View All Documents & Correspondence
Computerized Systems And Methods For Presenting Security Defects
Abstract: Systems and methods for presenting and mitigating security defects in a systems development process. The method comprises receiving a set of security defects, each of which may be associated with a severity level and a development stage. The method further comprises applying at least one rule to one of the received security defects to determine whether a risk associated with the at least one defects is reduced. Each rule may be associated with a weight representative of the probability that the rule correctly predicts that the risk is reduced. The method further comprises determining which of the rules applied to the at least one defect and appropriately modifying the associated severity level. The method further comprises presenting the received security defects, based on the severity level associated with each defect and the weight associated with a rule applied to each defect. Systems and computer readable media are also provided. FIG. 1
Notices, Deadlines & Correspondence
Patent Information
Applicants
WIPRO LIMITED
Inventors
1. SOURAV SAM BHATTACHARYA
Specification
CLIAMS:We claim:
1. A method for presenting security defects comprising:
receiving a set of security defects, each security defect being associated with a severity level and with a development stage in a systems development process;
applying, using at least one hardware processor, at least one rule of at least one set of rules to at least one defect of the received set of security defects, to determine if a risk associated with the at least one defect is reduced, wherein each rule is associated with a weight representing a probability that the rule correctly predicts that the risk is reduced;
based on the step of applying, determining which of the rules applied to the at least one defect, and modifying the severity level associated with the at least one defect;
presenting the received set of security defects, based at least on the severity level associated with each defect and the weight associated with an applied rule.
2. The method of claim 1, wherein:
applying at least one rule comprises applying a rule to determine whether solving a first defect in a first development stage at least partially solves another of the defects, by determining whether the first security defect is related to at least one of i) a second security defect in a second development stage, ii) a third security defect in a third development stage, or iii) a fourth security defect in a fourth development stage; and
wherein the weight associated with the at least one rule represents a probability that the rule correctly predicts that solving a first defect will at least partially solve one or more of the second, third, or fourth defects.
3.The method of claim 2, wherein if it is determined that solving the first security defect partially solves the second security defect, reducing the severity level of the second security defect, where solving the first security defect partially solves the second security defect if solving the first security defect reduces a risk associated with the second security defect.
4. The method of claim 2, wherein if it is determined that solving a first security defect will fully solve the second security defect, marking the second security defect to be a false positive defect.
5. The method of claim 2, wherein solving a security defect comprises at least one of i) modifying software code associated with the security defect, ii) modifying a development artifact associated with the security defect, or iii) modifying a production environment related to the systems development process.
6. The method of claim 1, wherein
applying at least one rule comprises applying a production rule to determine whether at least one change in a production environment will partially or fully solve a defect; and
wherein the weight associated with the at least one rule represents a probability that the rule correctly predicts that making the at least one change in the production environment will at least partially solve the defect.
7. The method of claim 1, further comprising:
receiving results indicating which of the at least one rules was applied and whether the application of the at least one rules led to a correct security defect mitigation; and
based on the results, updating the weight associated with each applied rule.
8. A system for presenting security defects comprising:
at least one hardware processor; and
storage comprising instructions that, when executed by the at least one computer processor, cause the at least one computer processor to perform a method comprising:
receiving a set of security defects, each security defect being associated with a severity level and with a development stage in a systems development process;
applying at least one rule of at least one set of rules to at least one defect of the received set of security defects, to determine if a risk associated with the at least one defect is reduced, wherein each rule is associated with a weight representing a probability that the rule correctly predicts that the risk is reduced;
based on the step of applying, determining which of the rules applied to the at least one defect, and modifying the severity level associated with the at least one defect;
presenting the received set of security defects, based at least on the severity level associated with each defect and the weight associated with an applied rule.
9. The system of claim 8, wherein:
applying at least one rule comprises applying a rule to determine whether solving a first defect in a first development stage at least partially solves another of the defects, by determining whether the first security defect is related to at least one of i) a second security defect in a second development stage, ii) a third security defect in a third development stage, or iii) a fourth security defect in a fourth development stage; and
wherein the weight associated with the at least one rule represents a probability that the rule correctly predicts that solving a first defect will at least partially solve one or more of the second, third, or fourth defects.
10. The system of claim 9, wherein if it is determined that solving the first security defect partially solves the second security defect, reducing the severity level of the second security defect, where solving the first security defect partially solves the second security defect if solving the first security defect reduces a risk associated with the second security defect.
11. The system of claim 9, wherein if it is determined that solving a first security defect will fully solve the second security defect, marking the second security defect to be a false positive defect.
12. The system of claim 9, wherein solving a security defect comprises at least one of i) modifying software code associated with the security defect, ii) modifying a development artifact associated with the security defect, or iii) modifying a production environment related to the systems development process.
13. The system of claim 8, wherein
applying at least one rule comprises applying a production rule to determine whether at least one change in a production environment will partially or fully solve a defect; and
wherein the weight associated with the at least one rule represents a probability that the rule correctly predicts that making the at least one change in the production environment will at least partially solve the defect.
14. The system of claim 8, wherein the instructions are further configured to cause the at least one processor to:
receive results indicating which of the at least one rules was applied and whether the application of the at least one rules led to a correct security defect mitigation; and
based on the results, update a weight associated with each applied rule.
15. A non transitory computer readable medium storing instructions that, when executed by at least one computer processor, cause the at least one computer processor to perform a method comprising:
receiving a set of security defects, each security defect being associated with a severity level and with a development stage in a systems development process;
applying at least one rule of at least one set of rules to at least one defect of the received set of security defects, to determine if a risk associated with the at least one defect is reduced, wherein each rule is associated with a weight representing a probability that the rule correctly predicts that the risk is reduced;
based on the step of applying, determining which of the rules applied to the at least one defect, and modifying the severity level associated with the at least one defect;
presenting the received set of security defects, based at least on the severity level associated with each defect and the weight associated with an applied rule.
Dated this 16th day of October, 2014
SHWETHA A CHIMALGI
OF K & S PARTNERS
AGENT FOR THE APPLICANTS
,TagSPECI:FIELD OF THE INVENTION
The disclosure is generally directed to the field of security defect presentation and mitigation in a systems development process.
Documents
Application Documents
| # | Name | Date |
|---|---|---|
| 1 | 5181-CHE-2014 FORM-9 16-10-2014.pdf | 2014-10-16 |
| 1 | 5181-CHE-2014-US(14)-HearingNotice-(HearingDate-07-12-2020).pdf | 2021-10-17 |
| 2 | 5181-CHE-2014 FORM-18 16-10-2014.pdf | 2014-10-16 |
| 2 | 5181-CHE-2014-Correspondence to notify the Controller [07-12-2020(online)].pdf | 2020-12-07 |
| 3 | IP28687-Spec.pdf | 2014-10-28 |
| 3 | 5181-CHE-2014-ABSTRACT [02-01-2020(online)].pdf | 2020-01-02 |
| 4 | IP28687-fig.pdf | 2014-10-28 |
| 4 | 5181-CHE-2014-CLAIMS [02-01-2020(online)].pdf | 2020-01-02 |
| 5 | FORM 5-IP28687.pdf | 2014-10-28 |
| 5 | 5181-CHE-2014-CORRESPONDENCE [02-01-2020(online)].pdf | 2020-01-02 |
| 6 | FORM 3-IP28687.pdf | 2014-10-28 |
| 6 | 5181-CHE-2014-DRAWING [02-01-2020(online)].pdf | 2020-01-02 |
| 7 | 5181-CHE-2014-FER_SER_REPLY [02-01-2020(online)].pdf | 2020-01-02 |
| 7 | 5181-CHE-2014 CORRESPONDENCE OTHERS 29-10-2014.pdf | 2014-10-29 |
| 8 | 5181-CHE-2014-OTHERS [02-01-2020(online)].pdf | 2020-01-02 |
| 8 | 5181-CHE-2014 POWER OF ATTORNEY 30-12-2014.pdf | 2014-12-30 |
| 9 | 5181-CHE-2014 FORM-1 30-12-2014.pdf | 2014-12-30 |
| 9 | 5181-CHE-2014-FORM 3 [31-12-2019(online)].pdf | 2019-12-31 |
| 10 | 5181-CHE-2014 CORRESPONDENCE OTHERS 30-12-2014.pdf | 2014-12-30 |
| 10 | 5181-CHE-2014-Information under section 8(2) (MANDATORY) [31-12-2019(online)].pdf | 2019-12-31 |
| 11 | 5181-CHE-2014-FER.pdf | 2019-07-02 |
| 12 | 5181-CHE-2014 CORRESPONDENCE OTHERS 30-12-2014.pdf | 2014-12-30 |
| 12 | 5181-CHE-2014-Information under section 8(2) (MANDATORY) [31-12-2019(online)].pdf | 2019-12-31 |
| 13 | 5181-CHE-2014 FORM-1 30-12-2014.pdf | 2014-12-30 |
| 13 | 5181-CHE-2014-FORM 3 [31-12-2019(online)].pdf | 2019-12-31 |
| 14 | 5181-CHE-2014 POWER OF ATTORNEY 30-12-2014.pdf | 2014-12-30 |
| 14 | 5181-CHE-2014-OTHERS [02-01-2020(online)].pdf | 2020-01-02 |
| 15 | 5181-CHE-2014 CORRESPONDENCE OTHERS 29-10-2014.pdf | 2014-10-29 |
| 15 | 5181-CHE-2014-FER_SER_REPLY [02-01-2020(online)].pdf | 2020-01-02 |
| 16 | 5181-CHE-2014-DRAWING [02-01-2020(online)].pdf | 2020-01-02 |
| 16 | FORM 3-IP28687.pdf | 2014-10-28 |
| 17 | 5181-CHE-2014-CORRESPONDENCE [02-01-2020(online)].pdf | 2020-01-02 |
| 17 | FORM 5-IP28687.pdf | 2014-10-28 |
| 18 | 5181-CHE-2014-CLAIMS [02-01-2020(online)].pdf | 2020-01-02 |
| 18 | IP28687-fig.pdf | 2014-10-28 |
| 19 | IP28687-Spec.pdf | 2014-10-28 |
| 19 | 5181-CHE-2014-ABSTRACT [02-01-2020(online)].pdf | 2020-01-02 |
| 20 | 5181-CHE-2014-Correspondence to notify the Controller [07-12-2020(online)].pdf | 2020-12-07 |
| 20 | 5181-CHE-2014 FORM-18 16-10-2014.pdf | 2014-10-16 |
| 21 | 5181-CHE-2014-US(14)-HearingNotice-(HearingDate-07-12-2020).pdf | 2021-10-17 |
| 21 | 5181-CHE-2014 FORM-9 16-10-2014.pdf | 2014-10-16 |
Search Strategy
| 1 | 2019-06-2713-55-19_27-06-2019.pdf |