	US 12,438,900 B2
	Risk-based vulnerability remediation timeframe recommendations
Michael Roytman, Chicago, IL (US); Edward T. Bellis, Evanston, IL (US); and Jason Rolleston, San Jose, CA (US)
Assigned to Kenna Security LLC, Chicago, IL (US)
Filed by Kenna Security LLC, Chicago, IL (US)
Filed on Jan. 29, 2024, as Appl. No. 18/425,764.
Application 18/425,764 is a continuation of application No. 17/241,952, filed on Apr. 27, 2021, granted, now 11,888,887.
Claims priority of provisional application 63/016,187, filed on Apr. 27, 2020.
Prior Publication US 2024/0171603 A1, May 23, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01)

CPC H04L 63/1433 (2013.01) [H04L 63/1466 (2013.01)]

20 Claims

1. A network component comprising one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors and including instructions that, when executed by the one or more processors, cause the network component to perform operations comprising:

receiving first vulnerability data identifying first asset vulnerabilities and timing data, wherein the timing data indicates an amount of time between identification of an asset vulnerability and a result of the asset vulnerability;

receiving second vulnerability data identifying second asset vulnerabilities;

configuring a plurality of options for configuring computation times to remediate the second asset vulnerabilities based at least in part on the first vulnerability data, wherein each option of the plurality of options is associated with a different set of metrics;

receiving an option from the plurality of options;

computing the time to remediate the second asset vulnerabilities based at least in part on the first vulnerability data and the set of metrics associated with the option; and

implementing a remediation in response to computing the time to remediate the second asset vulnerabilities.