Patents by Inventor Jeffrey C. Turnham
Jeffrey C. Turnham has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11574063Abstract: Embodiments include method, systems and computer program products for automatic detection of an incomplete static analysis security assessment. In some embodiments, a method includes obtaining component versioning data associated with a build of an application. The method further includes determining, using the component versioning data associated with the build of the application, that a static analysis security assessment configuration of the application is incomplete. The method further includes, responsive to determining that the static analysis security assessment configuration of the application is incomplete, generating metadata indicating that at least a portion of the build of the application has been changed from a previous build of the application.Type: GrantFiled: February 15, 2022Date of Patent: February 7, 2023Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Michael Hanner, Paul Ionescu, Iosif V. Onut, Jeffrey C. Turnham
-
Publication number: 20220171862Abstract: Embodiments include method, systems and computer program products for automatic detection of an incomplete static analysis security assessment. In some embodiments, a method includes obtaining component versioning data associated with a build of an application. The method further includes determining, using the component versioning data associated with the build of the application, that a static analysis security assessment configuration of the application is incomplete. The method further includes, responsive to determining that the static analysis security assessment configuration of the application is incomplete, generating metadata indicating that at least a portion of the build of the application has been changed from a previous build of the application.Type: ApplicationFiled: February 15, 2022Publication date: June 2, 2022Inventors: Michael Hanner, Paul Ionescu, Iosif V. Onut, Jeffrey C. Turnham
-
Patent number: 11288375Abstract: Embodiments include method, systems and computer program products for automatic detection of an incomplete static analysis security assessment. In some embodiments, a method includes obtaining component versioning data associated with a build of an application. The method further includes determining, using the component versioning data associated with the build of the application, that a static analysis security assessment configuration of the application is incomplete. The method further includes, responsive to determining that the static analysis security assessment configuration of the application is incomplete, generating metadata indicating that at least a portion of the build of the application has been changed from a previous build of the application.Type: GrantFiled: November 10, 2017Date of Patent: March 29, 2022Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Michael Hanner, Paul Ionescu, Iosif V. Onut, Jeffrey C. Turnham
-
Patent number: 10614218Abstract: A computer-implemented method for security scanning application code includes executing, via a processor, a full scan of the application code and generating a program intermediate representation (IR) and a list of security findings determined by the full scan. The processor executes an incremental scan of the application code after at least one change to the application code, and identifies at least one changed file in the application code. The processor then generates an incremental intermediate representation (IR) based at least in part on the at least one changed file. The processor merges the saved scan state and the incremental IR, produces a merged scan state, and outputs security findings based at least in part on the merged scan state and the incremental IR.Type: GrantFiled: April 11, 2017Date of Patent: April 7, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John T. Peyton, Jr., Babita Sharma, Jason N. Todd, Jeffrey C. Turnham, Mathieu Merineau, Ettore Merlo
-
Patent number: 10614226Abstract: A method, system and computer-usable medium for generating a security analysis effort, cost and process scope estimates, comprising: analyzing a software system; identifying a complexity level of a security analysis, the complexity level of the security analysis comprising identification of an effort level for the security analysis; and, generating the security analysis effort estimate, the security analysis effort estimate comprising an estimate of an effort expenditure to perform a security analysis on the software system at the identified complexity level.Type: GrantFiled: August 30, 2018Date of Patent: April 7, 2020Assignee: International Business Machines CorporationInventors: Rhonda L. Childress, Sharon Hagi, Jeffrey C. Turnham
-
Publication number: 20180373880Abstract: A method, system and computer-usable medium for generating a security analysis effort, cost and process scope estimates, comprising: analyzing a software system; identifying a complexity level of a security analysis, the complexity level of the security analysis comprising identification of an effort level for the security analysis; and, generating the security analysis effort estimate, the security analysis effort estimate comprising an estimate of an effort expenditure to perform a security analysis on the software system at the identified complexity level.Type: ApplicationFiled: August 30, 2018Publication date: December 27, 2018Inventors: Rhonda L. Childress, Sharon Hagi, Jeffrey C. Turnham
-
Patent number: 10095869Abstract: A method, system and computer-usable medium for generating a security analysis effort, cost and process scope estimates, comprising: analyzing a software system; identifying a complexity level of a security analysis, the complexity level of the security analysis comprising identification of an effort level for the security analysis; and, generating the security analysis effort estimate, the security analysis effort estimate comprising an estimate of an effort expenditure to perform a security analysis on the software system at the identified complexity level.Type: GrantFiled: September 24, 2015Date of Patent: October 9, 2018Assignee: International Business Machines CorporationInventors: Rhonda L. Childress, Sharon Hagi, Jeffrey C. Turnham
-
Publication number: 20180285572Abstract: Embodiments include method, systems and computer program products for automatic detection of an incomplete static analysis security assessment. In some embodiments, a method includes obtaining component versioning data associated with a build of an application. The method further includes determining, using the component versioning data associated with the build of the application, that a static analysis security assessment configuration of the application is incomplete. The method further includes, responsive to determining that the static analysis security assessment configuration of the application is incomplete, generating metadata indicating that at least a portion of the build of the application has been changed from a previous build of the application.Type: ApplicationFiled: November 10, 2017Publication date: October 4, 2018Inventors: Michael Hanner, Paul Ionescu, Iosif V. Onut, Jeffrey C. Turnham
-
Publication number: 20180285571Abstract: Embodiments include method, systems and computer program products for automatic detection of an incomplete static analysis security assessment. In some embodiments, a method includes obtaining component versioning data associated with a build of an application. The method further includes determining, using the component versioning data associated with the build of the application, that a static analysis security assessment configuration of the application is incomplete. The method further includes, responsive to determining that the static analysis security assessment configuration of the application is incomplete, generating metadata indicating that at least a portion of the build of the application has been changed from a previous build of the application.Type: ApplicationFiled: March 28, 2017Publication date: October 4, 2018Inventors: Michael Hanner, Paul Ionescu, Iosif V. Onut, Jeffrey C. Turnham
-
Publication number: 20180137279Abstract: A computer-implemented method for security scanning application code includes executing, via a processor, a full scan of the application code and generating a program intermediate representation (IR) and a list of security findings determined by the full scan. The processor executes an incremental scan of the application code after at least one change to the application code, and identifies at least one changed file in the application code. The processor then generates an incremental intermediate representation (IR) based at least in part on the at least one changed file. The processor merges the saved scan state and the incremental IR, produces a merged scan state, and outputs security findings based at least in part on the merged scan state and the incremental IR.Type: ApplicationFiled: April 11, 2017Publication date: May 17, 2018Inventors: John T. Peyton, Jr., Babita Sharma, Jason N. Todd, Jeffrey C. Turnham, Mathieu Merineau, Ettore Merlo
-
Publication number: 20170091459Abstract: A method, system and computer-usable medium for generating a security analysis effort, cost and process scope estimates, comprising: analyzing a software system; identifying a complexity level of a security analysis, the complexity level of the security analysis comprising identification of an effort level for the security analysis; and, generating the security analysis effort estimate, the security analysis effort estimate comprising an estimate of an effort expenditure to perform a security analysis on the software system at the identified complexity level.Type: ApplicationFiled: September 24, 2015Publication date: March 30, 2017Inventors: Rhonda L. Childress, Sharon Hagi, Jeffrey C. Turnham
-
Publication number: 20090254888Abstract: Embodiments of the present invention address deficiencies of the art in respect to source code debugging and provide a method, system and computer program product for debug tours for debugging source code. In an embodiment of the invention, a debugger data processing system can be provided. The system can include a debugger executing in a host computing platform, and a debug tour manager coupled to the debugger. The debug tour manager can include program code enabled to load a debug tour of an ordered set of breakpoints established during a prior debugging session of source code, to apply the breakpoints in the debug tour to separately loaded source code, and to execute the source code and to invoke the applied breakpoints in an order prescribed by the ordered set within the debugger.Type: ApplicationFiled: April 7, 2008Publication date: October 8, 2009Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Peter A. Nicholls, Jeremiah S. Swan, Jeffrey C. Turnham
-
Patent number: 7240072Abstract: A dynamic generic framework for distributed tooling comprising a system for creating, storing and manipulating objects, which includes a datastore, a user interface and tools. In a distributed or client-server environment, a virtual datastore is created on the client, through which updates to the user interface and commands to the tools are routed. Commands and updates are transmitted asynchronously through handlers. The objects in the datastore are all of the same kind and have a predetermined generic or uniform attribute set. The schema is comprised of schema objects in the datastore which schema objects are dynamically created by the tools. The user interface perceives and comprehends the schema and utilizes the schema to identify and display objects in the datastore, the relationships therebetween, and the commands that can be executed thereon.Type: GrantFiled: April 29, 2002Date of Patent: July 3, 2007Assignee: International Business Machines CorporationInventors: David K. McKnight, Robert S. Cecco, Jeffrey C. Turnham
-
Patent number: 7143345Abstract: A system and method for parsing source code written in a high-level programming language at multiple levels may be performed to populate a tree data structure. To obtain information at lower levels, higher levels are parsed. Each level of parsing is performed as a separate stage with the results of higher levels being used to feed parsing at lower levels. The system and method of the present invention provide for parsing at a requested level, not parsing to a lower level than requested.Type: GrantFiled: October 31, 2002Date of Patent: November 28, 2006Assignee: International Business Machines CorporationInventors: David K. McKnight, Jeffrey C. Turnham
-
Publication number: 20040227759Abstract: Plotting numerical data is provided. A root object is selected and a user is presented with at least one filter for selection, where each filter describes at least one of a type of objects and a type of relationships between objects, each type of objects and each type of relationships between objects being defined by a schema. A set of objects is selected based on user-selected filters. Each object of the set is related to the root object either directly, or through a chain of intermediate objects, where each chain of intermediate objects has the same length and all objects at a given level of each chain have a relationship with a parent object which is identical. Each object of the set also contains numerical data having a format suitable for a mathematical analysis. The mathematical analysis of the numerical data is arranged and a result of which is plotted in a graph.Type: ApplicationFiled: December 10, 2003Publication date: November 18, 2004Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: David K. McKnight, Jeffrey C. Turnham
-
Publication number: 20040088651Abstract: A system and method for parsing source code written in a high-level programming language at multiple levels may be performed to populate a tree data structure. To obtain information at lower levels, higher levels are be parsed. Each level of parsing is performed as a separate stage with the results of higher levels being used to feed parsing at lower levels. The system and method of the present invention provide for parsing at a requested level, not parsing to a lower level than requested.Type: ApplicationFiled: October 31, 2002Publication date: May 6, 2004Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: David K. McKnight, Jeffrey C. Turnham
-
Publication number: 20030097369Abstract: A dynamic generic framework for distributed tooling comprising a system for creating, storing and manipulating objects, which includes a datastore, a user interface and tools. In a distributed or client-server environment, a virtual datastore is created on the client, through which updates to the user interface and commands to the tools are routed. Commands and updates are transmitted asynchronously through handlers. The objects in the datastore are all of the same kind and have a predetermined generic or uniform attribute set. The schema is comprised of schema objects in the datastore which schema objects are dynamically created by the tools. The user interface perceives and comprehends the schema and utilizes the schema to identify and display objects in the datastore, the relationships therebetween, and the commands that can be executed thereon.Type: ApplicationFiled: April 29, 2002Publication date: May 22, 2003Applicant: International Business Machines CorporationInventors: David K. McKnight, Robert S. Cecco, Jeffrey C. Turnham