEEE 802.11a/b/g/n/x, etc. The communication network 409 can be implemented as one of the different types of networks, such as intranet or Local Area Network (LAN) and such within the organization. The communication network 409 may either be a dedicated network or a shared network, which represents an association of the different types of networks that use a variety of protocols, for example, Hypertext Transfer Protocol (HTTP), Transmission Control Protocol/Internet Protocol (TCP/IP), Wireless Application Protocol (WAP), etc., to communicate with each other. Further, the communication network 409 may include a variety of network devices, including routers, bridges, servers, computing devices, storage devices, etc.
In some embodiments, the processor 402 may be disposed in communication with a memory 405 (e.g., RAM 413, ROM 414, etc. as shown in FIG. 4) via a storage interface 404. The storage interface 404 may connect to memory 405 including, without limitation, memory drives, removable disc drives, etc., employing connection protocols such as Serial Advanced Technology Attachment (SATA), Integrated Drive Electronics (IDE), IEEE-1394, Universal Serial Bus (USB), fiber channel, Small Computer Systems Interface (SCSI), etc. The memory drives may further include a drum, magnetic disc drive, magneto-optical drive, optical drive, Redundant Array of Independent Discs (RAID), solid-state memory devices, solid-state drives, etc.
The memory 405 may store a collection of program or database components, including, without limitation, user/application data 406, an operating system 407, web browser 408 etc. In some embodiments, the computer system 400 may store user/application data 406, such as the data, variables, records, etc. as described in this invention. Such databases may be implemented as fault-tolerant, relational, scalable, secure databases such as Oracle or Sybase.
The operating system 407 may facilitate resource management and operation of the computer system 400. Examples of operating systems include, without limitation, Apple Macintosh OS X, UNIX, Unix-like system distributions (e.g., Berkeley Software Distribution (BSD), FreeBSD, Net BSD, Open BSD, etc.), Linux distributions (e.g., Red Hat, Ubuntu, K-Ubuntu, etc.), International Business Machines (IBM) OS/2, Microsoft Windows (XP, Vista/7/8, etc.), Apple iOS, Google Android, Blackberry Operating System (OS), or the like. I/O interface 401 may facilitate display, execution, interaction, manipulation, or operation of program

components through textual or graphical facilities. For example, I/O interface may provide computer interaction interface elements on a display system operatively connected to the computer system 400, such as cursors, icons, check boxes, menus, windows, widgets, etc. Graphical User Interfaces (GUIs) may be employed, including, without limitation, Apple Macintosh operating systems’ Aqua, IBM OS/2, Microsoft Windows (e.g., Aero, Metro, etc.), Unix X-Windows, web interface libraries (e.g., ActiveX, Java, JavaScript, AJAX, HTML, Adobe Flash, etc.), or the like.
In some embodiments, the computer system 400 may implement a web browser 408 stored program component. The web browser 408 may be a hypertext viewing application, such as Microsoft™ Internet Explorer, Google™ Chrome, Mozilla™ Firefox, Apple™ Safari™, etc. Secure web browsing may be provided using Secure Hypertext Transport Protocol (HTTPS) secure sockets layer (SSL), Transport Layer Security (TLS), etc. Web browsers may utilize facilities such as AJAX, DHTML, Adobe Flash, JavaScript, Java, Application Programming Interfaces (APIs), etc. In some embodiments, the computer system 400 may implement a mail server stored program component. The mail server 416 may be an Internet mail server such as Microsoft Exchange, or the like. The mail server 416 may utilize facilities such as Active Server Pages (ASP), ActiveX, American National Standards Institute (ANSI) C++/C#, Microsoft .NET, CGI scripts, Java, JavaScript, PERL, PHP, Python, WebObjects, etc. The mail server may utilize communication protocols such as Internet Message Access Protocol (IMAP), Messaging Application Programming Interface (MAPI), Microsoft Exchange, Post Office Protocol (POP), Simple Mail Transfer Protocol (SMTP), or the like. In some embodiments, the computer system 400 may implement a mail client 415 stored program component. The mail client 415 may be a mail viewing application, such as Apple™ Mail, Microsoft™ Entourage, Microsoft™ Outlook, Mozilla™ Thunderbird, etc.
Furthermore, one or more computer-readable storage media may be utilized in implementing embodiments consistent with the present invention. A computer-readable storage medium refers to any type of physical memory on which information or data readable by a processor may be stored. Thus, a computer-readable storage medium may store instructions for execution by one or more processors, including instructions for causing the processor(s) to perform steps or stages consistent with the embodiments described herein. The term “computer-readable medium” should be understood to include tangible items and exclude carrier waves and transient signals, i.e., non-transitory. Examples include Random Access Memory (RAM), Read-Only

Memory (ROM), volatile memory, nonvolatile memory, hard drives, Compact Disc (CD) ROMs, Digital Video Disc (DVDs), flash drives, disks, and any other known physical storage media.
Advantages of the embodiment of the present disclosure are illustrated herein.
In an embodiment, the present disclosure provides a method and system for full real-time vulnerability management i.e., identifying and mitigating vulnerabilities, in real-time, in a computing system.
In an embodiment, the disclosed method/system continually monitor the computing system for all potential blind spots and threats (vulnerabilities) to which the computing system is exposed. Further, the disclosed techniques prevent attacks on the computing system by eliminating/fixing the vulnerabilities in real-time before any attacker may exploit them. Thus, the disclosed techniques enhance the security of computing system by protecting the computing system from internal/external attacks thereby, preventing reputational, business, and data loss for an organization. Further, the disclosed techniques save cost and resources for the organization by automatically handling the vulnerabilities.
In an embodiment, the disclosed techniques provide a real-time dashboard for the relevant authority, the dashboard comprising information on identified vulnerabilities, risk involved, suggested ways to mitigate the vulnerabilities; along with various insights and analytics.
In an embodiment, disclosed techniques suggest/recommend patches or solutions to fix the vulnerabilities in new software applications using the information pertaining to one or more previously identified vulnerabilities.
The terms “an embodiment”, “embodiment”, “embodiments”, “the embodiment”, “the embodiments”, “one or more embodiments”, “some embodiments”, and “one embodiment” mean “one or more (but not all) embodiments of the invention(s)” unless expressly specified otherwise.
The terms “including”, “comprising”, “having” and variations thereof mean “including but not limited to”, unless expressly specified otherwise.
The enumerated listing of items does not imply that any or all of the items are mutually exclusive, unless expressly specified otherwise.

The terms “a”, “an” and “the” mean “one or more”, unless expressly specified otherwise.
A description of an embodiment with several components in communication with each other does not imply that all such components are required. On the contrary, a variety of optional components are described to illustrate the wide variety of possible embodiments of the invention.
When a single device or article is described herein, it will be readily apparent that more than one device/article (whether or not they cooperate) may be used in place of a single device/article. Similarly, where more than one device or article is described herein (whether or not they cooperate), it will be readily apparent that a single device/article may be used in place of the more than one device or article or a different number of devices/articles may be used instead of the shown number of devices or programs. The functionality and/or the features of a device may be alternatively embodied by one or more other devices which are not explicitly described as having such functionality/features. Thus, other embodiments of the invention need not include the device itself.
Finally, the language used in the specification has been principally selected for readability and instructional purposes, and it may not have been selected to delineate or circumscribe the inventive subject matter. It is therefore intended that the scope of the invention be limited not by this detailed description, but rather by any claims that issue on an application based here on. Accordingly, the embodiments of the present invention are intended to be illustrative, but not limiting, of the scope of the invention, which is set forth in the following claims.
While various aspects and embodiments have been disclosed herein, other aspects and embodiments will be apparent to those skilled in the art. The various aspects and embodiments disclosed herein are for purposes of illustration and are not intended to be limiting, with the true scope and spirit being indicated by the following claims.

Referral Numerals:

Reference Number Description
100 ENVIRONMENT
102 VULNERABILITY MANAGEMENT SYSTEM
104 DATABASE
106 COMPUTING SYSTEM
202 I/O INTERFACE
204 PROCESSOR
206 MEMORY
208 UNITS
210 BUG-FIX AND SOFTWARE UPDATE INFORMATION
212 TEST CASE INFORMATION
214 MONITORING UNIT
216 DETECTING UNIT
218 IDENTIFYING UNIT
220 UPDATING UNIT
222 VERIFYING UNIT
224 RECOMMENDING UNIT
226 REPORT GENERATING UNIT
228 OTHER UNITS
400 EXEMPLARY COMPUTER SYSTEM
401 I/O INTERFACE OF THE EXEMPLARY COMPUTER SYSTEM
402 PROCESSOR OF THE EXEMPLARY COMPUTER SYSTEM
403 NETWORK INTERFACE
404 STORAGE INTERFACE
405 MEMORY OF THE EXEMPLARY COMPUTER SYSTEM
406 USER/APPLICATION
407 OPERATING SYSTEM
408 WEB BROWSER
409 COMMUNICATION NETWORK

410 DATABASE UPDATE
411 INPUT DEVICES
412 OUTPUT DEVICES
413 RAM
414 ROM
415 MAIL CLIENT
416 MAIL SERVER
417 WEB SERVER

WE CLAIM:
1. A method (300) of managing vulnerabilities in a computing system (106), the method (300)
comprising:
monitoring (302), by a vulnerability management system (102), one or more databases (104) which are being updated continuously with at least one of bug and fix information and software update information pertaining to a plurality of software applications;
detecting (304), by the vulnerability management system (102), an update in at least one of the bug and fix information and the software update information;
identifying (306), by the vulnerability management system (102), one or more software applications of the plurality of software applications, running on the computing system (106), being affected due to the detected update; and
updating (308), by the vulnerability management system (102), in real-time the one or more software applications by using at least one of the bug and fix information and the software update information, in a manner such that the updated one or more software applications mitigate risk of vulnerabilities in the computing system (106) being caused while using the one or more software applications.
2. The method as claimed in claim 1, wherein the one or more databases (104) comprise at least one of Common Vulnerability Exposure (CVE) database, Common Weakness Enumeration (CWE) database, and Open Web Application Security Project (OWASP).
3. The method as claimed in claim 1, further comprising:
verifying functionality of the computing system (106) upon being updated with the updated one or more software applications by:
executing one or more test cases on the computing system (106);
determining results of the execution of the one or more test cases;
comparing the determined results vis-à-vis previously stored results associated with the computing system (106) when executing the one or more software applications; and
performing, based on the comparing, one of:

restoring the computing system (106) to an initial state with the one or more software applications when a mismatch is detected during the comparison; and
allowing the computing system (106) with the execution of the updated one or more software applications when no mismatch is detected during the comparison.
4. The method as claimed in claim 3, further comprising:
sending a report to a device associated with an administrator of the computing system (106), wherein the report comprises information pertaining to the bug and fix information and the software update information corresponding to the identified one or more software applications, operational changes in the computing system (106) caused while updating the one or more software applications, and execution results of the one or more test cases.
5. The method as claimed in claim 1, further comprising:
learning about one or more vulnerabilities being resolved while updating the one or more software applications implemented on the computing system (106); and
suggesting at least one of the bug and fix information and the software update information for resolving the previously learnt one or more vulnerabilities detected in one or more new software applications.
6. The method as claimed in claim 1, wherein the one or more software applications comprise
web applications, mobile applications, application programming interfaces (APIs), and
microservices running on the computing system (106) over internet or intranet.
7. A vulnerability management system (102) for managing vulnerabilities in a computing
system (106), the vulnerability management system (102) comprising:
a monitoring unit (214) to monitor one or more databases (102) which are being updated continuously with at least one of bug and fix information and software update information pertaining to a plurality of software applications;
a detecting unit (216) to detect an update in at least one of the bug and fix information and the software update information;

an identifying unit (218) to identify one or more software applications of the plurality of software applications, running on the computing system (106), being affected due to the detected update; and
an updating unit (220) to update, in real-time, the one or more software applications by using at least one of the bug and fix information and the software update information, in a manner such that the updated one or more software applications mitigate risk of vulnerabilities in the computing system (106) being caused while using the one or more software applications.
8. The vulnerability management system (102) as claimed in claim 7, further comprising a
verifying unit (222) to verify functionality of the computing system (106) upon being
updated with the updated one or more software applications by:
executing one or more test cases on the computing system (106); determining results of the execution of the one or more test cases; comparing the determined results vis-à-vis previously stored results associated with the computing system (106) when executing the one or more software applications; and performing, based on the comparing, one of:
restoring the computing system (106) to an initial state with the one or more software applications when a mismatch is detected during the comparison; and
allowing the computing system (106) with the execution of the updated one or more software applications when no mismatch is detected during the comparison.
9. The vulnerability management system (102) as claimed in claim 8, further comprising:
a report generating unit (226) to generate and send a report to a device associated with an administrator of the computing system (106), wherein the report comprises information pertaining to the bug and fix information and the software update information corresponding to the identified one or more software applications, operational changes in the computing system (106) caused while updating the one or more software applications, and execution results of the one or more test cases.

10. The vulnerability management system (102) as claimed in claim 7, further comprising a recommending unit (224) to:
learn about one or more vulnerabilities being resolved while updating the one or more software applications implemented on the computing system (106); and
suggest at least one of the bug and fix information and the software update information for resolving the previously learnt one or more vulnerabilities detected in one or more new software applications.