US 11,748,685 B2
Utilizing machine learning to measure application developers' cybersecurity competencies
Sultan Saadaldean Alsharif, Khobar (SA); Bandar Abdulaziz Almashari, Dhahran (SA); Abdullah Abdulaziz Alturaifi, Dhahran (SA); and Abdulmohsen Nasser Alotaibi, Dhahran (SA)
Assigned to SAUDI ARABIAN OIL COMPANY, Dhahran (SA)
Filed by Saudi Arabian Oil Company, Dhahran (SA)
Filed on Jan. 13, 2022, as Appl. No. 17/574,789.
Prior Publication US 2023/0222429 A1, Jul. 13, 2023
Int. Cl. G06Q 10/0639 (2023.01); G06F 21/57 (2013.01)
CPC G06Q 10/06395 (2013.01) [G06F 21/577 (2013.01); G06Q 10/06398 (2013.01); G06F 2221/033 (2013.01)] 17 Claims
OG exemplary drawing
 
7. An automated system for improving application developers' cybersecurity competencies, the system comprising:
a cybersecurity enhancement circuit;
a non-transitory storage device storing instructions thereon that, when executed by the cybersecurity enhancement circuit, cause the cybersecurity enhancement circuit to:
break each application of a set of computer applications into one or more pieces each piece being developed by a corresponding one of a plurality of application developers;
associate each piece of each application with its corresponding one of the plurality of application developers;
perform cybersecurity assessment testing on the set of computer applications in order to generate cybersecurity assessment results for the set of computer applications, each assessment result being a code defect or security flaw attributed to a corresponding piece of the one or more pieces of a corresponding one of the set of applications, wherein the instructions, when executed by the cybersecurity enhancement circuit, further cause the cybersecurity enhancement circuit to:
perform static application security testing (SAST) on the set of computer applications by inspecting the source code of the set of computer applications in order to generate SAST assessment results for the set of computer applications; and
perform dynamic application security testing (DAST) on the set of computer applications by testing the set of computer applications in an operating state in order to generate DAST assessment results for the set of computer applications,
wherein the generated cybersecurity assessment results comprise the generated SAST assessment results and the generated DAST assessment results;
build a cybersecurity competency profile for each application developer using the generated cybersecurity assessment results attributed to corresponding pieces associated with the application developer;
group the plurality of application developers into at least two groups using unsupervised machine learning on the built cybersecurity competency profiles, each group being two or more of the plurality of application developers and that is disjoint with the application developers of at least one other of the at least two groups; and
choose, for each application developer based on the corresponding groups to which the application developer belongs, a subset of training courses to improve the cybersecurity competency of the application developer from among a categorized set of cybersecurity competency training courses.