Patents by Inventor Henrik Plate

Henrik Plate has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12189788
    Abstract: A non-transitory computer-readable media, method and server for detecting and addressing vulnerabilities in a third-party code are described. In some examples, a server receives a security advisory that includes a description of a vulnerability and accesses a version control system (VCS) used by a third-party library to determine additional resources related to the vulnerability. The server determines a set of code changes performed by the project maintainers in the VCS, identifies one or more fix commits that address the vulnerability, and identifies one or more functions with the vulnerability that have been changed by the fix commits. The server performs a search for components and component versions that include the one or more functions with the vulnerability and generates an enriched vulnerability description that includes identifiers of package versions that include fixed versions of the one or more functions and vulnerable version of the one or more functions.
    Type: Grant
    Filed: June 12, 2024
    Date of Patent: January 7, 2025
    Assignee: Endor Labs Inc
    Inventors: Henrik Plate, Dimitrios Styliadis, Alexandre Wilhelm
  • Publication number: 20240411897
    Abstract: In some examples, a server receives a security advisory that includes a description of a vulnerability and accesses a version control system (VCS) used by a third-party library to determine additional resources related to the vulnerability. The server determines a set of code changes performed by the project maintainers in the VCS, identifies one or more fix commits that address the vulnerability, and identifies one or more functions with the vulnerability that have been changed by the fix commits. The server performs a search for components and component versions that include the one or more functions with the vulnerability and generates an enriched vulnerability description that includes identifiers of package versions that include fixed versions of the one or more functions and vulnerable version of the one or more functions. Project code in a development system is modified to use the fixed versions of the one or more functions.
    Type: Application
    Filed: June 12, 2024
    Publication date: December 12, 2024
    Applicant: Endor Labs Inc
    Inventors: Henrik PLATE, Dimitrios STYLIADIS, Alexandre WILHELM
  • Publication number: 20240411882
    Abstract: In some examples, a server injects malicious code into a legitimate software package to create an injected package. The server uses an artificial intelligence to extract a plurality of parts from the injected package and to mutate individual parts of the plurality of parts to create mutated parts. The server assembles the mutated parts to create a mutated malware. A malware scanner determines a risk score associated with the mutated malware. Based at least in part on determining that the score satisfies a predetermined threshold, the server stores the mutated malware in a set of mutated malware and creates at least one additional mutation based on the mutated malware. After determining that a size of the set of mutated malware satisfies a requested size, the malware scanner is modified to increase detection of the malicious code in individual mutated malware in the set of mutated malware.
    Type: Application
    Filed: November 25, 2023
    Publication date: December 12, 2024
    Applicant: Endor Labs Inc
    Inventors: Henrik PLATE, Dimitrios STYLIADIS
  • Patent number: 11853422
    Abstract: Embodiments detect malicious code in distributed software components. A detector element references a source code repository (e.g., open source, commercial) containing lines of various files of a distributed artifact. Subject to certain possible optimizations, the detector inspects the individual files and lines of the artifact file-by-file and line-by-line, to identify whether any commit history information is available from a Versioning Control System (VCS). A risk assessor element receives from the detector element, results identifying those lines and/or files for which no VCS commit history is available. The risk assessor then references code features (e.g., file extension, security-critical API calls) in the results, to generate a probability of the malicious nature of the source code lacking VCS commit history information. An analysis report including this probability and additional relevant information, is offered to a user to conduct further manual review (e.g.
    Type: Grant
    Filed: December 12, 2019
    Date of Patent: December 26, 2023
    Assignee: SAP SE
    Inventor: Henrik Plate
  • Publication number: 20210182391
    Abstract: Embodiments detect malicious code in distributed software components. A detector element references a source code repository (e.g., open source, commercial) containing lines of various files of a distributed artifact. Subject to certain possible optimizations, the detector inspects the individual files and lines of the artifact file-by-file and line-by-line, to identify whether any commit history information is available from a Versioning Control System (VCS). A risk assessor element receives from the detector element, results identifying those lines and/or files for which no VCS commit history is available. The risk assessor then references code features (e.g., file extension, security-critical API calls) in the results, to generate a probability of the malicious nature of the source code lacking VCS commit history information. An analysis report including this probability and additional relevant information, is offered to a user to conduct further manual review (e.g.
    Type: Application
    Filed: December 12, 2019
    Publication date: June 17, 2021
    Inventor: Henrik Plate
  • Patent number: 10831899
    Abstract: Systems and methods are provided for retrieving a set of code changes to source code from a source code repository, analyzing the set of code changes to generate a vector representation of each code change of the set of code changes, analyzing the vector representation of each code change of the set of code changes using a trained security-relevant code detection machine learning model, receiving a prediction from the security-relevant code detection machine learning model representing a probability that each code change of the set of code changes contains security-relevant changes, analyzing the prediction to determine whether the prediction is below or above a predetermined threshold, and generating results based on determining whether the prediction is below or above a predetermined threshold.
    Type: Grant
    Filed: May 14, 2018
    Date of Patent: November 10, 2020
    Assignee: SAP SE
    Inventors: Michele Bezzi, Antonino Sabetta, Henrik Plate, Serena Ponta
  • Patent number: 10789159
    Abstract: Systems and methods, as well as computing architecture for implementing the same, for decoy injection into an application. The systems and methods include splitting a standard test phase operation into two complementary phases, and add new unit tests to the process, dedicated to testing the proper coverage of the decoys and avoiding non-regression of the original code.
    Type: Grant
    Filed: December 5, 2018
    Date of Patent: September 29, 2020
    Assignee: SAP SE
    Inventors: Cedric Hebert, Henrik Plate
  • Publication number: 20200183820
    Abstract: Systems and methods, as well as computing architecture for implementing the same, for decoy injection into an application. The systems and methods include splitting a standard test phase operation into two complementary phases, and add new unit tests to the process, dedicated to testing the proper coverage of the decoys and avoiding non-regression of the original code.
    Type: Application
    Filed: December 5, 2018
    Publication date: June 11, 2020
    Inventors: Cedric Hebert, Henrik Plate
  • Publication number: 20200175174
    Abstract: Data is received that characterizes source code requiring a security vulnerability assessment. Using this received data, an input node of a vulnerability context graph is generated. Subsequently, at least one node is resolved from the input node using at least one of a plurality of resolvers that collectively access each of a knowledge base, a source code commit database, and at least one online resource. Additionally nodes are later iteratively resolved at different depth levels until a pre-defined threshold is met. The vulnerability context graph is then caused to be displayed in a graphical user interface such that each node has a corresponding graphical user interface element which, when activated, causes complementary information for such node to be displayed.
    Type: Application
    Filed: December 4, 2018
    Publication date: June 4, 2020
    Inventors: Jamarber Bakalli, Michele Bezzi, Cedric Dangremont, Sule Kahraman, Henrik Plate, Serena Ponta, Antonino Sabetta
  • Publication number: 20190347424
    Abstract: Systems and methods are provided for retrieving a set of code changes to source code from a source code repository, analyzing the set of code changes to generate a vector representation of each code change of the set of code changes, analyzing the vector representation of each code change of the set of code changes using a trained security-relevant code detection machine learning model, receiving a prediction from the security-relevant code detection machine learning model representing a probability that each code change of the set of code changes contains security-relevant changes, analyzing the prediction to determine whether the prediction is below or above a predetermined threshold, and generating results based on determining whether the prediction is below or above a predetermined threshold.
    Type: Application
    Filed: May 14, 2018
    Publication date: November 14, 2019
    Inventors: Michele Bezzi, Antonino Sabetta, Henrik Plate, Serena Ponta
  • Patent number: 10474456
    Abstract: Systems and methods are provided for accessing a source code repository comprising a plurality of versions of code, analyzing the plurality of versions of code of the component to compute metrics to identify each version of code, analyzing the metrics to determine a subset of the metrics to use to as a fingerprint definition to identify each version of the code, generating a fingerprint for each version of code using the fingerprint definition, generating a fingerprint matrix with the fingerprint for each version of code for the software component and storing the fingerprint definition and the fingerprint matrix
    Type: Grant
    Filed: May 17, 2019
    Date of Patent: November 12, 2019
    Assignee: SAP SE
    Inventors: Michele Bezzi, Antonino Sabetta, Henrik Plate, Serena Ponta, Francesco Di Cerbo
  • Publication number: 20190272170
    Abstract: Systems and methods are provided for accessing a source code repository comprising a plurality of versions of code, analyzing the plurality of versions of code of the component to compute metrics to identify each version of code, analyzing the metrics to determine a subset of the metrics to use to as a fingerprint definition to identify each version of the code, generating a fingerprint for each version of code using the fingerprint definition, generating a fingerprint matrix with the fingerprint for each version of code for the software component and storing the fingerprint definition and the fingerprint matrix
    Type: Application
    Filed: May 17, 2019
    Publication date: September 5, 2019
    Inventors: Michele Bezzi, Antonino Sabetta, Henrik Plate, Serena Ponta, Francesco Di Cerbo
  • Patent number: 10360271
    Abstract: Embodiments provide systems and methods configured to mine information available from informal sources (e.g., social media, blogs, and forums) regarding security vulnerabilities. Particular embodiments may comprise engine(s) of a backend in communication with a user through an interface of a frontend, and also in communication with an underlying database to store security information and related information (e.g. search parameters). Embodiments may allow creation of user-specific search phrases for searching information in one or more informal social media information sources. Search results may be consolidated, and users such as system administrators quickly alerted to possible security issues. Embodiments may refine data mining over time by tracking the reputation (e.g. for data accuracy, freshness) of various sources. Embodiments may also reference formal official and third party sources of security information.
    Type: Grant
    Filed: February 25, 2014
    Date of Patent: July 23, 2019
    Assignee: SAP SE
    Inventors: Slim Trabelsi, Henrik Plate, Gilles Montagnon, Elton Mathias
  • Patent number: 10338916
    Abstract: Systems and methods are provided for accessing a source code repository comprising a plurality of versions of code, analyzing the plurality of versions of code of the component to compute metrics to identify each version of code, analyzing the metrics to determine a subset of the metrics to use to as a fingerprint definition to identify each version of the code, generating a fingerprint for each version of code using the fingerprint definition, generating a fingerprint matrix with the fingerprint for each version of code for the software component and storing the fingerprint definition and the fingerprint matrix.
    Type: Grant
    Filed: December 7, 2016
    Date of Patent: July 2, 2019
    Assignee: SAP SE
    Inventors: Michele Bezzi, Antonino Sabetta, Henrik Plate, Serena Ponta, Francesco Di Cerbo
  • Publication number: 20180157486
    Abstract: Systems and methods are provided for accessing a source code repository comprising a plurality of versions of code, analyzing the plurality of versions of code of the component to compute metrics to identify each version of code, analyzing the metrics to determine a subset of the metrics to use to as a fingerprint definition to identify each version of the code, generating a fingerprint for each version of code using the fingerprint definition, generating a fingerprint matrix with the fingerprint for each version of code for the software component and storing the fingerprint definition and the fingerprint matrix
    Type: Application
    Filed: December 7, 2016
    Publication date: June 7, 2018
    Inventors: Michele Bezzi, Antonino Sabetta, Henrik Plate, Serena Ponta, Francesco Di Cerbo
  • Patent number: 9959111
    Abstract: Various embodiments of systems, computer program products, and methods for prioritizing software patches are described herein. In an aspect, the software patches are retrieved by querying software repositories. Further, code changes associated with the software patches are determined. One or more instances of bug fix patterns are identified in determined code changes. The software patches are classified based on the identified bug fix patterns. Priorities of the software patches corresponding to the identified instances of the bug fix patterns are determined based on the classification and a pre-defined policy. Upon determining priorities, the software patches are installed based on the priorities.
    Type: Grant
    Filed: July 11, 2016
    Date of Patent: May 1, 2018
    Assignee: SAP SE
    Inventors: Henrik Plate, Serena Ponta, Antonino Sabetta
  • Patent number: 9880832
    Abstract: Automated systems and methods for assessing the urgency of installing a patch for a component of a software application are described. The systems and methods involve identifying a set of defective programming constructs of the component that are altered by the patch, collecting execution traces of programming constructs of the software application and programming constructs of the component in a context of application use, and evaluating the execution traces to determine whether one or more defective programming constructs of the component are invoked in the context of application use.
    Type: Grant
    Filed: March 6, 2015
    Date of Patent: January 30, 2018
    Assignee: SAP SE
    Inventors: Henrik Plate, Serena Ponta, Antonino Sabetta
  • Publication number: 20180011700
    Abstract: Various embodiments of systems, computer program products, and methods for prioritizing software patches are described herein. In an aspect, the software patches are retrieved by querying software repositories. Further, code changes associated with the software patches are determined. One or more instances of bug fix patterns are identified in determined code changes. The software patches are classified based on the identified bug fix patterns. Priorities of the software patches corresponding to the identified instances of the bug fix patterns are determined based on the classification and a pre-defined policy. Upon determining priorities, the software patches are installed based on the priorities.
    Type: Application
    Filed: July 11, 2016
    Publication date: January 11, 2018
    Inventors: HENRIK PLATE, Serena Ponta, Antonino Sabetta
  • Patent number: 9792200
    Abstract: Implementations are directed to enhancing assessment of one or more known vulnerabilities inside one or more third-party libraries used within an application program that interacts with the one or more third-party libraries. In some examples, actions include receiving a complete call graph that is provided by static source code analysis (SSCA) of the application program and any third-party libraries used by the application, receiving one or more stack traces that are provided based on dynamic source code analysis (DSCA) during execution of the application program, processing the complete call graph, the one or more stack traces, and vulnerable function data to provide one or more combined call graphs, the vulnerable function data identifying one or more vulnerable functions included in the one or more third-party libraries, each combined call graph being specific to a respective vulnerable function, and providing a graphical representation of each combined call graph.
    Type: Grant
    Filed: March 1, 2016
    Date of Patent: October 17, 2017
    Assignee: SAP SE
    Inventors: Henrik Plate, Serena Ponta, Antonino Sabetta
  • Publication number: 20170255544
    Abstract: Implementations are directed to enhancing assessment of one or more known vulnerabilities inside one or more third-party libraries used within an application program that interacts with the one or more third-party libraries. In some examples, actions include receiving a complete call graph that is provided by static source code analysis (SSCA) of the application program and any third-party libraries used by the application, receiving one or more stack traces that are provided based on dynamic source code analysis (DSCA) during execution of the application program, processing the complete call graph, the one or more stack traces, and vulnerable function data to provide one or more combined call graphs, the vulnerable function data identifying one or more vulnerable functions included in the one or more third-party libraries, each combined call graph being specific to a respective vulnerable function, and providing a graphical representation of each combined call graph.
    Type: Application
    Filed: March 1, 2016
    Publication date: September 7, 2017
    Applicant: SAP SE
    Inventors: Henrik Plate, Serena Ponta, Antonino Sabetta