IDENTIFYING AND ADDRESSING POTENTIAL VULNERABILITIES IN THIRD-PARTY CODE
Number of patents in Portfolio can not be more than 2000
United States of America
Stats
-
N/A
Issued Date -
Dec 12, 2024
app pub date -
Jun 12, 2024
filing date -
Jun 12, 2024
priority date (Note) -
Published
status (Latency Note)
Importance
Abstract
In some examples, a server receives a security advisory that includes a description of a vulnerability and accesses a version control system (VCS) used by a third-party library to determine additional resources related to the vulnerability. The server determines a set of code changes performed by the project maintainers in the VCS, identifies one or more fix commits that address the vulnerability, and identifies one or more functions with the vulnerability that have been changed by the fix commits. The server performs a search for components and component versions that include the one or more functions with the vulnerability and generates an enriched vulnerability description that includes identifiers of package versions that include fixed versions of the one or more functions and vulnerable version of the one or more functions. Project code in a development system is modified to use the fixed versions of the one or more functions.
First Claim
Family
International Classification(s)
Cited Art Landscape
Patent Citation Ranking
Recipient Email Address
Recipient Email Address
Comment
Recipient Email Address
Add to Portfolio(s)
To add this patent to one, or more, of your portfolios, simply click the add button.
This Patent is in these Portfolios:
Add to additional portfolios:
Last Refreshed On:
Changes done successfully