[001] This disclosure relates generally to updating of software components, and more particularly to a method and system for identifying update releases for an application.

Background
[002] Web applications are increasingly being used to deliver critical services, thereby making them a valuable target for security attacks. As such, security of a web application is critical due to the ever-increasing number of cyber threats, and has become an area of major concern. The application security is critical to an organization's compliance with the most recent cybersecurity standards. Therefore, application security solutions are needed that are able to test web applications for vulnerabilities that can be exploited.
[003] Various organizations and development teams benefit from a variety of open-source components. Many applications today rely on open-source components to accelerate the delivery of digital innovation. Each open-source component has its own set of features and bugs. In order to add new features or address the bugs, security updates are released from time to time. It is necessary to update the component to the most recent version to avoid vulnerabilities that creates serious risks. However, the release of these security updates is required to be identified manually which proves to be an effort-intensive and time-intensive process.
[004] Therefore, an automated solution for identifying security releases in order to avoid vulnerabilities that pose serious risks is desired.

SUMMARY
[005] In an embodiment, a method of identifying update releases for an application is disclosed. The method may include fetching a Uniform Resource Locator (URL) associated with each of one or more components from a database. The application may include the one or more components. The method may further include accessing a web-page corresponding to the URL associated with each of the one or more components. An update release for each of the one or more components is published on the web-page corresponding to the URL associated with each of the one or more components. The method may further include extracting one or more relevant text portions from the web-page. The one or more relevant text portions may correspond to one or more update releases. The method may further include identifying the target update release from the one or more update releases, using a Machine Learning (ML)-based classification model.
[006] In another embodiment, a system of identifying update releases for an application is disclosed. The system may include a processor, and a memory which stores a plurality of instructions. The plurality of instructions, upon execution by the processor, may cause the processor to fetch a URL associated with each of one or more components from a database. The application may include the one or more components. The plurality of instructions may further cause the processor to access a web page corresponding to the URL associated with each of the one or more components. An update released for each of the one or more components is published on the web page corresponding to the URL associated with each of the one or more components The plurality of instructions may further cause the processor to extract one or more relevant text portions from the web page. The one or more relevant text portions may correspond to one or more update releases. The plurality of instructions may further cause the processor to identify the target update release from the one or more update releases.
[007] In yet another embodiment, a non-transitory computer-readable medium storing computer-executable instructions for identifying update releases for an application is disclosed. The computer-executable instructions may be configured to fetch a URL associated with each of one or more components from a database. The application may include the one or more components. The computer-executable instructions may be further configured to access a web-page corresponding to the URL associated with each of the one or more components. An update release for each of the one or more components is published on the web-page corresponding to the URL associated with each of the one or more components. The computer-executable instructions may be further configured to extract one or more relevant text portions from the web-page. The one or more relevant text portions may correspond to one or more update releases. The computer-executable instructions may be configured to identify the target update release from the one or more update releases, using a Machine Learning (ML)-based classification model.
[008] It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS
[009] The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate exemplary embodiments and, together with the description, serve to explain the disclosed principles.
[010] FIG. 1 is an exemplary computing system that may be employed to implement processing functionality for various embodiments of the present disclosure.
[011] FIG. 2 illustrates a functional block diagram of an updating device, in accordance with an embodiment of the present disclosure.
[012] FIG. 3 is a snapshot of an example web-page, in accordance with some embodiments of the present disclosure.
[013] FIG. 4 illustrates a flowchart of a method of identifying update release for an application, in accordance with an embodiment of the present disclosure.
[014] FIG. 5 illustrates another flowchart of a method of identifying update releases for an application using a model, in accordance with another embodiment of the present disclosure.

DETAILED DESCRIPTION
[015] Exemplary embodiments are described with reference to the accompanying drawings. Wherever convenient, the same reference numbers are used throughout the drawings to refer to the same or like parts. While examples and features of disclosed principles are described herein, modifications, adaptations, and other implementations are possible without departing from the spirit and scope of the disclosed embodiments. It is intended that the following detailed description be considered as exemplary only, with the true scope and spirit being indicated by the following claims. Additional illustrative embodiments are listed below.
[016] Adoption of open-source components and software has increased significantly over the past few years to supplement proprietary code developed in-house and to accelerate time-to-market. As it will appreciated by those skilled in the art, open-source components are freely available in the public domain that people can use, modify, and share. The use of open-source components can help to accelerate application development and bring compelling business applications to market them faster. However, the use of open-source components introduces new challenges that the organization must manage, such as balancing the risk, quality, vulnerability, and application security.
[017] The present disclosure provides for identifying update releases for an application. An application may make use of a variety of open-source components (or simply components), for example, Elasticsearch, MySQL, Solr, and so on. Each of these components may be updated on a regular basis for adding new features and/or fixing bugs in the previous releases. In order to avoid security issues, the components must be timely updated in the product or application where they are used. The updates are typically released on the web-page of the associated component, and therefore may be accessed via the Uniform Resource Locator (URL) associated with the web-page. The present disclosure provides for automatically identifying update released on the web-page and further notifying a user about the new releases.
[018] Referring now to FIG. 1, an exemplary computing system 100 that may be employed to implement processing functionality for various embodiments (e.g., as a SIMD device, client device, server device, one or more processors, or the like) is illustrated. Those skilled in the relevant art will also recognize how to implement the invention using other computer systems or architectures. The computing system 100 may represent, for example, a user device such as a desktop, a laptop, a mobile phone, personal entertainment device, DVR, and so on, or any other type of special or general-purpose computing device as may be desirable or appropriate for a given application or environment. The computing system 100 may include one or more processors, such as a processor 102 that may be implemented using a general or special purpose processing engine such as, for example, a microprocessor, microcontroller or other control logic. In this example, the processor 102 is connected to a bus 104 or other communication media. In some embodiments, the processor 102 may be an Artificial Intelligence (AI) processor, which may be implemented as a Tensor Processing Unit (TPU), or a graphical processor unit, or a custom programmable solution Field-Programmable Gate Array (FPGA).
[019] The computing system 100 may also include a memory 106 (main memory), for example, Random Access Memory (RAM) or other dynamic memory, for storing information and instructions to be executed by the processor 102. The memory 106 also may be used for storing temporary variables or other intermediate information during the execution of instructions to be executed by processor 102. The computing system 100 may likewise include a read-only memory (“ROM”) or other static storage device coupled to bus 104 for storing static information and instructions for the processor 102.
[020] The computing system 100 may also include storage devices 108, which may include, for example, a media drive 110 and a removable storage interface. The media drive 110 may include a drive or other mechanism to support fixed or removable storage media, such as a hard disk drive, a floppy disk drive, a magnetic tape drive, an SD card port, a USB port, a micro-USB, an optical disk drive, a CD or DVD drive (R or RW), or other removable or fixed media drive. A storage media 112 may include, for example, a hard disk, magnetic tape, flash drive, or other fixed or removable media that is read by and written to by the media drive 110. As these examples illustrate, the storage media 112 may include a computer-readable storage medium having stored therein particular computer software or data.
[021] In alternative embodiments, the storage devices 108 may include other similar instrumentalities for allowing computer programs or other instructions or data to be loaded into the computing system 100. Such instrumentalities may include, for example, a removable storage unit 114 and a storage unit interface 116, such as a program cartridge and cartridge interface, a removable memory (for example, a flash memory or other removable memory module) and memory slot, and other removable storage units and interfaces that allow software and data to be transferred from the removable storage unit 114 to the computing system 100.
[022] The computing system 100 may also include a communications interface 118. The communications interface 118 may be used to allow software and data to be transferred between the computing system 100 and external devices. Examples of the communications interface 118 may include a network interface (such as an Ethernet or other NIC card), a communications port (such as for example, a USB port, a micro-USB port), Near field Communication (NFC), etc. Software and data transferred via the communications interface 118 are in the form of signals which may be electronic, electromagnetic, optical, or other signals capable of being received by the communications interface 118. These signals are provided to the communications interface 118 via a channel 120. The channel 120 may carry signals and may be implemented using a wireless medium, wire or cable, fiber optics, or other communications medium. Some examples of the channel 120 may include a phone line, a cellular phone link, an RF link, a Bluetooth link, a network interface, a local or wide area network, and other communications channels.
[023] The computing system 100 may further include Input/Output (I/O) devices 122. Examples may include, but are not limited to a display, keypad, microphone, audio speakers, vibrating motor, LED lights, etc. The I/O devices 122 may receive input from a user and also display an output of the computation performed by the processor 102. In this document, the terms “computer program product” and “computer-readable medium” may be used generally to refer to media such as, for example, the memory 106, the storage devices 108, the removable storage unit 114, or signal(s) on the channel 120. These and other forms of computer-readable media may be involved in providing one or more sequences of one or more instructions to the processor 102 for execution. Such instructions, generally referred to as “computer program code” (which may be grouped in the form of computer programs or other groupings), when executed, enable the computing system 100 to perform features or functions of embodiments of the present invention.
[024] In an embodiment where the elements are implemented using software, the software may be stored in a computer-readable medium and loaded into the computing system 100 using, for example, the removable storage unit 114, the media drive 110 or the communications interface 118. The control logic (in this example, software instructions or computer program code), when executed by the processor 102, causes the processor 102 to perform the functions of the invention as described herein.
[025] Referring now to FIG. 2, a functional block diagram of an updating device 200 for identifying update releases for an application is illustrated, in accordance with some embodiments of the present disclosure. FIG. 2 is explained in conjunction with elements of the computing system 100. The updating device 200 may be configured to fetch a Uniform Resource Locator (URL) associated with each of one or more components from a database. The application may include the one or more components. The plurality of components may include an Elastic search, a MySQL, and a Solr. Further, the update release may be a security update release. It should be noted that the one or more components may be open-source components. Further, for example, the one or more components may be installed on edge devices, virtual machines, or prod servers.
[026] The updating device 200 may be further configured to access a web-page corresponding to the URL associated with each of the one or more components. It should be noted that an update release for each of the one or more components may be published on the web-page corresponding to the URL associated with each of the one or more components. For example, the web-page may be in HTML format. The updating device 200 may be further configured to extract one or more relevant text portions from the web-page. The one or more relevant text portions may correspond to one or more update releases.
[027] The updating device 200 may be further configured to identify the target update release from the one or more update releases, using a Machine Learning (ML)-based classification model. To this end, the ML model may be trained using a training dataset including a plurality of web-pages and at least one relevant text portion present in each of the plurality of web-pages. In some embodiments, training the ML model may include receiving one or more verified text portions. The one or more verified text portions may be obtained upon manually verifying the one or more text portions from the web-page for accuracy and exhaustiveness of the extraction. The ML model may be trained based on the one or more verified text portions.
[028] Upon identifying the target update release, the updating device 200 may be further configured to label the target update release with a first label and labelling each of remaining of the one or more update releases with a second label. Further, in some embodiments, upon identifying the target update release, the updating device 200 may be further configured to send a notification to a user device to notify a user about a target update release for a component of the one or more components.
[029] In order to perform the above functions, in some embodiments, the updating device 200 may include various modules, for example, a fetching module 202, a web-page accessing module 204, an extracting module 206, an update identifying module 208, and a notifying module 210.
[030] The fetching module 202 may be configured to fetch a Uniform Resource Locator (URL) associated with each of one or more components from a database. It should be noted that the application may include the one or more components. The plurality of components may include an Elastic search, a MySQL, and a Solr. Further, the update release may be a security update release.
[031] The web-page accessing module 204 may be configured to access a web-page corresponding to the URL associated with each of the one or more components. In other words, the web-page accessing module 204 may scrape the contents from each link, to identify the release update. It should be noted that an update release for each of the one or more components may be published on the web-page corresponding to the URL associated with each of the one or more components. For example, the web-page may be in HTML format.
[032] The extracting module 206 may be configured to extract one or more relevant text portions from the web-page. The one or more relevant text portions may correspond to one or more update releases. As will be appreciated by those skilled in the art, the web page may be accessed using a browser by entering the URL in the address bar located in the browser. Further, as will be appreciated, a web page is a document that may be defined as a page of a website, commonly written in HTML, and viewed in an Internet browser, and may contain text, graphics, and hyperlinks to other web pages and files. In an embodiment, each component is updated at regular intervals to add new features or fix bugs in the previous releases. To avoid security issues, the components must be updated in the product/ application where they are used.
[033] The extracting module 206 may therefore extract all the web content from the web page. The extracted web content/data may be in HTML format. The information regarding the release updates for each of the one or more components for a particular application may be published on the web page corresponding to the URL associated with each of the one or more components. For example, web content from the website can be scrapped or extracted using web scraper tools like Parse Hub, Scrapy, and so on. Further, the one or more relevant text portions may be obtained from the extracted web content by pre-processing the content, for example, by removing unnecessary features such as HTML tags, junk characters, punctuations, and so on from the extracted web content.
[034] The update identifying module 208 may be configured to identify the target update release from the one or more update releases, using a Machine Learning (ML)-based classification model. This is further explained in conjunction with FIG. 3.
[035] In order to identify the target update release, the ML model may be trained using a training dataset including a plurality of web-pages and at least one relevant text portion present in each of the plurality of web-pages. In some embodiments, training the ML model may include receiving one or more verified text portions. The one or more verified text portions may be obtained upon manually verifying the one or more text portions from the web-page for accuracy and exhaustiveness of the extraction. The ML model may be trained based on the one or more verified text portions.
[036] In some embodiments, the notifying module 210 may be configured to send a notification to a user device to notify a user about a target update release for a component of the one or more components. In other words, the notifying module 210 may notify the user whenever the target update for a component is released and published on the respective web-page. The notifying module 214 may trigger a notification on a user device (for example, a smartphone, or a computing device like a desktop, etc.) to notify the user about the publishing of an update of a given component of the application.
[037] Referring now to FIG. 3, a snapshot of an example web-page 300 is illustrated, in accordance with some embodiments. The web-page 300 may be an update release page for a component, e.g. “Solr” component, corresponding to a URL associated with the said component (for example, available at https://solr.apache.org/). Further, as shown in FIG. 3, the web-page 300 may include various text portions, out of which one or more relevant text portions 302, 304 may be extracted, by the extracting module 206. As such, the one or more relevant text portions 302, 304 may potentially correspond to one or more update releases (as such, the relevant text portions 302, 304 may have been interchangeably referred to as one or more update releases 302, 304). Further, the update identifying module 208 may identify a target update release from the one or more update releases 302, 304, using the ML-based classification model. For example, in the above example web-page 300, the relevant text portions 304 may be identified as the target update release by the update identifying module 208.
[038] Further, in some embodiments, upon identifying the target update release, the target update release may be labelled with a first label (L1). Further, the remaining of the one or more update releases may be labelled with a second label (L2). As such, in the above example web-page 300, upon identifying the target update release 302, the target update release 302 may be labelled with the first label (L1), and remaining update release 304 may be labelled with the second label (L2). In other words, the target update release and the remaining of the one or more update releases may be labelled differently in order to be distinguished easily.
[039] Referring now to FIG. 4, a flowchart of a method 400 of identifying update releases for an application is illustrated, in accordance with an embodiment. At step 402, a URL associated with each of one or more components for an application may be fetched. At step 404, a web page corresponding to the URL associated with each of the one or more components for the application may be accessed. In particular, the web-page may be accessed by inputting the desired address or URL into an address bar located in the browser.
[040] At step 406, one or more relevant text portions may be extracted from the web page corresponding to one or more update releases, for example, using some web scraper tools. The relevant text portions from the web page can be extracted after verifying one or more text portions from the web page for accuracy and comprehensiveness of the extraction. Further, pre-processing may be performed on the extracted web content to remove one or more irrelevant portions from the web page. For example, the one or more irrelevant text portions may include at least one HTML tag, a junk character, and a punctuation. At step 408, the target update release from the one or more potential update releases may be identified, using a ML-based classification model.
[041] Additionally, in some embodiments, the method 400 may further include step 410. At step 410, the target update release may be labelled with a first label. Further, each of the remaining of the one or more update releases may be labelled with a second label. In the context of above example of FIG. 3, the target update release i.e. 302 (“Jetty server updated to 9.4.41 which fixes some known vulnerabilities (SOLR-15316)”) may be labeled as a “security update release” (L1), and the remaining of the potential update releases i.e. 304 may be labeled as “other releases” (L2).
[042] It should be noted that in some embodiments, the ML model may be trained using a training dataset. The training data set may include a plurality of web-pages and at least one relevant text portion on each of the web-pages. The training of the ML model may also include feeding one or more verified text portions, which are obtained by manually verifying the one or more text portions from the web page for accuracy and exhaustiveness of the extraction. As will be appreciated, the training of the ML model may be based on the one or more verified text portions.
[043] Referring now to FIG. 5, a flowchart of a method 500 for identifying security release updates using a ML model is illustrated, in accordance with some embodiments of the present disclosure. At step 502 content data may be extracted from a web-page corresponding to the URL associated with each of the components for a web application. Further, at step 504, the content data from the web-page may be pre-processed to remove one or more irrelevant text portions. By the way of an example, an HTML tag, a junk character, and a punctuation may be removed from the content data to obtain relevant text portions from the web-page. At step 506, upon pre-processing, one or more relevant text portions may be extracted from the web-page. The one or more relevant text portions may correspond to one or more update releases, respectively.
[044] At step 508, a upon extracting the one or more relevant text portions from the web-page, a check may be performed to determine whether a relevant text portion (of the one or more relevant text portions) is identified as a target update release or not. At step 508, if the relevant text portion is identified as the target update release, the method 500 may proceed to step 510 (“Yes” path). At step 510, the target update release may be labelled with a first label (L1), e.g. “security release”. However, at step 508, if the relevant text portion is not identified as the target update release, the method 500 may proceed to step 512 (“No” path). At step 512, the relevant text portion may be labelled with a second label (L2), e.g. “other release’.
[045] In some embodiments, additionally the ML model may be trained, via steps 514-518. At step 514, a feature selection may be performed for creating and training a classification model (i.e. the ML model). As will be appreciated, the feature selection may be performed to reduce a number of input variables so as to both reduce the computational cost of modelling and, in some cases, to improve the performance of the model. As will be understood, the steps 504-514 may be account for training data preparation. In other words, the output of the steps 504-514 may be used as training data for training the ML model.
[046] At step 516, the classification model may be created based on the training data and may be used for carrying out further predictions. For example, as the target update release identification (i.e. classification) is performed for one component of the application, the ML model is trained based on the process of classification and manual verification of the classification. As such, the trained ML model may be further used for other components of the application for prediction update releases for those components. Once a base classification model is created, the data for new component may be sent to the classification model for prediction by skipping the training step. As such, if a security patch (i.e. the target update release) is found for the given component, the user may be notified.
[047] At step 518, the classification model may be further tuned based on manual verification of the classification. In other words, the classification model may be tuned if any new security release pattern found. This process may be repeated for new components that are continuously being added to the application.
[048] One or more techniques for identifying update releases for an application are disclosed above. The above techniques, by providing an automated solution for identifying the update releases, reduce the manual effort to identify such releases. As such, the above techniques help in keeping the open-source components updated while avoiding security issues. Further, the above techniques are able to identify the security releases in a time-efficient and cost-efficient manner with minimal amount of manual effort. Furthermore, the above techniques provide for notifying the developers to keep them updated on the new security releases.
[049] It is intended that the disclosure and examples be considered as exemplary only, with a true scope and spirit of disclosed embodiments being indicated by the following claims.

CLAIMS

We claim:

1. A method (400) of identifying update releases for an application, the method (400) comprising:
fetching (402), by an updating device (200), from a database, a Uniform Resource Locator (URL) associated with each of one or more components, wherein the application comprises the one or more components;
accessing (404), by the updating device (200), a web-page corresponding to the URL associated with each of the one or more components,
wherein an update release for each of the one or more components is published on the web-page corresponding to the URL associated with each of the one or more components,
extracting (406), by the updating device (200), one or more relevant text portions from the web-page, wherein the one or more relevant text portions correspond to one or more update releases; and
identifying (408), by the updating device (200), the target update release from the one or more update releases, using a Machine Learning (ML)-based classification model.

2. The method (400) as claimed in claim 1, wherein the plurality of components comprise an Elastic search, a MySQL, and a Solr,

3. The method (400) as claimed in claim 1, wherein the update release is a security update release.

4. The method (400) as claimed in claim 1, wherein the web-page is in HTML format.

5. The method (400) as claimed in claim 1 further comprising:
upon identifying the target update release, sending a notification to a user device to notify a user about a target update release for a component of the one or more components.

6. The method (400) as claimed in claim 1 further comprising:
upon identifying the target update release, labelling the target update release with a first label and labelling each of remaining of the one or more update releases with a second label.

7. The method (400) as claimed in claim 1 further comprising:
training the ML model using a training dataset comprising a plurality of web-pages and at least one relevant text portion present in each of the plurality of web-pages.

8. The method (400) as claimed in claim 7, wherein training the ML model further comprises:
receiving one or more verified text portions, wherein the one or more verified text portions are obtained upon manually verifying the one or more text portions from the web-page for accuracy and exhaustiveness of the extraction; and
training the ML model based on the one or more verified text portions.

9. The method (400) as claimed in claim 1, further comprising pre-processing the web-page to remove one or more irrelevant portions from the web-page, wherein the one or more irrelevant portions comprise at least one of: a HTML tag, a junk character, and a punctuation.

10. A system (100) for identifying update releases for an application, the system comprising:
a processor (102); and
a memory (106) communicatively coupled to the processor (102), wherein the memory (106) stores processor-executable instructions which, on execution by the processor (102), cause the processor (102) to:
fetch from a database, a Uniform Resource Locator (URL) associated with each of one or more components, wherein the application comprises the one or more components;
access a web-page corresponding to the URL associated with each of the one or more components,
wherein an update release for each of the one or more components is published on the web-page corresponding to the URL associated with each of the one or more components,
extract one or more relevant text portions from the web-page, wherein the one or more relevant text portions correspond to one or more update releases; and
identify the target update release from the one or more update releases, using a Machine Learning (ML)-based classification model.

11. The system (100) as claimed in claim 10, wherein the processor-executable instructions which, on execution by the processor (102), further cause the processor (102) to:
upon identifying the target update release, send a notification to a user device to notify a user about a target update release for a component of the one or more components.

12. The system (100) as claimed in claim 10, wherein the processor-executable instructions which, on execution by the processor (102), further cause the processor (102) to:
upon identifying the target update release, label the target update release with a first label and labelling each of remaining of the one or more update releases with a second label.

13. The system (100) as claimed in claim 10, wherein the processor-executable instructions which, on execution by the processor, further cause the processor to:
train the ML model using a training dataset comprising a plurality of web-pages and at least one relevant text portion present in each of the plurality of web-pages, wherein training the ML model further comprises:
receiving one or more verified text portions, wherein the one or more verified text portions are obtained upon manually verifying the one or more text portions from the web-page for accuracy and exhaustiveness of the extraction; and
training the ML model based on the one or more verified text portions.