-
公开(公告)号:US20230177169A1
公开(公告)日:2023-06-08
申请号:US17643205
申请日:2021-12-08
Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
Inventor: Muhammed Fatih Bulut , Abdulhamid Adebowale Adebayo , Lilian Mathias Ngweta , Ting Dai , Constantin Mircea Adam , Daby Mousse Sow , Steven Ocepek
CPC classification number: G06F21/577 , G06F21/566 , G06N5/04 , G06F2221/034
Abstract: An apparatus, a method, and a computer program product are provided that combine policy compliance with vulnerability management to provide a more accurate risk assessment of an environment. The method includes training a policy machine learning model using a first training dataset to generate a policy machine learning model to produce mitigation technique classifications and training a vulnerability machine learning model using a second training dataset to generate a vulnerability machine learning model to produce weakness type classifications. The method also includes mapping the mitigation technique classifications to attack techniques to produce a policy mapping and mapping the weakness type classifications to the attack techniques to produce a vulnerability mapping. The method further includes producing a risk assessment of a vulnerability based on the policy mapping and the vulnerability mapping.
-
公开(公告)号:US20210357206A1
公开(公告)日:2021-11-18
申请号:US15931785
申请日:2020-05-14
Applicant: International Business Machines Corporation
Inventor: Alexei Karve , Sai Zeng , Ting Dai
Abstract: A system, computer program product, and method are provided for supporting risk evaluation and modification of an executable codified infrastructure. The codified infrastructure is analyzed to identify any non-native program instructions. A selection of the identified non-native program instructions are combined and subjected to a risk evaluation by non-native tools. A risk evaluation result is mapped to corresponding lines of the source code, and a risk identifier is assigned to the corresponding lines of the source code. One or more modifications are selectively applied to the codified infrastructure in correspondence with the assigned risk identifier. The applied modification mitigates any defects in the source code.
-
公开(公告)号:US20230305827A1
公开(公告)日:2023-09-28
申请号:US17656245
申请日:2022-03-24
Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION
Inventor: Ting Dai , Muhammed Fatih Bulut , Shripad Nadgowda , Daby Mousse Sow
Abstract: A method, system, and computer program product for software package update handling are provided. The method installs an initial set of software packages in a virtual environment. A package dependency graph is generated representing independent software packages and dependent software packages of the initial set of software packages. One or more software packages are updated with one or more updated software packages to generate a subsequent set of software packages. A compatibility check is performed on the subsequent set of software packages. The method generates an update prerequisite package based on the compatibility check.
-
公开(公告)号:US11200048B2
公开(公告)日:2021-12-14
申请号:US15931785
申请日:2020-05-14
Applicant: International Business Machines Corporation
Inventor: Alexei Karve , Sai Zeng , Ting Dai
Abstract: A system, computer program product, and method are provided for supporting risk evaluation and modification of an executable codified infrastructure. The codified infrastructure is analyzed to identify any non-native program instructions. A selection of the identified non-native program instructions are combined and subjected to a risk evaluation by non-native tools. A risk evaluation result is mapped to corresponding lines of the source code, and a risk identifier is assigned to the corresponding lines of the source code. One or more modifications are selectively applied to the codified infrastructure in correspondence with the assigned risk identifier. The applied modification mitigates any defects in the source code.
-
-
-
Search Results
4
records
(took 0.013 seconds)
