Patents by Inventor Henrik Plate
Henrik Plate has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11853422Abstract: Embodiments detect malicious code in distributed software components. A detector element references a source code repository (e.g., open source, commercial) containing lines of various files of a distributed artifact. Subject to certain possible optimizations, the detector inspects the individual files and lines of the artifact file-by-file and line-by-line, to identify whether any commit history information is available from a Versioning Control System (VCS). A risk assessor element receives from the detector element, results identifying those lines and/or files for which no VCS commit history is available. The risk assessor then references code features (e.g., file extension, security-critical API calls) in the results, to generate a probability of the malicious nature of the source code lacking VCS commit history information. An analysis report including this probability and additional relevant information, is offered to a user to conduct further manual review (e.g.Type: GrantFiled: December 12, 2019Date of Patent: December 26, 2023Assignee: SAP SEInventor: Henrik Plate
-
Publication number: 20210182391Abstract: Embodiments detect malicious code in distributed software components. A detector element references a source code repository (e.g., open source, commercial) containing lines of various files of a distributed artifact. Subject to certain possible optimizations, the detector inspects the individual files and lines of the artifact file-by-file and line-by-line, to identify whether any commit history information is available from a Versioning Control System (VCS). A risk assessor element receives from the detector element, results identifying those lines and/or files for which no VCS commit history is available. The risk assessor then references code features (e.g., file extension, security-critical API calls) in the results, to generate a probability of the malicious nature of the source code lacking VCS commit history information. An analysis report including this probability and additional relevant information, is offered to a user to conduct further manual review (e.g.Type: ApplicationFiled: December 12, 2019Publication date: June 17, 2021Inventor: Henrik Plate
-
Patent number: 10831899Abstract: Systems and methods are provided for retrieving a set of code changes to source code from a source code repository, analyzing the set of code changes to generate a vector representation of each code change of the set of code changes, analyzing the vector representation of each code change of the set of code changes using a trained security-relevant code detection machine learning model, receiving a prediction from the security-relevant code detection machine learning model representing a probability that each code change of the set of code changes contains security-relevant changes, analyzing the prediction to determine whether the prediction is below or above a predetermined threshold, and generating results based on determining whether the prediction is below or above a predetermined threshold.Type: GrantFiled: May 14, 2018Date of Patent: November 10, 2020Assignee: SAP SEInventors: Michele Bezzi, Antonino Sabetta, Henrik Plate, Serena Ponta
-
Patent number: 10789159Abstract: Systems and methods, as well as computing architecture for implementing the same, for decoy injection into an application. The systems and methods include splitting a standard test phase operation into two complementary phases, and add new unit tests to the process, dedicated to testing the proper coverage of the decoys and avoiding non-regression of the original code.Type: GrantFiled: December 5, 2018Date of Patent: September 29, 2020Assignee: SAP SEInventors: Cedric Hebert, Henrik Plate
-
Publication number: 20200183820Abstract: Systems and methods, as well as computing architecture for implementing the same, for decoy injection into an application. The systems and methods include splitting a standard test phase operation into two complementary phases, and add new unit tests to the process, dedicated to testing the proper coverage of the decoys and avoiding non-regression of the original code.Type: ApplicationFiled: December 5, 2018Publication date: June 11, 2020Inventors: Cedric Hebert, Henrik Plate
-
Publication number: 20200175174Abstract: Data is received that characterizes source code requiring a security vulnerability assessment. Using this received data, an input node of a vulnerability context graph is generated. Subsequently, at least one node is resolved from the input node using at least one of a plurality of resolvers that collectively access each of a knowledge base, a source code commit database, and at least one online resource. Additionally nodes are later iteratively resolved at different depth levels until a pre-defined threshold is met. The vulnerability context graph is then caused to be displayed in a graphical user interface such that each node has a corresponding graphical user interface element which, when activated, causes complementary information for such node to be displayed.Type: ApplicationFiled: December 4, 2018Publication date: June 4, 2020Inventors: Jamarber Bakalli, Michele Bezzi, Cedric Dangremont, Sule Kahraman, Henrik Plate, Serena Ponta, Antonino Sabetta
-
Publication number: 20190347424Abstract: Systems and methods are provided for retrieving a set of code changes to source code from a source code repository, analyzing the set of code changes to generate a vector representation of each code change of the set of code changes, analyzing the vector representation of each code change of the set of code changes using a trained security-relevant code detection machine learning model, receiving a prediction from the security-relevant code detection machine learning model representing a probability that each code change of the set of code changes contains security-relevant changes, analyzing the prediction to determine whether the prediction is below or above a predetermined threshold, and generating results based on determining whether the prediction is below or above a predetermined threshold.Type: ApplicationFiled: May 14, 2018Publication date: November 14, 2019Inventors: Michele Bezzi, Antonino Sabetta, Henrik Plate, Serena Ponta
-
Patent number: 10474456Abstract: Systems and methods are provided for accessing a source code repository comprising a plurality of versions of code, analyzing the plurality of versions of code of the component to compute metrics to identify each version of code, analyzing the metrics to determine a subset of the metrics to use to as a fingerprint definition to identify each version of the code, generating a fingerprint for each version of code using the fingerprint definition, generating a fingerprint matrix with the fingerprint for each version of code for the software component and storing the fingerprint definition and the fingerprint matrixType: GrantFiled: May 17, 2019Date of Patent: November 12, 2019Assignee: SAP SEInventors: Michele Bezzi, Antonino Sabetta, Henrik Plate, Serena Ponta, Francesco Di Cerbo
-
Publication number: 20190272170Abstract: Systems and methods are provided for accessing a source code repository comprising a plurality of versions of code, analyzing the plurality of versions of code of the component to compute metrics to identify each version of code, analyzing the metrics to determine a subset of the metrics to use to as a fingerprint definition to identify each version of the code, generating a fingerprint for each version of code using the fingerprint definition, generating a fingerprint matrix with the fingerprint for each version of code for the software component and storing the fingerprint definition and the fingerprint matrixType: ApplicationFiled: May 17, 2019Publication date: September 5, 2019Inventors: Michele Bezzi, Antonino Sabetta, Henrik Plate, Serena Ponta, Francesco Di Cerbo
-
Patent number: 10360271Abstract: Embodiments provide systems and methods configured to mine information available from informal sources (e.g., social media, blogs, and forums) regarding security vulnerabilities. Particular embodiments may comprise engine(s) of a backend in communication with a user through an interface of a frontend, and also in communication with an underlying database to store security information and related information (e.g. search parameters). Embodiments may allow creation of user-specific search phrases for searching information in one or more informal social media information sources. Search results may be consolidated, and users such as system administrators quickly alerted to possible security issues. Embodiments may refine data mining over time by tracking the reputation (e.g. for data accuracy, freshness) of various sources. Embodiments may also reference formal official and third party sources of security information.Type: GrantFiled: February 25, 2014Date of Patent: July 23, 2019Assignee: SAP SEInventors: Slim Trabelsi, Henrik Plate, Gilles Montagnon, Elton Mathias
-
Patent number: 10338916Abstract: Systems and methods are provided for accessing a source code repository comprising a plurality of versions of code, analyzing the plurality of versions of code of the component to compute metrics to identify each version of code, analyzing the metrics to determine a subset of the metrics to use to as a fingerprint definition to identify each version of the code, generating a fingerprint for each version of code using the fingerprint definition, generating a fingerprint matrix with the fingerprint for each version of code for the software component and storing the fingerprint definition and the fingerprint matrix.Type: GrantFiled: December 7, 2016Date of Patent: July 2, 2019Assignee: SAP SEInventors: Michele Bezzi, Antonino Sabetta, Henrik Plate, Serena Ponta, Francesco Di Cerbo
-
Publication number: 20180157486Abstract: Systems and methods are provided for accessing a source code repository comprising a plurality of versions of code, analyzing the plurality of versions of code of the component to compute metrics to identify each version of code, analyzing the metrics to determine a subset of the metrics to use to as a fingerprint definition to identify each version of the code, generating a fingerprint for each version of code using the fingerprint definition, generating a fingerprint matrix with the fingerprint for each version of code for the software component and storing the fingerprint definition and the fingerprint matrixType: ApplicationFiled: December 7, 2016Publication date: June 7, 2018Inventors: Michele Bezzi, Antonino Sabetta, Henrik Plate, Serena Ponta, Francesco Di Cerbo
-
Patent number: 9959111Abstract: Various embodiments of systems, computer program products, and methods for prioritizing software patches are described herein. In an aspect, the software patches are retrieved by querying software repositories. Further, code changes associated with the software patches are determined. One or more instances of bug fix patterns are identified in determined code changes. The software patches are classified based on the identified bug fix patterns. Priorities of the software patches corresponding to the identified instances of the bug fix patterns are determined based on the classification and a pre-defined policy. Upon determining priorities, the software patches are installed based on the priorities.Type: GrantFiled: July 11, 2016Date of Patent: May 1, 2018Assignee: SAP SEInventors: Henrik Plate, Serena Ponta, Antonino Sabetta
-
Patent number: 9880832Abstract: Automated systems and methods for assessing the urgency of installing a patch for a component of a software application are described. The systems and methods involve identifying a set of defective programming constructs of the component that are altered by the patch, collecting execution traces of programming constructs of the software application and programming constructs of the component in a context of application use, and evaluating the execution traces to determine whether one or more defective programming constructs of the component are invoked in the context of application use.Type: GrantFiled: March 6, 2015Date of Patent: January 30, 2018Assignee: SAP SEInventors: Henrik Plate, Serena Ponta, Antonino Sabetta
-
Publication number: 20180011700Abstract: Various embodiments of systems, computer program products, and methods for prioritizing software patches are described herein. In an aspect, the software patches are retrieved by querying software repositories. Further, code changes associated with the software patches are determined. One or more instances of bug fix patterns are identified in determined code changes. The software patches are classified based on the identified bug fix patterns. Priorities of the software patches corresponding to the identified instances of the bug fix patterns are determined based on the classification and a pre-defined policy. Upon determining priorities, the software patches are installed based on the priorities.Type: ApplicationFiled: July 11, 2016Publication date: January 11, 2018Inventors: HENRIK PLATE, Serena Ponta, Antonino Sabetta
-
Patent number: 9792200Abstract: Implementations are directed to enhancing assessment of one or more known vulnerabilities inside one or more third-party libraries used within an application program that interacts with the one or more third-party libraries. In some examples, actions include receiving a complete call graph that is provided by static source code analysis (SSCA) of the application program and any third-party libraries used by the application, receiving one or more stack traces that are provided based on dynamic source code analysis (DSCA) during execution of the application program, processing the complete call graph, the one or more stack traces, and vulnerable function data to provide one or more combined call graphs, the vulnerable function data identifying one or more vulnerable functions included in the one or more third-party libraries, each combined call graph being specific to a respective vulnerable function, and providing a graphical representation of each combined call graph.Type: GrantFiled: March 1, 2016Date of Patent: October 17, 2017Assignee: SAP SEInventors: Henrik Plate, Serena Ponta, Antonino Sabetta
-
Publication number: 20170255544Abstract: Implementations are directed to enhancing assessment of one or more known vulnerabilities inside one or more third-party libraries used within an application program that interacts with the one or more third-party libraries. In some examples, actions include receiving a complete call graph that is provided by static source code analysis (SSCA) of the application program and any third-party libraries used by the application, receiving one or more stack traces that are provided based on dynamic source code analysis (DSCA) during execution of the application program, processing the complete call graph, the one or more stack traces, and vulnerable function data to provide one or more combined call graphs, the vulnerable function data identifying one or more vulnerable functions included in the one or more third-party libraries, each combined call graph being specific to a respective vulnerable function, and providing a graphical representation of each combined call graph.Type: ApplicationFiled: March 1, 2016Publication date: September 7, 2017Applicant: SAP SEInventors: Henrik Plate, Serena Ponta, Antonino Sabetta
-
Patent number: 9558017Abstract: In accordance with aspects of the disclosure, systems and methods are provided for managing software component dependencies for applications using declarative constraint definitions, including enabling specification of constraint definitions using a declarative language to analyze and detect software component dependencies on one or more libraries that meet certain criteria, identifying and checking software component dependencies on the one or more libraries that violate the constraint definitions, and implementing an algorithm for analyzing applications and resolving software component dependencies on the one or more libraries that violate the constraint definitions.Type: GrantFiled: March 18, 2014Date of Patent: January 31, 2017Assignee: SAP SEInventor: Henrik Plate
-
Publication number: 20160259636Abstract: Automated systems and methods for assessing the urgency of installing a patch for a component of a software application are described. The systems and methods involve identifying a set of defective programming constructs of the component that are altered by the patch, collecting execution traces of programming constructs of the software application and programming constructs of the component in a context of application use, and evaluating the execution traces to determine whether one or more defective programming constructs of the component are invoked in the context of application use.Type: ApplicationFiled: March 6, 2015Publication date: September 8, 2016Inventors: Henrik PLATE, Serena PONTA, Antonino SABETTA
-
Publication number: 20150268948Abstract: In accordance with aspects of the disclosure, systems and methods are provided for managing software component dependencies for applications using declarative constraint definitions, including enabling specification of constraint definitions using a declarative language to analyze and detect software component dependencies on one or more libraries that meet certain criteria, identifying and checking software component dependencies on the one or more libraries that violate the constraint definitions, and implementing an algorithm for analyzing applications and resolving software component dependencies on the one or more libraries that violate the constraint definitions.Type: ApplicationFiled: March 18, 2014Publication date: September 24, 2015Inventor: Henrik Plate