Abstract: A system and method for security risk identification in a secure software lifecycle. A knowledge database has a plurality of security elements which are identified for a particular software application depending on software environment and prioritized in a task list. Code vulnerabilities are identified using code scanners, with security requirements updated based on identified vulnerabilities, lack of vulnerabilities for weaknesses covered by a code scanner, potential weaknesses not adequately covered by code scanners, and software environment changes.
Abstract: An electronic just-in-time learning and training system that is integrated into a user workflow to provide users with the knowledge they require to complete the tasks in the workflow and to provide meaningful and impactful training to users or advancement along a learning or training path. User tasks are matched to training modules in a training database to assist with completion of a task while a user profile tracks user training to deliver the most appropriate training modules. The system tracks completion of training modules to guide the user with training and advancement and to offer the user opportunities for additional certification and learning.
Type:
Grant
Filed:
October 27, 2021
Date of Patent:
November 7, 2023
Assignee:
SECURITY COMPASS TECHNOLOGIES LTD.
Inventors:
Ehsan Foroughi, Houssam Haidar, Calvin Lo, Lauren Park, Rohit Kumar Sethi, Emin Tham, Geoffrey Charles Whittington
Abstract: A system and method for automation of task identification and control in a software lifecycle. Software context for a software asset is extracted from context repositories of the software asset during software development and operation, the extracted context data is matched to relevant tasks in a knowledge database to select tasks for the software asset, and task prioritization and orchestration are presented in a prioritized task list during a software lifecycle.
Abstract: A system and method for security risk identification in a secure software lifecycle. A knowledge database has a plurality of security elements which are identified for a particular software application depending on software environment and prioritized in a task list. Code vulnerabilities are identified using code scanners, with security requirements updated based on identified vulnerabilities, lack of vulnerabilities for weaknesses covered by a code scanner, potential weaknesses not adequately covered by code scanners, and software environment changes. The system identifies a security requirement that has passed the test of the code scanner, identifies the strength of the code scanner to discover a particular code vulnerability associated with the security requirement, and updates the security requirement to indicate a verified compliance state.
Abstract: A system and method for automation of task identification and control in a software lifecycle. Software context for a software asset is extracted from context repositories of the software asset during software development and operation, the extracted context data is matched to relevant tasks in a knowledge database to select tasks for the software asset, and task prioritization and orchestration are presented in a prioritized task list during a software lifecycle.