The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Dec. 26, 2023
Filed:
Dec. 12, 2019
Sap SE, Walldorf, DE;
Henrik Plate, Valbonne, DE;
SAP SE, Walldorf, DE;
Abstract
Embodiments detect malicious code in distributed software components. A detector element references a source code repository (e.g., open source, commercial) containing lines of various files of a distributed artifact. Subject to certain possible optimizations, the detector inspects the individual files and lines of the artifact file-by-file and line-by-line, to identify whether any commit history information is available from a Versioning Control System (VCS). A risk assessor element receives from the detector element, results identifying those lines and/or files for which no VCS commit history is available. The risk assessor then references code features (e.g., file extension, security-critical API calls) in the results, to generate a probability of the malicious nature of the source code lacking VCS commit history information. An analysis report including this probability and additional relevant information, is offered to a user to conduct further manual review (e.g., to detect false positives attributable to benign/legitimate source code modification).