发明名称 |
ESTIMATING A QUANTITY OF EXPLOITABLE SECURITY VULNERABILITIES IN A RELEASE OF AN APPLICATION |
摘要 |
Examples disclosed herein relate to estimating a quantity of exploitable security vulnerabilities in a release of an application. Examples include acquiring a source code analysis result representing a number of source code issues identified by source code analysis in a target release of an application. Examples further include estimating a quantity of exploitable security vulnerabilities contained in the target release of the application based on the source code analysis result and metrics for a plurality of historic releases of the application. |
申请公布号 |
US2014366140(A1) |
申请公布日期 |
2014.12.11 |
申请号 |
US201313914355 |
申请日期 |
2013.06.10 |
申请人 |
Hewlett-Packard Development Company, L.P. |
发明人 |
CHEN Liqun;EDWARDS Nigel |
分类号 |
G06F21/57 |
主分类号 |
G06F21/57 |
代理机构 |
|
代理人 |
|
主权项 |
1. A system comprising:
a source code engine to acquire, from a source code analysis system, a source code analysis result representing a number of source code issues identified by the source code analysis system in a target release of an application; an acquisition engine to acquire predictive information at least partially representing a predictive function relating a plurality of quantitative security vulnerability reporting metrics for a plurality of historic releases of the application predating the target release to a plurality of quantitative source code analysis metrics for the historic releases of the application; and an estimate engine to determine an estimate of a quantity of exploitable security vulnerabilities contained in the target release of the application based on the source code analysis result and the predictive information. |
地址 |
Houston TX US |