Abstract: A method of verifying an application includes downloading source code for a first function exposed by the application and parsing the source code to determine an input object of the first function. The method also includes injecting a first fuzzing payload into the input object to generate a test object, invoking the first function using the test object, and determining whether the first function includes a vulnerability by analyzing a response to invoking the first function using the test object.

Abstract: A system receives source code for analysis. The system identifies external references to reference code in source code. The reference code is not included in the source code received for analysis. The system generates code stubs corresponding to the external references. Each code stub describes a semantic context for the corresponding external reference. The system provides the set of source code and the one or more code stubs for analysis of the code, for example, using a code analysis tool.

Abstract: A system performs static program analysis with artifact reuse. The system identifies artifacts associated with the software program being analyzed. The system processes the identified artifacts for performing static program analysis and transmits either the artifacts or identifiers for the artifacts to a second processing device for performing program analysis. The second processing device receives the artifacts and uses the received identifiers to retrieve the artifacts from a networked storage system. The second device also retrieves stored summaries of previous program analysis from the networked storage system. The program analysis uses the retrieved artifacts to generate work units for static program analysis. The analysis is performed only for those work units that are determined to remain unchanged from previous static program analysis cycles.

Abstract: Aspects and implementations of the present disclosure are directed to methods and systems for comparing sets of files using signatures. In general, in some implementations, an audit system compares a first plurality of signatures representing element information for a first file hierarchy to a second plurality of signatures representing element information for a second file hierarchy. The audit system determines, based on the comparison of the first plurality of signatures to the second plurality of signatures, whether the first file hierarchy is likely to be a modified copy of the second file hierarchy. In some implementations, the audit system compares signatures of a first signature type, selects a second signature type based on the comparison using the first signature type, and compares signatures of the second signature type. In some implementations, the second plurality of signatures is stored in a catalog of signatures representing various file hierarchies.

Abstract: Methods and systems to manage software development. Embodiments of the present invention allow a programmer to specify the software packages, services, and other materials used in a particular software project. As development of the software project proceeds, the materials associated with the project are reviewed to identify the materials actually used in the project and to identify any discrepancies between what has been specified and what materials are actually used. Metadata, for example license and contractual terms and other policies relating to the specified materials and the materials actually used in the project may optionally be retrieved and analyzed to identify conflicting metadata.

Abstract: Aspects and implementations of the present disclosure are directed to methods and systems for comparing sets of files using signatures. In general, in some implementations, an audit system compares a first plurality of signatures representing element information for a first file hierarchy to a second plurality of signatures representing element information for a second file hierarchy. The audit system determines, based on the comparison of the first plurality of signatures to the second plurality of signatures, whether the first file hierarchy is likely to be a modified copy of the second file hierarchy. In some implementations, the audit system compares signatures of a first signature type, selects a second signature type based on the comparison using the first signature type, and compares signatures of the second signature type. In some implementations, the second plurality of signatures is stored in a catalog of signatures representing various file hierarchies.

Abstract: Aspects and implementations of the present disclosure are directed to methods and systems for representing sets of files using signatures. In general, in some implementations, an audit system scans a file hierarchy comprising a root directory and a plurality of elements (e.g., directories, data files, and archive files) to identify elements satisfying an element selection criteria. The audit system creates element descriptors by identifying, for each respective identified element, one or more element component values and creating an element descriptor from the element component values. The audit system forms a string descriptor comprising an aggregation of the element descriptors and generates a signature for the string descriptor. The signature may be stored in association with metadata for the root directory. In some implementations, the audit system identifies multiple sets of files represented by equivalent signatures and records the representations of the set of files compactly.

Abstract: The disclosed technology can mitigate the risk of infringing a content owner's rights in legally-protectable content by operating as a trusted, third-party license authority between content owners and content users to ensure that a license governing at least some aspects of the protectable content is authentic and thus validly represents the restrictions imposed by content owners pertaining to the use, distribution, modification, combination, interaction, and/or other manipulation of such content. An identifier representative of the protectable content together with a profile of the license (which may include attributes that specify particular restrictions, uses, and interactions pertaining to the protectable content) can serve as a basis for determining the authenticity of the license associated with the protectable content.

Abstract: The disclosed technology can mitigate the risk of infringing a content owner's rights in legally-protectable content by operating as a trusted, third-party license authority between content owners and content users to ensure that a license governing at least some aspects of the protectable content is authentic and thus validly represents the restrictions imposed by content owners pertaining to the use, distribution, modification, combination, interaction, and/or other manipulation of such content. An identifier representative of the protectable content together with a profile of the license (which may include attributes that specify particular restrictions, uses, and interactions pertaining to the protectable content) can serve as a basis for determining the authenticity of the license associated with the protectable content.

Abstract: In an embodiment, a method of operating a software search engine is provided. The method includes populating a software code database from one or more sources of source code. The method also includes receiving a search query for a software code search engine (525). The method further includes searching the software code database with the search query (530). Moreover, the method includes presenting results of the searching (550). Additionally, the method includes tracking reuse of code portions of the software code database. Also, the method includes reporting on usage of code portions of the software code database (560).

Abstract: A content file is examined and compared against one or more comparison files. An indication is provided that the content file is similar to the one comparison file that is the best match with the examined content file.

Abstract: A system and method for determining export requirements for a content file may include examining a content file to identify content used by or included in the content file that is subject to export control, determining, in response to the identified content, export requirements that are applicable to the content file, and providing an indication of the determined export requirements.

Abstract: A protectable content is inspected using both a first technique and a second technique that is different from the first technique. An area of interest in the protectable content is then identified based on the inspections.

Abstract: A system and method for determining export requirements for a content file may include examining a content file to identify content used by or included in the content file that is subject to export control, determining, in response to the identified content, export requirements that are applicable to the content file, and providing an indication of the determined export requirements.

Abstract: In various embodiments, a system, method and apparatus for notification of source code discovery is provided. In an embodiment, a method is provided. The method includes detecting a change in source code. The method further includes extracting the change in source code. The method also includes constructing a search criteria based on the change in source code. Moreover, the method includes receiving the search results responsive to the search criteria. Also, the method includes presenting information related to the search results.

Abstract: The disclosed technology can be used to develop systems and perform methods in which restriction, use, and/or interaction values can be assigned to license attributes associated with a first license to specify particular restrictions, uses (e.g., distribution), and interactions (e.g., manipulations) pertaining to a first protectable content. These restriction, use, and/or interaction values can be compared with corresponding attribute values associated with a second license and a second protectable content and such comparisons can serve as a basis for determining attributes associated with a third protectable content, where the third protectable content is based on a combination of at least some aspects of the first protectable content and the second protectable content.

Abstract: A system and method for determining export requirements for a content file may include examining a content file to identify content used by or included in the content file that is subject to export control, determining, in response to the identified content, export requirements that are applicable to the content file, and providing an indication of the determined export requirements.

Abstract: A system and method for determining export requirements for a content file may include examining a content file to identify content used by or included in the content file that is subject to export control, determining, in response to the identified content, export requirements that are applicable to the content file, and providing an indication of the determined export requirements.

Abstract: The disclosed technology can mitigate the risk of infringing a content owner's rights in legally-protectable content by operating as a trusted, third-party license authority between content owners and content users to ensure that a license governing at least some aspects of the protectable content is authentic and thus validly represents the restrictions imposed by content owners pertaining to the use, distribution, modification, combination, interaction, and/or other manipulation of such content. An identifier representative of the protectable content together with a profile of the license (which may include attributes that specify particular restrictions, uses, and interactions pertaining to the protectable content) can serve as a basis for determining the authenticity of the license associated with the protectable content.

Abstract: The disclosed technology can be used to develop systems and perform methods in which restriction, use, and/or interaction values can be assigned to license attributes associated with a first license to specify particular restrictions, uses (e.g., distribution), and interactions (e.g., manipulations) pertaining to a first protectable content. These restriction, use, and/or interaction values can be compared with corresponding attribute values associated with a second license and a second protectable content and such comparisons can serve as a basis for determining attributes associated with a third protectable content, where the third protectable content is based on a combination of at least some aspects of the first protectable content and the second protectable content.