Patents by Inventor Adam Youngberg
Adam Youngberg has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11651083Abstract: A system for validating software security analysis findings includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores a source truth dataset including criteria for validating characteristics of findings. The processor receives a finding from a software security analysis tool that performs scan on application code. The processor identifies a characteristic from the finding. The processor selects a criterion from the non-transitory computer readable medium for validating the identified characteristic. The processor determines a validity score for the finding based on whether the selected criterion is met. The processor determines whether the finding is false positive by comparing the validity score to a predetermined validity threshold. If the finding is true positive, a graphical user interface displays the finding.Type: GrantFiled: February 22, 2021Date of Patent: May 16, 2023Assignee: CAPITAL ONE SERVICES, LLCInventors: Adam Youngberg, David Filbey, Kishore Prabakaran Fernando
-
Publication number: 20220261480Abstract: A system for performing code security scan includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores a plurality of identifiers each identifying a software security analysis tool of one of several categories, including SAST, DAST and OSA tools. The processor receives an identification of code to be scanned. The processor selects at least two identifiers from the plurality of identifiers. The at least two identifiers identify at least two select software security analysis tools for execution on the identified code. The processor receives an execution result from each select software security analysis tool after performing execution on the identified code. The processor aggregates the execution result from each select software security analysis tool. A user interface displays an aggregation of the execution result from each select software security analysis tool.Type: ApplicationFiled: May 9, 2022Publication date: August 18, 2022Inventors: Adam Youngberg, David Filbey, Kishore Prabakaran Fernando, Stephen Kent
-
Patent number: 11113406Abstract: A system for performing de-duplication of findings includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores normalized findings of application code performed by at least one software security analysis tool. Each normalized finding is identifiable by a fingerprint. The processor receives a first finding in a first vendor-provided format from a first software security analysis tool that performs a scan of application code. The processor receives a second finding in a second vendor-provided format from a second software security analysis tool. The processor normalizes the findings to a standardized taxonomy. The processor determines a first fingerprint and a second fingerprint that respectively identify the normalized first and second findings.Type: GrantFiled: July 8, 2019Date of Patent: September 7, 2021Assignee: CAPITAL ONE SERVICES, LLCInventors: Adam Youngberg, Stephen Kent
-
Publication number: 20210256137Abstract: A system for validating software security analysis findings includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores a source truth dataset including criteria for validating characteristics of findings. The processor receives a finding from a software security analysis tool that performs scan on application code. The processor identifies a characteristic from the finding. The processor selects a criterion from the non-transitory computer readable medium for validating the identified characteristic. The processor determines a validity score for the finding based on whether the selected criterion is met. The processor determines whether the finding is false positive by comparing the validity score to a predetermined validity threshold. If the finding is true positive, a graphical user interface displays the finding.Type: ApplicationFiled: February 22, 2021Publication date: August 19, 2021Inventors: Adam Youngberg, David Filbey, Kishore Prabakaran Fernando
-
Patent number: 10929543Abstract: A system for validating software security analysis findings includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores a source truth dataset including criteria for validating characteristics of findings. The processor receives a finding from a software security analysis tool that performs scan on application code. The processor identifies a characteristic from the finding. The processor selects a criterion from the non-transitory computer readable medium for validating the identified characteristic. The processor determines a validity score for the finding based on whether the selected criterion is met. The processor determines whether the finding is false positive by comparing the validity score to a predetermined validity threshold. If the finding is true positive, a graphical user interface displays the finding.Type: GrantFiled: August 26, 2019Date of Patent: February 23, 2021Assignee: CAPITAL ONE SERVICES, LLCInventors: Adam Youngberg, David Filbey, Kishore Prabakaran Fernando
-
Publication number: 20200134194Abstract: A system for validating software security analysis findings includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores a source truth dataset including criteria for validating characteristics of findings. The processor receives a finding from a software security analysis tool that performs scan on application code. The processor identifies a characteristic from the finding. The processor selects a criterion from the non-transitory computer readable medium for validating the identified characteristic. The processor determines a validity score for the finding based on whether the selected criterion is met. The processor determines whether the finding is false positive by comparing the validity score to a predetermined validity threshold. If the finding is true positive, a graphical user interface displays the finding.Type: ApplicationFiled: August 26, 2019Publication date: April 30, 2020Inventors: Adam Youngberg, David Filbey, Kishore Prabakaran Fernando
-
Publication number: 20200134193Abstract: A system for performing de-duplication of findings includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores normalized findings of application code performed by at least one software security analysis tool. Each normalized finding is identifiable by a fingerprint. The processor receives a first finding in a first vendor-provided format from a first software security analysis tool that performs a scan of application code. The processor receives a second finding in a second vendor-provided format from a second software security analysis tool. The processor normalizes the findings to a standardized taxonomy. The processor determines a first fingerprint and a second fingerprint that respectively identify the normalized first and second findings.Type: ApplicationFiled: July 8, 2019Publication date: April 30, 2020Inventors: Adam Youngberg, Stephen Kent
-
Patent number: 10534912Abstract: A system for performing code security scan includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores a plurality of identifiers each identifying a software security analysis tool of one of several categories, including SAST, DAST and OSA tools. The processor receives an identification of code to be scanned. The processor selects at least two identifiers from the plurality of identifiers. The at least two identifiers identify at least two select software security analysis tools for execution on the identified code. The processor receives an execution result from each select software security analysis tool after performing execution on the identified code. The processor aggregates the execution result from each select software security analysis tool. A user interface displays an aggregation of the execution result from each select software security analysis tool.Type: GrantFiled: October 31, 2018Date of Patent: January 14, 2020Assignee: CAPITAL ONE SERVICES, LLCInventor: Adam Youngberg
-
Patent number: 10467419Abstract: A system for assessing software risks includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores category risk scores based on findings generated by software security analysis tools of different categories. The processor receives at least one first finding from a first category of software security analysis tools and at least one second finding from a second category of software security analysis tools. A first category risk score is computed based on the at least one first finding. A second category risk score is computed based on the at least one second finding. An overall risk score for application code is determined by computing a weighted average based on the first category risk score and the second category risk score. A graphical user interface displays the overall risk score.Type: GrantFiled: October 31, 2018Date of Patent: November 5, 2019Assignee: CAPITAL ONE SERVICES, LLCInventors: Adam Youngberg, David Filbey
-
Patent number: 10395041Abstract: A system for validating software security analysis findings includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores a source truth dataset including criteria for validating characteristics of findings. The processor receives a finding from a software security analysis tool that performs scan on application code. The processor identifies a characteristic from the finding. The processor selects a criterion from the non-transitory computer readable medium for validating the identified characteristic. The processor determines a validity score for the finding based on whether the selected criterion is met. The processor determines whether the finding is false positive by comparing the validity score to a predetermined validity threshold. If the finding is true positive, a graphical user interface displays the finding.Type: GrantFiled: October 31, 2018Date of Patent: August 27, 2019Assignee: CAPITAL ONE SERVICES, LLCInventors: Adam Youngberg, David Filbey, Kishore Prabakaran Fernando
-
Patent number: 10387659Abstract: A system for performing de-duplication of findings includes a non-transitory computer readable medium and a processor. The non-transitory computer readable medium stores normalized findings of application code performed by at least one software security analysis tool. Each normalized finding is identifiable by a fingerprint. The processor receives a first finding in a first vendor-provided format from a first software security analysis tool that performs a scan of application code. The processor receives a second finding in a second vendor-provided format from a second software security analysis tool. The processor normalizes the findings to a standardized taxonomy. The processor determines a first fingerprint and a second fingerprint that respectively identify the normalized first and second findings.Type: GrantFiled: October 31, 2018Date of Patent: August 20, 2019Assignee: CAPITAL ONE SERVICES, LLCInventors: Adam Youngberg, Stephen Kent