US 12,235,968 B2
Automated software vulnerability determination
Glenn Daniel Wurster, Kitchener (CA)
Assigned to Malikie Innovations Limited, Dublin (IE)
Filed by MALIKIE INNOVATIONS LIMITED, Dublin (IE)
Filed on Dec. 19, 2018, as Appl. No. 16/226,121.
Prior Publication US 2020/0202005 A1, Jun. 25, 2020
Int. Cl. G06F 21/57 (2013.01); G06F 9/30 (2018.01)
CPC G06F 21/577 (2013.01) [G06F 9/30029 (2013.01)] 22 Claims
OG exemplary drawing
 
1. A method for determining if a software component is susceptible to a vulnerability, the method comprising:
accessing a vulnerability listing object comprising:
a vulnerability identifier uniquely identifying a software vulnerability; and
vulnerability causes information for use in determining software affected by the vulnerability, the vulnerability causes information comprising:
affected patch information specifying a vulnerable patch that associates a patch token with patch details identifying one or more corrective software patches and one or more patch locations for retrieving the one or more corrective software patches; and
a first affected patch Boolean expression specifying which ones of the one or more corrective software patches should be retrieved from the one or more patch locations and applied to the software to fix the vulnerability;
determining information indicating which ones of the specified corrective software patches have been successfully applied to the software and which ones of the specified corrective patches have not been successfully applied to the software;
applying the information to the first affected patch Boolean expression;
determining whether the first affected patch Boolean expression is true or not true;
indicating that the software component is susceptible to the software vulnerability when the first affected patch Boolean expression is determined to be true; and
indicating that the software component is not susceptible to the software vulnerability when the first affected patch Boolean expression is determined to be not true, wherein the vulnerability listing object further comprises version check information comprising:
one or more version rules providing a version definition of how a software version number is formed from a plurality of tokens; and
a version Boolean expression using one or more of the plurality of tokens, the version Boolean expression identifying software versions associated with the vulnerability listing object.