logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 11734433 B1

PDFFull Text
Date of Patent:
Aug. 22, 2023

Filed:

Mar. 30, 2022

Open source vulnerability remediation tool

Applicant:

Visa International Service Association, San Francisco, CA (US);

Inventors:

Vinjith Nagaraja, Austin, TX (US);

Raymond Brammer, Round Rock, TX (US);

James Myers, Round Rock, TX (US);

Christopher Gutierrez, Foster City, CA (US);

Ireneusz Pazdzierniak, Foster City, CA (US);

Shanshan Jiang, Foster City, CA (US);

Karim Mawani, Foster City, CA (US);

Pankaj Rathore, Austin, TX (US);

Jerry Wald, San Francisco, CA (US);

David Worth, Foster City, CA (US);

Dhruv Vig, Austin, TX (US);

Archana Taparia, Foster City, CA (US);

Robert Chifamba, Austin, TX (US);

Vamshi Ramarapu, Austin, TX (US);

Assignee:

Visa International Service Association, San Francisco, CA (US);

Attorney:

Kilpatrick Townsend & Stockton LLP

Primary Examiner:

S Sough

Assistant Examiner:

Cuong V Luu

Int. Cl.
CPC ...
G06F 21/57 (2013.01); G06F 11/36 (2006.01); G06F 8/71 (2018.01);
U.S. Cl.
CPC ...
G06F 21/577 (2013.01); G06F 8/71 (2013.01); G06F 11/3664 (2013.01); G06F 11/3684 (2013.01); G06F 2221/033 (2013.01);
Abstract

A method and system for remediating vulnerable code libraries, including open source libraries, in a software application. An application, that uses code libraries, and information regarding known library vulnerabilities are received, then it is determined if one or more libraries in the application are vulnerable based upon the information. For each of the one or more vulnerable libraries, a library version that minimizes risk is determined. The determined library version is incorporated into the application to form a test application, and an application test is performed on the test application. If an application test score on the test application is below a predetermined threshold, the determined library version is incorporated into a final application precursor. A final application can be determined from the final application precursor for each of the one or more vulnerable libraries.

Find Patent Forward Citations

Loading…