VULNERABILITY ANALYSIS FOR SOFTWARE PRODUCTS

Organization Name

dell products l.p.

Inventor(s)

Nandini Arulmani of Salem (IN)

Radha Bhavya Sri Sai Menta of Kuppam (IN)

Deeksha Srivastava of Bengaluru (IN)

Palani Raja Zeavelou of Puducherry (IN)

VULNERABILITY ANALYSIS FOR SOFTWARE PRODUCTS - A simplified explanation of the abstract

This abstract first appeared for US patent application 20240126871 titled 'VULNERABILITY ANALYSIS FOR SOFTWARE PRODUCTS

Simplified Explanation

The apparatus described in the patent application is designed to automatically analyze software code to identify APIs of software libraries used in the code, determine if any of these APIs have reported vulnerabilities, and then automate the upgrade of the software libraries based on the identified impacted software classes.

• The processing device analyzes software code to identify APIs of software libraries used in the code.
• It checks if any of the identified APIs have reported vulnerabilities.
• If vulnerabilities are found, it identifies impacted software classes of the software product.
• It then automates the upgrade of the software libraries based on the impacted software classes.

Potential Applications

This technology can be applied in software development and cybersecurity industries to enhance the security of software products by automatically identifying and upgrading vulnerable software libraries.

Problems Solved

1. Manual identification of vulnerable APIs in software code is time-consuming and prone to human error. This technology automates the process, saving time and reducing errors. 2. Ensuring the security of software products by upgrading vulnerable software libraries can be a complex task. This technology simplifies and streamlines the upgrade process.

Benefits

1. Improved security of software products by identifying and upgrading vulnerable software libraries. 2. Time and cost savings in the software development process by automating the identification and upgrade of vulnerable APIs.

Potential Commercial Applications

Automated Vulnerability Detection and Upgrade System for Software Libraries

Possible Prior Art

One possible prior art in this field is the use of static code analysis tools to identify vulnerabilities in software code. However, the specific focus on automatically identifying and upgrading vulnerable software libraries based on impacted software classes may be a novel aspect of this technology.

Unanswered Questions

How does the apparatus handle complex software dependencies when upgrading software libraries?

The patent application does not provide details on how the apparatus manages complex software dependencies during the upgrade process.

What is the accuracy rate of the automated vulnerability detection in identifying vulnerable APIs?

The patent application does not mention the accuracy rate of the automated vulnerability detection process.

Original Abstract Submitted

an apparatus comprises a processing device configured to analyze software code of a software product to identify application programming interfaces (apis) of software libraries used in the software code of the software product, and to determine whether any of the identified apis used in the software code of the software product correspond to any apis of the software libraries having reported vulnerabilities. the processing device is also configured, responsive to determining that at least one of the identified apis used in the software code of the software product correspond to at least one of the apis having reported vulnerabilities, to identify impacted software classes of the software product. the processing device is further configured to automate upgrade of the software libraries used in the software code of the software product based on the identified impacted software classes.