US 12,445,479 B2
Testing software and IT products by evaluating security maturity and risk of change
Brian Joseph Glas, Jackson, TX (US); John Dzuirlaj, Akron, OH (US); Michael Erik Garcia, Washington, DC (US); Philippe Langlois, Clifton Park, NY (US); Jared Kelley Marcotte, Silver Spring, MD (US); Katharina Elizabeth Owens Hubler, Park City, UT (US); and Aaron Wilson, Jacksonville, FL (US)
Assigned to Center for Internet Security, Inc., East Greenbush, NY (US)
Filed by Center for Internet Security, Inc., East Greenbush, NY (US)
Filed on Feb. 13, 2024, as Appl. No. 18/440,590.
Claims priority of provisional application 63/445,250, filed on Feb. 13, 2023.
Prior Publication US 2024/0275809 A1, Aug. 15, 2024
Int. Cl. H04L 9/40 (2022.01); G06N 20/00 (2019.01)
CPC H04L 63/1433 (2013.01) [G06N 20/00 (2019.01); H04L 63/1416 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A computer-implemented method for evaluating and scoring an IT product of a technology provider, the method comprising:
receiving a submission package from the technology provider, wherein the submission package comprises an artifact associated with development of the IT product;
processing a set of organizational interview transcripts containing discussions of development lifecycle processes;
generating a set of organizational maturity scores based on the set of organizational interview transcripts and the artifact;
processing a full architectural model comprising system-level components and software-level components associated with the IT product;
generating a set of architecture maturity scores based on the full architectural model;
performing manual or automated testing of the IT product;
performing penetration testing of the IT product;
generating a set of verification maturity scores based on the penetration testing; and
combining the set of organizational maturity scores, the set of architecture maturity scores, and the set of verification maturity scores into an overall maturity score.