| 发明名称 |
Remediation of known defects and vulnerabilities in cloud application packages |
| 摘要 |
A method for applying remediation policy to a cloud application package having a set of components is described. The method is initiated in response to discovery of a new vulnerability. It begins by comparing information from a deployment description against a data set of known problems associated with the one or more of the components. The deployment description represents the set of components and their interrelationships. For each of the one or more components, one or more known problems that satisfy a given severity and/or complexity criteria are identified. Thereafter, and with respect to at least one of the components for which one known problem satisfying the given criteria has been identified, the remediation policy (e.g., an update, a replacement, a patch, an additional installable) is applied to attempt to rectify the known problem. After applying the policy, the old version of the package is replaced with the new version. |
| 申请公布号 |
US9195573(B1) |
申请公布日期 |
2015.11.24 |
| 申请号 |
US201414300364 |
申请日期 |
2014.06.10 |
| 申请人 |
International Business Machines Corporation |
发明人 |
Giammaria Alberto;Peters Christopher Andrew;Spatzier Thomas |
| 分类号 |
G06F9/44;G06F11/36;H04L29/08 |
主分类号 |
G06F9/44 |
| 代理机构 |
|
代理人 |
LaBaw Jeffrey S.;Judson David H. |
| 主权项 |
1. Apparatus, comprising:
a processor; computer memory holding computer program instructions executed by the processor to apply a remediation policy to a cloud application package having a set of components, the cloud application package being associated with a catalog of cloud application packages, the computer program instructions comprising:
program code, operative in response to discovery of a new defect or vulnerability, to compare information from a deployment description against a data set of known problems associated with the one or more of the components, the deployment description representing the set of components and their interrelationships;program code, operative to identify, for each of the one or more components, one or more known problems that satisfy a given criteria;program code, operative to apply, with respect to at least one of the components for which at least one known problem satisfying the given criteria has been identified, the remediation policy to attempt to rectify the known problem; andprogram code, operative after applying the remediation policy, to replace an old version of the cloud application package in the catalog of cloud application packages with a new version. |
| 地址 |
Armonk NY US |
