Abstract: In a system for facilitating detection of vulnerabilities in a deployed software application, a software component (also called a self-scanning component) is provided for integration with the software application. The self-scanning component is configured to detect one or more conditions associated with the deployment of the software application and, upon the detection of such condition(s), to collect and/or transmit at least a portion of the application code to a vulnerability scanner. The self-scanning component can receive a vulnerability report from the scanner and can present the report or an analysis of the report. The presentation can be a display or inclusion of the report or analysis thereof in a log generated by the software application.

Abstract: In a system for attributing one or more vulnerabilities in a software application to one or more developers, information identifying the source of a vulnerability is obtained from a vulnerability report. From a repository, developer-related information associated with the identified source is obtained. One or more developers are selected from the developer-related information according to one or more specified rules, and the defect is attributed to the selected developer(s). Attribution of the defect may indicate that the developer(s) contributed to introduction of the defect or to remedying the defect.

Abstract: In a system for facilitating detection of vulnerabilities in a deployed software application, a software component (also called a self-scanning component) is provided for integration with the software application. The self-scanning component is configured to detect one or more conditions associated with the deployment of the software application and, upon the detection of such condition(s), to collect and/or transmit at least a portion of the application code to a vulnerability scanner. The self-scanning component can receive a vulnerability report from the scanner and can present the report as received or an analysis of the report. The presentation can be a display or inclusion of the report or analysis thereof in a log generated by the software application.

Abstract: In a system for attributing one or more vulnerabilities in a software application to one or more developers, information identifying the source of a vulnerability is obtained from a vulnerability report. From a repository, developer-related information associated with the identified source is obtained. One or more developers are selected from the developer-related information according to one or more specified rules, and the defect is attributed to the selected developer(s). Attribution of the defect may indicate that the developer(s) contributed to introduction of the defect or to remedying the defect.