	US 12,107,896 B2
	Automating trust in software upgrades
Jeffrey G. Schutt, Davis, CA (US); and Max Pritikin, Boulder, CO (US)
Assigned to CISCO TECHNOLOGY, INC., San Jose, CA (US)
Filed by Cisco Technology, Inc., San Jose, CA (US)
Filed on Dec. 23, 2021, as Appl. No. 17/560,599.
Prior Publication US 2023/0208880 A1, Jun. 29, 2023
Int. Cl. H04L 9/40 (2022.01); G06F 8/65 (2018.01); G06F 21/56 (2013.01); G06F 21/57 (2013.01); G06N 3/09 (2023.01); G06N 20/00 (2019.01); G06F 8/71 (2018.01); G06F 21/51 (2013.01)

CPC H04L 63/20 (2013.01) [G06F 8/65 (2013.01); G06F 21/563 (2013.01); G06F 21/566 (2013.01); G06F 21/577 (2013.01); G06N 3/09 (2023.01); G06N 20/00 (2019.01); G06F 8/71 (2013.01); G06F 21/51 (2013.01)]

20 Claims

1. A computer-implemented method comprising:

processing a first software bill of materials for a software package to extract a plurality of components of the software package, wherein the first software bill of materials indicates a first hierarchy of components based on relationships between components;

comparing the first hierarchy of the plurality of components to a second hierarchy of components, the second hierarchy of components corresponding to a second software bill of materials, to determine a degree of difference between the first hierarchy and the second hierarchy;

comparing the degree of difference to one or more threshold values; and

applying a security policy with respect to the software package according to a comparison of the degree of difference to the one or more threshold values.