| 摘要 |
The method includes identifying an instance of software installed. The method further includes determining a fingerprint corresponding to the instance of software installed. The method further includes determining a security risk associated with the instance of software installed. The method further includes identifying a software management policy for the instance of software based upon the fingerprint, security risk, and designated purpose of the computing device. In one embodiment, the method further includes in response to identifying the software management policy, enforcing, by one or more computer processors, the software management policy on the instance of software installed on the computing device. |
| 主权项 |
1. A method for managing software on one or more computing devices, the method comprising:
identifying, by one or more computer processors, an instance of software installed on a computing device, wherein determining the fingerprint for the instance of software on the computing device, comprises:
identifying, by one or more computer processors, one or more attributes for the instance of software based, at least in part, on one or more of using a checksum, using an expected cryptographic signature, using a hash of attributes of files in the instance of software, using a stated software version, and using a source location for the instance of software; anddetermining, by one or more computer processors, the fingerprint based on at least one of the one or more identified attributes of the instance of software; determining, by one or more computer processors, a fingerprint corresponding to the instance of software installed on the computing device; determining, by one or more computer processors, a security risk associated with the instance of software installed on the computing device; identifying, by one or more computer processors, a software management policy for the instance of software based, at least in part, on the determined fingerprint, the determined security risk associated with the instance of software, and a designated purpose of the computing device; in response to identifying the software management policy, enforcing, by one or more computer processors, the software management policy on the instance of software installed on the computing device, wherein the software management policy comprises one or more of: allowing the instance of software to operate without restrictions, uninstalling the instance of software, scheduling uninstallation of the instance of software after a period of time, uninstalling the instance of software unless the instance of software is being installed into a temporary use privileged admin virtual workstation or other risk reducing containerization, and updating the instance of software to version known to have an acceptable security risk; and identifying, by one or more computer processors, a second computing device that includes a second instance of software that has a similar fingerprint to the determined fingerprint corresponding to the instance of software installed on the computing device;
identifying, by one or more computer processors, a second software management policy on the second computing device that includes the second instance of software based, at least in part, on the security risk; andin response to identifying the second software management policy, enforcing, by one or more computer processors, the second software management policy on the second instance of software. |
