US 12,130,930 B2
Automated management of security requirements and software supply chain during a software development lifecycle
Deepu Filji, Woodbridge (CA); Farbod Hosseyndoust Foomany, Toronto (CA); Ehsan Foroughi, Toronto (CA); Rohit Kumar Sethi, Toronto (CA); Geoffrey Whittington, Waterloo (CA); and Trevor Young, Toronto (CA)
Filed by Security Compass Technologies Ltd., Toronto (CA)
Filed on Aug. 25, 2022, as Appl. No. 17/822,350.
Claims priority of provisional application 63/260,551, filed on Aug. 25, 2021.
Prior Publication US 2023/0067222 A1, Mar. 2, 2023
Int. Cl. G06F 21/57 (2013.01)
CPC G06F 21/577 (2013.01) [G06F 2221/034 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A method for automated management of security controls for a software asset, the method comprising:
storing a plurality of task requirements for the software asset in a database, the task requirements directed to implementation of a task requirement of the software asset and selected from a task requirements library;
ordering the set of task requirements in a prioritized task list, each task requirement comprising actionable guidance for development of the software asset;
selecting at least one shared component from a components library, the at least one shared component addressing at least one task requirement in the set of task requirements and comprising controls addressed by the shared component and controls required to be addressed for use of the shared component, wherein selecting the at least one shared component is based on minimization of number of task requirements in the prioritized task list;
automatically updating the prioritized task list based on the selection of the at least one shared component by removing task requirements from the prioritized task list for controls addressed by the shared component and adding task requirements to the prioritized task list for controls required to be addressed for use of the shared component; and
displaying the prioritized task list in a graphical user interface.