Abstract: A method, computerized apparatus and computer program product, the method comprising: obtaining user code; obtaining an indication of at least one vulnerability, the vulnerability associated with one or more sets comprising at least a first instruction type and a second instruction type; scanning the code using dependency analysis, to obtain for one set: one or more first instructions of the first instruction type, one or more second instructions of the second instruction type, and further instructions associated with entities relevant to the first instruction and the second instruction; eliminating instructions other than the first instruction, the second instruction and one of the further instructions, thereby obtaining a collection of instructions that behaves differently from the user code; and providing the collection of instructions for vulnerability detection.

Abstract: A method, computerized apparatus and computer program product, the method comprising: obtaining user code; determining whether the code uses a reflection mechanism; subject to the code using reflection mechanism, identifying a reflection-related instruction; identifying at least one possible value for at least one variable affecting execution of the reflection-related instruction; determining code components that comply with the at least one possible value for the at least one literal and are reachable from the reflection-related instruction; and outputting information about the reachable code components.

Abstract: A method, computerized apparatus and computer program product, the method comprising: obtaining user code; using static analysis, determining from the user code a collection of components upon which the user code depends, the collection of components comprising a first component representing a first entity, wherein one or more components of the collection of components is to be loaded dynamically by the user code; determining whether the user code or the first component from the collection of components uses dynamic invocation; subject to the user code or the first component using dynamic invocation, adding a new connection to a second component from the collection of components, the second component representing a second entity that augments an entity reachable from the first entity; and outputting information about the second entity.

Abstract: A method, computerized apparatus and computer program product, the method comprising: obtaining user code; obtaining an indication of at least one vulnerability, the vulnerability associated with one or more sets comprising at least a first instruction type and a second instruction type; scanning the code using dependency analysis, to obtain for one set: one or more first instructions of the first instruction type, one or more second instructions of the second instruction type, and further instructions associated with entities relevant to the first instruction and the second instruction; eliminating instructions other than the first instruction, the second instruction and one of the further instructions, thereby obtaining a collection of instructions that behaves differently from the user code; and providing the collection of instructions for vulnerability detection.

Abstract: A computer-implemented method, system and computer program product, the method comprising: obtaining a representation of computer code; analyzing the computer code using a first algorithm to obtain a call graph; subject to the call graph not complying with a stopping criteria: analyzing a part of the computer code using a second algorithm to obtain further edges for the at least one second node; and combining the further edges with the call graph, to obtain a second call graph; and outputting the second call graph.

Abstract: A method, apparatus and computer program product, the method comprising: accessing user computer code; automatically extracting a slice from the user computer code indicating usage or usage attempt of source code, the slice comprising a multiplicity of words; subject to a word from the multiplicity of words being combined of at least two words, splitting the word to the at least two words; issuing a query based on at least some of the multiplicity of words and the at least two words, to a source and document database; and receiving in response to the query, at least one source section or document related to usage of the source code.

Abstract: A method, computerized apparatus and computer program product, the method comprising: obtaining code; determining a collection of open source libraries used by the code; for each open source library: determining whether an updated version comprising an update area exists for the library; and subject to the existence of an updated version: subject to the updated area not being reachable from the user code, updating the open source library to the updated version; subject to the updated area being reachable only from a non-updated area of the updated version wherein the non-updated area is reachable from the user code, updating the open source library to the updated version; and subject to the updated area being reachable directly from a part of the user code, notifying a user about the updated version of the open source library and the part of the computer code.

Abstract: A computer-implemented method, system and computer program product, the method comprising: obtaining computer code; abstracting the computer code to obtain abstracted computer code comprising a plurality of instructions; generating a constraint system, comprising one or more constraints on one or more entities of the abstracted computer code; obtaining a solution to the constraint system, the solution comprising one or more possible types for each entity; and creating a call graph based on the types of the entities.

Abstract: A computer-implemented method, system and computer program product, the method comprising: obtaining computer code; abstracting the computer code to obtain abstracted computer code comprising a plurality of instructions; generating a constraint system, comprising one or more constraints on one or more entities of the abstracted computer code; obtaining a solution to the constraint system, the solution comprising one or more possible types for each entity; and creating a call graph based on the types of the entities.

Abstract: A method, apparatus and computer program product, the method comprising: accessing user computer code; automatically extracting a slice from the user computer code indicating usage or usage attempt of source code, the slice comprising a multiplicity of words; subject to a word from the multiplicity of words being combined of at least two words, splitting the word to the at least two words; issuing a query based on at least some of the multiplicity of words and the at least two words, to a source and document database; and receiving in response to the query, at least one source section or document related to usage of the source code.

Abstract: A document management system including a document manager connected to a document storage, and a backup coordinator connected to the document manager and adapted to: continuously receive a plurality of notifications from the document manager, each including information describing a change in a document stored in the document manager's document storage; and for each notification in the plurality of notifications: select a backup agent from a plurality of backup agents connected to the backup coordinator; send a backup request to the backup agent including the information, for the purpose of updating a copy of the document stored in a backup storage connected to the backup agent; wait for an acknowledgement message from the backup agent; and send another backup request to another backup agent selected from the plurality of backup agents upon a failure to receive the acknowledgement message within an identified amount of time after sending the backup request.

Abstract: A method, system and computer program product, the method comprising: obtaining one or more source files to be examined for open source usage; extracting partial representation of a source file from the source files; creating fingerprints from the partial representation; encoding the fingerprints into characteristics; issuing a query to a database for retrieving from an open source and characteristics index one or more open source files associated with the characteristics; receiving a response including the retrieved open source file; checking whether the source file comprises a snippet from the open source file; and subject to the source file comprising the snippet, outputting an identification of the open source file.

Abstract: A system for producing secure data management software, comprising at least one hardware processor adapted to: receive a plurality of data patterns, each comprising at least one data field identifier selected from a set of protected data field identifiers of at least one data repository, at least one output target, and an access instruction; identify in a plurality of computer instructions of the data management software one or more forbidden output instructions by matching one or more reaching definitions of some of the plurality of computer instructions with one or more of the plurality of data patterns; and remove the one or more forbidden output instructions from the plurality of computer instructions.

Abstract: A method, computerized apparatus and computer program product, the method comprising: obtaining computer code; determining from the computer code a collection of components reachable from the computer code; providing information about the components to a server; identifying by the server using information retrieved from a database, reachable components associated with the collection of components, which have stored vulnerabilities; determining from the computer code and the reachable components that have stored vulnerabilities, a collection of reachable finer resolution components; identifying, further components from the collection of reachable finer resolution components, which have stored vulnerabilities; and outputting information about the further components, wherein the computer code cannot be reconstructed from the information about the collection of components and the information about the finer resolution components.

Abstract: A computer-implemented method, system and computer program product, the method comprising: obtaining a multiplicity of files; dividing the multiplicity of files into disjoint file subsets, such that all files in each file subset from the disjoint file sets are contained in a different combination of repository and repository tag, comprising: searching for repository tag and repository combinations in which each file is contained; and selecting a subset of the repository tag and repository combinations which contain all files, such that one or more repository and repository tag combinations containing a collection of files is selected over one or more other repository and repository tag combinations containing the collection of files, in accordance with one or more value indications associated with each repository and repository tag combination; and outputting the repository and repository tag combination for each of the file subsets.

Abstract: A method, system and computer program product, the method comprising: obtaining one or more source files to be examined for open source usage; extracting partial representation of a source file from the source files; creating fingerprints from the partial representation; encoding the fingerprints into characteristics; issuing a query to a database for retrieving from an open source and characteristics index one or more open source files associated with the characteristics; receiving a response including the retrieved open source file; checking whether the source file comprises a snippet from the open source file; and subject to the source file comprising the snippet, outputting an identification of the open source file.

Abstract: A computer implemented method of assuring correctness of data updated at a remote server and used by a local application, comprising one or more processors at a client terminal adapted to receive from a remote server updated values for a plurality of data items associated with a dataset required for execution of an application executed by the processor(s) where the dataset defines a close relation among the plurality of associated data items, determine whether the reception includes updated values for all of the associated data items, retrieve automatically from a local memory resource, previous values for all of the associated data items in case the updated value is missing for at least one of the associated data items and provide to the application the updated values or the previous values according to the determination.

Abstract: A system for producing secure data management software, comprising at least one hardware processor adapted to: receive a plurality of data patterns, each comprising at least one data field identifier selected from a set of protected data field identifiers of at least one data repository, at least one output target, and an access instruction; identify in a plurality of computer instructions of the data management software one or more forbidden output instructions by matching one or more reaching definitions of some of the plurality of computer instructions with one or more of the plurality of data patterns; and remove the one or more forbidden output instructions from the plurality of computer instructions.

Abstract: According to some embodiments of the present invention there is provided a method for identifying control dependencies between a source code and selected paths though the source code comprising: receiving an source code having a plurality of application functionalities, calculating a control graph dataset mapping a plurality of code segments of the source code into a plurality of source code execution paths, defining at least one control dependency from at least one source code execution path to the source code, receiving a subgroup defining a plurality of selected application functionalities from the plurality of application functionalities, identifying at least one of the plurality of source code execution paths that covers suitable code segments of the plurality of code segments which are required for performing application functionalities from the subset, and identifying at least one control dependency to eliminate within the one identified source code execution path.

Abstract: A method, computerized apparatus and computer program product, the method comprising: obtaining computer code; determining from the computer code a collection of components reachable from the computer code; providing information about the components to a server; identifying by the server using information retrieved from a database, reachable components associated with the collection of components, which have stored vulnerabilities; determining from the computer code and the reachable components that have stored vulnerabilities, a collection of reachable finer resolution components; identifying, further components from the collection of reachable finer resolution components, which have stored vulnerabilities; and outputting information about the further components, wherein the computer code cannot be reconstructed from the information about the collection of components and the information about the finer resolution components.