| CPC G06F 21/577 (2013.01) [H04L 63/1425 (2013.01); H04L 63/1433 (2013.01)] | 19 Claims |
|
1. A system for determining risk scores for vulnerabilities by determining a number of attempted exploits on computing environments, the system comprising:
one or more processors; and
a non-transitory computer-readable medium comprising instructions that when executed by the one or more processors cause operations comprising:
detecting a current alert in a computing environment, wherein the current alert is an attempt to exploit a vulnerability in the computing environment, and wherein the vulnerability is a weakness in the computing environment;
determining a current digital artifact corresponding to the current alert, wherein the current digital artifact comprises current digital forensic evidence of the current alert;
determining a known vulnerability, wherein the known vulnerability comprises a known digital artifact and a public risk score, wherein the known digital artifact comprises known digital forensic evidence corresponding to the known vulnerability, and wherein the public risk score comprises public assessments of severity of security vulnerabilities in the computing environment;
determining whether the current alert is the known vulnerability, by comparing the current digital artifact to the known digital artifact;
based on determining that the current alert is caused by the known vulnerability, incrementing a counter, wherein the counter corresponds to a number of times the known vulnerability has been exploited in the computing environment;
determining a risk score for the known vulnerability, wherein the risk score is based on the counter, the known digital artifact and the public risk score;
receiving a plurality of proposed patches, wherein at least a portion of the plurality of proposed patches fixes flaws in the computing environment caused by the current alert; and
generating for display, on a user interface, a ranking of alerts, wherein the ranking of alerts comprises the current alert and the plurality of proposed patches, wherein the current alert is sorted by the risk score, wherein the plurality of proposed patches are sorted by a popularity metric, and wherein the popularity metric describes community support for each proposed patch in the plurality of proposed patches, wherein generating for the display, on the user interface, the ranking of alerts further comprises:
determining a compensation amount for a selected patch in the plurality of proposed patches based on at least the risk score of the current alert and the popularity metric for the selected patch, wherein the compensation amount is a reward to a user that submitted the selected patch, in exchange for submitting the selected patch;
transmitting the selected patch for manual review, wherein the manual review comprises ensuring that the selected patch fixes vulnerabilities in the computing environment posed by the current alert; and
transmitting the compensation amount to an account associated with the user that submitted the selected patch.
|