Remediating software vulnerabilities

Abstract

A computer implemented method of remediating an increased vulnerability of a software system including a plurality of software components, the method including generating a vector representation of each software component derived from a neural network trained using training data defined from known vulnerabilities of the software components in the software system; aggregating the vector representations for the software component to an aggregate vector representation for a particular time; repeating the generating and the aggregating for a plurality of points in time to generate multiple generations of aggregate vector representations; comparing the multiple generations of aggregate vector representations to detect a change in an aggregate vector representation exceeding a maximum threshold degree of change as an indication of an increased vulnerability of the software system, responsive to which iteratively adjusting the software components in the software system and, at each iteration, regenerating an aggregate vector representation for the software system so adjusted to compare with the multiple generations of aggregate vector representations to identify a software component adjustment leading to a change in vector representation not exceeding the maximum threshold degree of change so as to reduce the vulnerability of the software system.