Program Vulnerability Identification
US-2016300065-A1 · Oct 13, 2016 · US
Identifying characteristics of problematic developers of software
US10528743B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10528743-B2 |
| Application number | US-201715651277-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 17, 2017 |
| Priority date | Oct 17, 2014 |
| Publication date | Jan 7, 2020 |
| Grant date | Jan 7, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed are various embodiments for identifying characteristics of developers of problematic software. Report data generated by a security analysis tool is received, which is based at least in part on a security analysis of a program or an operational configuration. The report data indicates one or more security issues identified in the program or the operational configuration. A user is identified who is responsible for at least a threshold impact of the security issue(s). Coding or configuration characteristics associated with the user are then determined.
First claim
Opening claim text (preview).
Therefore, the following is claimed: 1. A method, comprising: receiving, via at least one of one or more computing devices, report data generated by a security analysis tool based at least in part on a security analysis of a program or an operational configuration, the report data indicating at least one security issue identified in the program or the operational configuration; identifying, via at least one of the one or more computing devices, a user responsible for at least a threshold impact of the at least one security issue; and determining, via at least one of the one or more computing devices: a coding characteristic associated with the user based at least in part on a source code analysis of source code written by the user; and a configuration characteristic associated with the user based at least in part on an analysis of one or more operational configurations written by the user. 2. The method of claim 1 , further comprising generating, via at least one of the one or more computing devices, a report indicating the user and at least one of: the coding characteristic or the configuration characteristic. 3. The method of claim 1 , wherein the program comprises a plurality of programs. 4. The method of claim 1 , wherein the user comprises a team of developers. 5. The method of claim 1 , wherein the coding characteristic or the configuration characteristic is a stylistic characteristic that does not directly cause a security issue. 6. The method of claim 5 , wherein the stylistic characteristic comprises at least one of: a variable name characteristic, an indentation characteristic, or an optional punctuation usage characteristic. 7. The method of claim 1 , wherein the source code upon which the source code analysis is performed does not exhibit the at least one security issue. 8. The method of claim 1 , further comprising: receiving, via at least one of the one or more computing devices, other source code written by another user; and assigning, via at least one of the one or more computing devices, a score to the other user based at least in part on whether the other source code embodies the coding characteristic. 9. The method of claim 1 , further comprising: receiving, via at least one of the one or more computing devices, another operational configuration written by another user; and assigning, via at least one of the one or more computing devices, a score to the other user based at least in part on whether the other operational configuration embodies the configuration characteristic. 10. A system, comprising: at least one computing device; and at least one application executable in the at least one computing device, wherein when executed the at least one application causes the at least one computing device to at least: receive report data generated by a security analysis tool based at least in part on a security analysis of a program or an operational configuration, the report data indicating at least one security issue identified in the program or the operational configuration; identify a user responsible for at least a threshold impact of the at least one security issue; and determine: a coding characteristic associated with the user based at least in part on a source code analysis of source code written by the user; and a configuration characteristic associated with the user based at least in part on an analysis of one or more operational configurations written by the user. 11. The system of claim 10 , wherein when executed the at least one application causes the at least one computing device to at least generate a report indicating the user and at least one of: the coding characteristic or the configuration characteristic. 12. The system of claim 10 , wherein the coding characteristic or the configuration characteristic is a stylistic characteristic that does not directly cause a security issue, and the stylistic characteristic comprises at least one of: a variable name characteristic, an indentation characteristic, or an optional punctuation usage characteristic. 13. The system of claim 10 , wherein the source code upon which the source code analysis is performed does not exhibit one or more of the at least one security issue. 14. The system of claim 10 , wherein when executed the at least one application causes the at least one computing device to at least: receive other source code written by another user; and assign a score to the other user based at least in part on whether the other source code embodies the coding characteristic. 15. The system of claim 10 , wherein when executed the at least one application causes the at least one computing device to at least: receive another operational configuration written by another user; and assign a score to the other user based at least in part on whether the other operational configuration embodies the configuration characteristic. 16. The system of claim 10 , wherein the user is identified in response to data indicating that the user authored a portion of the program or of the operational configuration that is associated with the at least one security issue. 17. The system of claim 10 , wherein when executed the at least one application causes the at least one computing device to at least determine that the user is responsible for the at least one security issue at least at a threshold frequency. 18. A non-transitory computer-readable medium embodying a first program executable in at least one computing device, wherein when executed the first program causes the at least one computing device to at least: receive report data generated by a security analysis tool based at least in part on a security analysis of a second program or an operational configuration, the report data indicating at least one security issue identified in the second program or the operational configuration; identify a user responsible for at least a threshold impact of the at least one security issue; determine a coding characteristic associated with the user based at least in part on a source code analysis of source code written by the user; and determine a configuration characteristic associated with the user based at least in part on an analysis of one or more operational configurations written by the user. 19. The non-transitory computer-readable medium of claim 18 , wherein the coding characteristic comprises at least one of: a variable name characteristic, an indentation characteristic, or an optional punctuation usage characteristic. 20. The non-transitory computer-readable medium of claim 18 , wherein the coding characteristic or the configuration characteristic is a stylistic characteristic that does not directly cause a security issue.
Assignees
Inventors
Classifications
Software metrics · CPC title
Analysis of software for verifying properties of programs (testing of software G06F11/3668) · CPC title
- G06F21/577Primary
Assessing vulnerabilities and evaluating computer system security · CPC title
Version control (security arrangements therefor G06F21/57); Configuration management · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10528743B2 cover?
- Disclosed are various embodiments for identifying characteristics of developers of problematic software. Report data generated by a security analysis tool is received, which is based at least in part on a security analysis of a program or an operational configuration. The report data indicates one or more security issues identified in the program or the operational configuration. A user is iden…
- Who is the assignee on this patent?
- Amazon Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/577. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jan 07 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).