US 12,333,019 B2
Risk assessment based on software bill of materials
Neil David Jonathan Duggan, Basingstoke (GB); Vincenzo Kazimierz Marcovecchio, Toronto (CA); and Adam John Boulton, Wirral (GB)
Assigned to BlackBerry Limited, Waterloo (CA)
Filed by BlackBerry Limited, Waterloo (CA)
Filed on May 4, 2022, as Appl. No. 17/736,433.
Prior Publication US 2023/0359744 A1, Nov. 9, 2023
Int. Cl. G06F 21/57 (2013.01); G06F 8/65 (2018.01); G06F 21/62 (2013.01)
CPC G06F 21/577 (2013.01) [G06F 8/65 (2013.01); G06F 21/6227 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A method, comprising:
obtaining, by a server, software code and a Software Bill of Materials (SBOM) corresponding to the software code;
identifying, by the server and based on the SBOM, a library used by the software code; and
generating, by the server, a risk assessment based on at least one metric corresponding to the library, wherein the at least one metric is a number of one or more maintainers of the library, wherein the generating comprises:
determining, by the server, a vulnerability level of the library based on determining whether the number of the one or more maintainers exceeds a predetermined quantity threshold; and
storing, by the server, the vulnerability level of the library in a database.