公开(公告)号：US11562077B2

公开(公告)日：2023-01-24

申请号：US16844321

申请日：2020-04-09

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Umesh Markandaya Lakshminarasimha ,  Vijay Suryanarayana ,  Naveena Kedlaya

IPC: G06F21/00 ,  G06F21/57 ,  G06F8/65 ,  G06F9/50

Abstract: Example implementations relate to method and system for securing a workload from a security vulnerability based on management of critical patches for the workload. The method includes obtaining information of existing patches for each of a plurality of infrastructure resources that are required to execute the workload, where the infrastructure resources are segregated as multiple layers. The method further includes determining dependency of the infrastructure resources across the multiple layers and identifying the security vulnerability related to the infrastructure resources. The method further includes evaluating perceived criticalities of first and second new patches for the security vulnerability based a workload weightage, a resource age of the infrastructure resources, and an actual criticality of the first and second new patches. Further, the method includes installing the first new patch followed by the second new patch on the infrastructure resources based on the perceived criticalities, in an order of the determined dependency.

公开(公告)号：US20210319111A1

公开(公告)日：2021-10-14

申请号：US16844321

申请日：2020-04-09

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Umesh Markandaya Lakshminarasimha ,  Vijay Suryanarayana ,  Naveena Kedlaya

IPC: G06F21/57 ,  G06F9/50 ,  G06F8/65

Abstract: Example implementations relate to method and system for securing a workload from a security vulnerability based on management of critical patches for the workload. The method includes obtaining information of existing patches for each of a plurality of infrastructure resources that are required to execute the workload, where the infrastructure resources are segregated as multiple layers. The method further includes determining dependency of the infrastructure resources across the multiple layers and identifying the security vulnerability related to the infrastructure resources. The method further includes evaluating perceived criticalities of first and second new patches for the security vulnerability based a workload weightage, a resource age of the infrastructure resources, and an actual criticality of the first and second new patches. Further, the method includes installing the first new patch followed by the second new patch on the infrastructure resources based on the perceived criticalities, in an order of the determined dependency.