US 12,393,695 B2
Information processing apparatus, information processing method, and non-transitory computer readable medium
Tatsuya Uehara, Kanagawa (JP); Jun Kanai, Tokyo (JP); and Ryuiti Koike, Kanagawa (JP)
Assigned to Kabushiki Kaisha Toshiba, Tokyo (JP)
Filed by KABUSHIKI KAISHA TOSHIBA, Tokyo (JP)
Filed on Feb. 28, 2023, as Appl. No. 18/175,728.
Claims priority of application No. 2022-147083 (JP), filed on Sep. 15, 2022.
Prior Publication US 2024/0095371 A1, Mar. 21, 2024
Int. Cl. G06F 21/00 (2013.01); G06F 21/54 (2013.01); G06F 21/57 (2013.01)
CPC G06F 21/577 (2013.01) [G06F 21/54 (2013.01)] 10 Claims
OG exemplary drawing
 
1. An information processing apparatus comprising:
a vulnerability database in which one or more pieces of vulnerability information are stored, the vulnerability information including
a vulnerability identifier for uniquely specifying vulnerability,
a software identifier for uniquely specifying software including the vulnerability, and
vulnerability description indicating content of the vulnerability;
a processing circuitry including
a matching processor configured to specify, in the vulnerability database, vulnerability information matching a software identifier of a target software provided in target equipment;
a causal component specifier configured to specify, from the vulnerability description in the vulnerability information specified by the matching processor, a causal component that is a cause of the vulnerability;
a type determiner configured to determine a type of the causal component from a name of the specified causal component; and
an output processor configured to determine, based on the software identifier of the target software and the type of the causal component, an investigation procedure concerning vulnerability of the target software and output information indicating the investigation procedure,
wherein
the causal component specifier specifies, for each piece of the vulnerability information in the vulnerability database, from the vulnerability description, the causal component that is the cause of the vulnerability,
the type determiner determines the type of the causal component from a name of the specified causal component and stores, in a causal component database, causal component information including the vulnerability identifier of the vulnerability information and the type of the causal component, and
the output processor specifies, in the causal component database, a type of the causal component matching the vulnerability identifier included in the vulnerability information specified by the matching processor and determines the investigation procedure based on the software identifier of the target software and the type of the specified causal component.