US 12,284,201 B2
Systems and methods for proactively monitoring the inherent cyber-tech risk of software and hardware components
Ankur Sand, Cambridge (GB); Ken Wilson, Millington, NJ (US); Marty Grant, Middletown, DE (US); Herman Wijaya, New York, NY (US); and David R. Edwards, Yokosuka (JP)
Assigned to JPMORGAN CHASE BANK, N.A., New York, NY (US)
Filed by JPMORGAN CHASE BANK, N.A., New York, NY (US)
Filed on Dec. 2, 2022, as Appl. No. 18/061,242.
Prior Publication US 2024/0187439 A1, Jun. 6, 2024
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/1433 (2013.01) 17 Claims
OG exemplary drawing
 
1. A method, comprising:
receiving, by a product/version risk assessment computer program executed by an electronic device and from a user computer program executed by a user electronic device, an identification of a plurality of proposed components to include in a computer program under development;
retrieving, by the product/version risk assessment computer program, vulnerability information for each of the plurality of proposed components, wherein the vulnerability information identifies a security vulnerability for the proposed component;
generating, by a product/version risk scoring computer program, a risk score for the computer program under development based on the vulnerability information, wherein the risk score is based on a stack score for the computer program under development, a vulnerability density for each of the plurality of proposed components, threat intelligence inputs for each of the plurality of proposed components, patching maturity for each of the plurality of proposed components, a lifecycle state for each of the plurality of proposed components, and support coverage for each of the plurality of proposed components; and
returning, by the product/version risk assessment computer program, the risk score to the user computer program.