Machine learned model for generating opinionated threat assessments of security vulnerabilities
US-2024411898-A1 · Dec 12, 2024 · US
Tracking developer behavior with respect to software analysis tools
US9727736B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-9727736-B1 |
| Application number | US-201414517018-A |
| Country | US |
| Kind code | B1 |
| Filing date | Oct 17, 2014 |
| Priority date | Oct 17, 2014 |
| Publication date | Aug 8, 2017 |
| Grant date | Aug 8, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Disclosed are various embodiments for tracking developer behavior with respect to software analysis tools. In a first embodiment, issues with a first revision of a program are identified with an analysis tool. The configuration of the analysis tool may be updated based at least in part on a status of the issues in the second revision of the program. In a second embodiment, an analysis tool identifies issues with a program. A developer responsible for the issues is identified. A coding characteristic associated with the developer is then determined.
First claim
Opening claim text (preview).
Therefore, the following is claimed: 1. A system, comprising: a computing device; and an application executable in the computing device, wherein when executed the application causes the computing device to at least: in response to receiving report data identifying a plurality of issues in a first revision of a program, determine whether individual ones of the plurality of issues have been corrected in a second revision of the program, the report data being generated by an analysis tool; and modify a configuration of the analysis tool based at least in part on a status of the individual ones of the plurality of issues in the second revision of the program, wherein the configuration of the analysis tool includes a plurality of rules corresponding to a plurality of possible issues, individual ones of the plurality of possible issues are associated with corresponding scoring metadata, and modifying the configuration of the analysis tool further comprises modifying the scoring metadata that is associated with at least one issue that has not been corrected in the second revision of the program. 2. The system of claim 1 , wherein modifying the configuration of the analysis tool further comprises disabling or enabling at least one of the plurality of rules that is associated with at least one issue that has not been corrected in the second revision of the program. 3. The system of claim 1 , wherein when executed the application further causes the computing device to at least, in response to receiving the second revision of the program, automatically execute the analysis tool to perform an analysis on the second revision of the program. 4. The system of claim 1 , wherein when executed the application further causes the computing device to at least determine whether the individual ones of the plurality of issues are corrected based at least in part on additional report data identifying at least one issue in the second revision of the program, the additional report data being generated by the analysis tool. 5. The system of claim 1 , wherein when executed the application further causes the computing device to at least determine whether the individual ones of the plurality of issues are corrected based at least in part on manual selection data indicating a subset of the plurality of issues that are planned to be corrected in the second revision of the program. 6. The system of claim 1 , wherein the report data is generated based at least in part on a static analysis of the first revision of the program by the analysis tool. 7. The system of claim 1 , wherein the report data is generated based at least in part on a dynamic analysis of the first revision of the program by the analysis tool. 8. The system of claim 1 , wherein when executed the application further causes the computing device to at least: identify a user responsible for at least a threshold impact of the plurality of issues; and determine at least one of: a coding characteristic associated with the user based at least in part on a source code analysis of source code written by the user; or a configuration characteristic associated with the user based at least in part on an analysis of one or more operational configurations written by the user. 9. A system, comprising: a computing device; and an application executable in the computing device, wherein when executed the application causes the computing device to at least: in response to receiving report data identifying a plurality of issues in a first revision of a program, determine whether individual ones of the plurality of issues have been corrected in a second revision of the program, the report data being generated by an analysis tool; modify a configuration of the analysis tool based at least in part on a status of the individual ones of the plurality of issues in the second revision of the program; identify a user responsible for at least a threshold impact of the plurality of issues; determine at least one of: a coding characteristic associated with the user based at least in part on a source code analysis of source code written by the user; or a configuration characteristic associated with the user based at least in part on an analysis of one or more operational configurations written by the user; and generate a report indicating the user and at least one of: the coding characteristic or the configuration characteristic. 10. A system, comprising: a computing device; and an application executable in the computing device, wherein when executed the application causes the computing device to at least: in response to receiving report data identifying a plurality of issues in a first revision of a program, determine whether individual ones of the plurality of issues have been corrected in a second revision of the program, the report data being generated by an analysis tool; modify a configuration of the analysis tool based at least in part on a status of the individual ones of the plurality of issues in the second revision of the program; identify a user responsible for at least a threshold impact of the plurality of issues; determine at least one of: a coding characteristic associated with the user based at least in part on a source code analysis of source code written by the user; or a configuration characteristic associated with the user based at least in part on an analysis of one or more operational configurations written by the user; and wherein the coding characteristic or the configuration characteristic is a stylistic characteristic that does not directly cause a security issue. 11. A system, comprising: a computing device; and an application executable in the computing device, wherein when executed the application causes the computing device to at least: in response to receiving report data identifying a plurality of issues in a first revision of a program, determine whether individual ones of the plurality of issues have been corrected in a second revision of the program, the report data being generated by an analysis tool; modify a configuration of the analysis tool based at least in part on a status of the individual ones of the plurality of issues in the second revision of the program; identify a user responsible for at least a threshold impact of the plurality of issues; determine at least one of: a coding characteristic associated with the user based at least in part on a source code analysis of source code written by the user; or a configuration characteristic associated with the user based at least in part on an analysis of one or more operational configurations written by the user; and wherein the source code upon which the source code analysis is performed does not exhibit the plurality of issues. 12. The system of claim 11 , wherein the configuration of the analysis tool includes a plurality of rules corresponding to a plurality of possible issues, and individual ones of the plurality of possible issues are associated with corresponding scoring metadata. 13. A method, comprising: receiving, via at least one of one or more computing devices, report data identifying a plurality of issues in a first revision of a program; determining, via at least one of the one or more computing devices, whether individual ones of the plurality of issues have been corrected in a second revision of the program, the report data being generated by an analysis tool; and modifying, via at least one of the one or more computing devices, a configuration of the analysis tool based at least in part on a status of the individual ones of the plurality of issues in the second revision of the program, wherein the configuration
Assignees
Inventors
Classifications
Software metrics · CPC title
- G06F21/577Primary
Assessing vulnerabilities and evaluating computer system security · CPC title
Analysis of software for verifying properties of programs (testing of software G06F11/3668) · CPC title
Version control (security arrangements therefor G06F21/57); Configuration management · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9727736B1 cover?
- Disclosed are various embodiments for tracking developer behavior with respect to software analysis tools. In a first embodiment, issues with a first revision of a program are identified with an analysis tool. The configuration of the analysis tool may be updated based at least in part on a status of the issues in the second revision of the program. In a second embodiment, an analysis tool iden…
- Who is the assignee on this patent?
- Amazon Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/577. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Aug 08 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).