US 12,265,946 B2
Risk assessment based on augmented software bill of materials
Neil David Jonathan Duggan, Basingstoke (GB); and Adam John Boulton, Wirral (GB)
Assigned to BlackBerry Limited, Waterloo (CA)
Filed by BlackBerry Limited, Waterloo (CA)
Filed on May 4, 2022, as Appl. No. 17/736,428.
Prior Publication US 2023/0359992 A1, Nov. 9, 2023
Int. Cl. G06Q 10/0875 (2023.01); G06Q 10/0635 (2023.01); G06Q 10/0637 (2023.01)
CPC G06Q 10/0875 (2013.01) [G06Q 10/0635 (2013.01); G06Q 10/0637 (2013.01)] 17 Claims
OG exemplary drawing
 
1. A method, comprising:
obtaining, by a server, software code and a Software Bill of Materials (SBOM) corresponding to the software code, wherein the SBOM comprises information related to a software development standard;
determining, by the server and based on the information related to the software development standard in the SBOM, whether the software code comprises a risk, wherein the software code comprises a component, the component comprises a plurality of subcomponents, and the information in the SBOM comprises a Cybersecurity Assurance Level (CAL) rating of each of the plurality of subcomponents, and wherein determining whether the software code comprises a risk comprises:
determining, by the server, a CAL rating of the component based on the CAL rating of each of the plurality of subcomponents; and
based on determining whether the software code comprises a risk, generating, by the server, a risk assessment of the software code.