Managing software deployment
US-2015365437-A1 · Dec 17, 2015 · US
Managing software deployment
US9411954B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9411954-B2 |
| Application number | US-201614988779-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 6, 2016 |
| Priority date | Jun 17, 2014 |
| Publication date | Aug 9, 2016 |
| Grant date | Aug 9, 2016 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The method includes identifying an instance of software installed. The method further includes determining a fingerprint corresponding to the instance of software installed. The method further includes determining a security risk associated with the instance of software installed. The method further includes identifying a software management policy for the instance of software based upon the fingerprint, security risk, and designated purpose of the computing device. In one embodiment, the method further includes in response to identifying the software management policy, enforcing, by one or more computer processors, the software management policy on the instance of software installed on the computing device.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for managing software on one or more computing devices, the method comprising: identifying, by one or more computer processors, an instance of software installed on a computing device; determining, by one or more computer processors, a fingerprint corresponding to the instance of software installed on the computing device; determining, by one or more computer processors, a security risk associated with the instance of software installed on the computing device; identifying, by one or more computer processors, a software management policy for the instance of software based, at least in part, on the determined fingerprint, the determined security risk associated with the instance of software, and a designated purpose of the computing device; identifying, by one or more computer processors, a second computing device that includes a second instance of software that has a similar fingerprint to the determined fingerprint corresponding to the instance of software installed on the computing device; identifying, by one or more computer processors, a second software management policy on the second computing device that includes the second instance of software based, at least in part, on the security risk; in response to identifying the second software management policy, enforcing, by one or more computer processors, the second software management policy on the second instance of software; determining, by one or more computer processors, the security risk associated with the computing device based, at least in part on, on one or more instances of software installed on the computing device; and determining whether a second instance of software can be added to the computing device based upon the security risk associated with the computing device. 2. The method of claim 1 , further comprising: in response to identifying the software management policy, enforcing, by one or more computer processors, the software management policy on the instance of software installed on the computing device, wherein the software management policy comprises one or more of: allowing the instance of software to operate without restrictions, uninstalling the instance of software, scheduling uninstallation of the instance of software after a period of time, uninstalling the instance of software unless the instance of software is being installed into a temporary use privileged admin virtual workstation or other risk reducing containerization, and updating the instance of software to version known to have an acceptable security risk. 3. The method of claim 1 , wherein identifying a software management policy for the instance of software based, at least in part, on the designated purpose of the computing device, comprises: identifying, by one or more computer processors, one or more software management policies for the instance of software based, at least in part, on a set of credentials for a user of the computing device, and a set of credentials for the computing device; and determining, by one or more computer processors, a software management policy from the one or more identified software management policies to implement based, at least in part, on the set of credentials for the user of the computing device, and the set of credentials for the computing device. 4. The method of claim 1 , wherein determining the fingerprint for the instance of software on the computing device, comprises: identifying, by one or more computer processors, one or more attributes for the instance of software based, at least in part, on one or more of using a checksum, using an expected cryptographic signature, using a hash of attributes of files in the instance of software, using a stated software version, and using a source location for the instance of software; and determining, by one or more computer processors, the fingerprint based on at least one of the one or more identified attributes of the instance of software. 5. The method of claim 1 , wherein determining the security risk associated with the instance of software based upon the determined fingerprint for the instance of software on the computing device, comprises: identifying, by one or more computer processors, one or more attributes for the instance of software based, at least in part, on one or more security risks that include at least one of a necessity of the software to a business, a type of software package, one or more other versions of the instance of software, a source licensing for open source, a number of components within an instance of software, any known current or past vulnerabilities associated with the components of the instance of software, and a known current or past evidence of a vulnerability of the instance of software; and determining, by one or more computer processors, the security risk based, at least in part, on at least one of the one or more identified attributes of the instance of software. 6. A computer program product for managing software on one or more computing devices, the computer program product comprising: one or more computer readable storage memory and program instructions stored on the one or more computer readable storage memory, the program instructions comprising: program instructions to identify an instance of software installed on a computing device; program instructions to determine a fingerprint corresponding to the instance of software installed on the computing device; program instructions to determine a security risk associated with the instance of software based on the determined fingerprint corresponding to the instance of software installed on the computing device; program instructions to identify a possible action from one or more possible actions that the computing device can implement for the instance of software based upon the fingerprint, the security risk, and a designated purpose of the computing device; identifying, by one or more computer processors, a second computing device that includes a second instance of software that has a similar fingerprint to the determined fingerprint corresponding to the instance of software installed on the computing device; identifying, by one or more computer processors, a second software management policy on the second computing device that includes the second instance of software based, at least in part, on the security risk; in response to identifying the second software management policy, enforcing, by one or more computer processors, the second software management policy on the second instance of software; determining, by one or more computer processors, the security risk associated with the computing device based, at least in part on, on one or more instances of software installed on the computing device; and determining whether a second instance of software can be added to the computing device based upon the security risk associated with the computing device. 7. The computer program product of claim 6 , further comprising program instructions to: in response to identifying the software management policy, enforce the software management policy on the instance of software installed on the computing device, wherein the software management policy comprises one or more of: allowing the instance of software to operate without restrictions, uninstalling the instance of software, scheduling uninstallation of the instance of software after a period of time, uninstalling the instance of software unless the instance of software is being installed into a temporary use privileged admin virtual workstation or other risk reducing containerization, and updating the instance of software to version known to have an acceptable security risk. 8. The computer program product of claim 6 , wherein the program instr
Assignees
Inventors
Classifications
- G06F21/54Primary
by adding security routines or objects to programs · CPC title
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
Test or assess software · CPC title
Risk-dependent, e.g. selecting a security level depending on risk profiles · CPC title
Interacting with the operating system · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9411954B2 cover?
- The method includes identifying an instance of software installed. The method further includes determining a fingerprint corresponding to the instance of software installed. The method further includes determining a security risk associated with the instance of software installed. The method further includes identifying a software management policy for the instance of software based upon the fi…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification G06F21/54. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Aug 09 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).