-
公开(公告)号:US11734433B2
公开(公告)日:2023-08-22
申请号:US17709241
申请日:2022-03-30
发明人: Vinjith Nagaraja , Raymond Brammer , James Myers , Christopher Gutierrez , Ireneusz Pazdzierniak , Shanshan Jiang , Karim Mawani , Pankaj Rathore , Jerry Wald , David Worth , Dhruv Vig , Archana Taparia , Robert Chifamba , Vamshi Ramarapu
CPC分类号: G06F21/577 , G06F8/71 , G06F11/3664 , G06F11/3684 , G06F2221/033
摘要: A method and system for remediating vulnerable code libraries, including open source libraries, in a software application. An application, that uses code libraries, and information regarding known library vulnerabilities are received, then it is determined if one or more libraries in the application are vulnerable based upon the information. For each of the one or more vulnerable libraries, a library version that minimizes risk is determined. The determined library version is incorporated into the application to form a test application, and an application test is performed on the test application. If an application test score on the test application is below a predetermined threshold, the determined library version is incorporated into a final application precursor. A final application can be determined from the final application precursor for each of the one or more vulnerable libraries.
-
公开(公告)号:US11308218B2
公开(公告)日:2022-04-19
申请号:US16228538
申请日:2018-12-20
发明人: Vinjith Nagaraja , Raymond Brammer , James Myers , Christopher Gutierrez , Ireneusz Pazdzierniak , Shanshan Jiang , Karim Mawani , Pankaj Rathore , Jerry Wald , David Worth , Dhruv Vig , Archana Taparia , Robert Chifamba , Vamshi Ramarapu
摘要: A method and system for remediating vulnerable code libraries, including open source libraries, in a software application. An application that uses code libraries and information regarding known library vulnerabilities are received, then it identifies one or more libraries in the application that are vulnerable based upon the information. For each of the one or more vulnerable libraries, a library version that minimizes risk is determined. The determined library version is incorporated into the application to form a test application, and an application test is performed on the test application. If an application test score on the test application is below a predetermined threshold, the determined library version is incorporated into a final application precursor. A final application can be determined from the final application precursor for each of the one or more vulnerable libraries.
-
公开(公告)号:US20220222353A1
公开(公告)日:2022-07-14
申请号:US17709241
申请日:2022-03-30
发明人: Vinjith Nagaraja , Raymond Brammer , James Myers , Christopher Gutierrez , Ireneusz Pazdzierniak , Shanshan Jiang , Karim Mawani , Pankaj Rathore , Jerry Wald , David Worth , Dhruv Vig , Archana Taparia , Robert Chifamba , Vamshi Ramarapu
摘要: A method and system for remediating vulnerable code libraries, including open source libraries, in a software application are disclosed. An application that uses code libraries and information regarding known library vulnerabilities is received, then it can be determined if one or more libraries in the application is vulnerable based upon the information. For each of the one or more vulnerable libraries a library version that minimizes risk is determined. The determined library version is incorporated into the application to form a test application, and an application test is performed on the test application. If the application test is below a predetermined threshold, the determined library version is incorporated into a final application precursor. A final application can be determined from the final application precursor for each vulnerable library.
-
-
搜索结果
3 条记录 (耗时 0.012 秒)
