| 发明名称 |
Crowd-sourced security analysis |
| 摘要 |
A cloud-based static analysis security tool that is accessible by a set of application development environments is augmented to provide for anonymous knowledge sharing to facilitate reducing security vulnerabilities. To the end, a crowdsourcing platform and social network are associated with the application development environments. Access to the social network platform by users of the application development environments is enabled. The anonymous access enables users to post messages without exposing sensitive data associated with a particular application development environment. As the static analysis security tool is used, a knowledgebase of information regarding identified security findings, fix priorities, and so forth, is continuously updated. Social network content (e.g., in the form of analytics, workflow recommendations, and the like) is then published from the knowledgebase to provide users with security knowledge generated by the tool from the set of application development environments. The approach provides for secure and anonymous cross-organization information sharing. |
| 申请公布号 |
US9531745(B1) |
申请公布日期 |
2016.12.27 |
| 申请号 |
US201514946810 |
申请日期 |
2015.11.20 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Sharma Babita;Goldberg Richard Myer;Turnham Jeffrey Charles |
| 分类号 |
H04L29/06;G06F17/27;G06F21/62 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
LaBaw Jeffrey S.;Judson David H. |
| 主权项 |
1. A method to reduce security vulnerability in association with a cloud-based static analysis security tool that is accessible by a set of application development environments, comprising:
associating a social networking platform with the application development environments; enabling anonymous access to the social networking platform by users of the application development environments, the anonymous access enabling users to upload messages for posting to a forum; prior to posting, filtering a message and, responsive to the filtering, automatically obfuscating sensitive data associated with a particular application development environment and any application code included in the message; receiving security findings generated as users of the application development environments use the cloud-based static analysis security tool; processing the received security findings using machine learning, and storing the processed security findings into a knowledgebase; and providing social network content associated with the processed security findings from the knowledgebase as crowdsourced security knowledge generated from use of the cloud-based static analysis security tool by users of the application development environments. |
| 地址 |
Armonk NY US |
