Patents by Inventor John T. Peyton, Jr.
John T. Peyton, Jr. has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11544384Abstract: A computer-implemented method includes obtaining, by a processor, existing security information for static application security testing (SAST). The method also includes using, by the processor, the existing security information to discover, by a machine capable of learning, new security information. The method also includes improving, by the processor, security of a computer using the new security information.Type: GrantFiled: April 12, 2019Date of Patent: January 3, 2023Assignee: International Business Machines CorporationInventors: Kristofer A. Duer, John T. Peyton, Jr., Babita Sharma, David E. Stewart, Jason N. Todd, Shu Wang
-
Patent number: 10614218Abstract: A computer-implemented method for security scanning application code includes executing, via a processor, a full scan of the application code and generating a program intermediate representation (IR) and a list of security findings determined by the full scan. The processor executes an incremental scan of the application code after at least one change to the application code, and identifies at least one changed file in the application code. The processor then generates an incremental intermediate representation (IR) based at least in part on the at least one changed file. The processor merges the saved scan state and the incremental IR, produces a merged scan state, and outputs security findings based at least in part on the merged scan state and the incremental IR.Type: GrantFiled: April 11, 2017Date of Patent: April 7, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: John T. Peyton, Jr., Babita Sharma, Jason N. Todd, Jeffrey C. Turnham, Mathieu Merineau, Ettore Merlo
-
Publication number: 20190236483Abstract: A computer-implemented method includes obtaining, by a processor, existing security information for static application security testing (SAST). The method also includes using, by the processor, the existing security information to discover, by a machine capable of learning, new security information. The method also includes improving, by the processor, security of a computer using the new security information.Type: ApplicationFiled: April 12, 2019Publication date: August 1, 2019Inventors: Kristofer A. Duer, John T. Peyton, JR., Babita Sharma, David E. Stewart, Jason N. Todd, Shu Wang
-
Patent number: 10339320Abstract: A computer-implemented method includes obtaining, by a processor, existing security information for static application security testing (SAST). The method also includes using, by the processor, the existing security information to discover, by a machine capable of learning, new security information. The method also includes improving, by the processor, security of a computer using the new security information.Type: GrantFiled: November 18, 2016Date of Patent: July 2, 2019Assignee: International Business Machines CorporationInventors: Kristofer A. Duer, John T. Peyton, Jr., Babita Sharma, David E. Stewart, Jason N. Todd, Shu Wang
-
Publication number: 20180144127Abstract: A computer-implemented method includes obtaining, by a processor, existing security information for static application security testing (SAST). The method also includes using, by the processor, the existing security information to discover, by a machine capable of learning, new security information. The method also includes improving, by the processor, security of a computer using the new security information.Type: ApplicationFiled: November 18, 2016Publication date: May 24, 2018Inventors: Kristofer A. Duer, John T. Peyton, JR., Babita Sharma, David E. Stewart, Jason N. Todd, Shu Wang
-
Publication number: 20180137279Abstract: A computer-implemented method for security scanning application code includes executing, via a processor, a full scan of the application code and generating a program intermediate representation (IR) and a list of security findings determined by the full scan. The processor executes an incremental scan of the application code after at least one change to the application code, and identifies at least one changed file in the application code. The processor then generates an incremental intermediate representation (IR) based at least in part on the at least one changed file. The processor merges the saved scan state and the incremental IR, produces a merged scan state, and outputs security findings based at least in part on the merged scan state and the incremental IR.Type: ApplicationFiled: April 11, 2017Publication date: May 17, 2018Inventors: John T. Peyton, Jr., Babita Sharma, Jason N. Todd, Jeffrey C. Turnham, Mathieu Merineau, Ettore Merlo
-
Patent number: 9749345Abstract: A computer-implemented method, computer program product, and computing system is provided for reporting security vulnerabilities. In an embodiment, a method may include receiving a set of potential security vulnerabilities associated with a program. The method may also include filtering the set of potential security vulnerabilities by eliminating one or more spurious security vulnerabilities to generate a set of likely security vulnerabilities. The method may further include consolidating the set of likely security vulnerabilities into one or more solution categories, each of the one or more solutions categories defining a solution for remedying each of the likely security vulnerabilities within the solution category.Type: GrantFiled: April 22, 2015Date of Patent: August 29, 2017Assignee: International Business Machines CorporationInventors: Kristofer A. Duer, Omer Tripp, Stephen D. Teilhet, John T. Peyton, Jr.
-
Publication number: 20160315961Abstract: A computer-implemented method, computer program product, and computing system is provided for reporting security vulnerabilities. In an embodiment, a method may include receiving a set of potential security vulnerabilities associated with a program. The method may also include filtering the set of potential security vulnerabilities by eliminating one or more spurious security vulnerabilities to generate a set of likely security vulnerabilities. The method may further include consolidating the set of likely security vulnerabilities into one or more solution categories, each of the one or more solutions categories defining a solution for remedying each of the likely security vulnerabilities within the solution category.Type: ApplicationFiled: April 22, 2015Publication date: October 27, 2016Inventors: Kristofer A. Duer, Omer Tripp, Stephen D. Teilhet, John T. Peyton, JR.
-
Patent number: 9160762Abstract: Verifying application security vulnerabilities includes receiving a source code to analyze, performing a static analysis using the received source code and generating a vulnerability call trace for the received source code. Responsive to a determination that all static analysis results are not validated, mock objects are generated using the vulnerability call trace and a unit test is created using the generated mock objects. The unit test is executed using the generated mock objects and responsive to a determination that an identified vulnerability was validated; a next static analysis result is selected. Responsive to a determination that all static analysis results are validated, results and computed unit tests are reported.Type: GrantFiled: December 18, 2014Date of Patent: October 13, 2015Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Nevon C. Brake, Paul Ionescu, Iosif Viorel Onut, John T. Peyton, Jr., Wayne Duncan Smith
-
Publication number: 20150156216Abstract: Verifying application security vulnerabilities includes receiving a source code to analyze, performing a static analysis using the received source code and generating a vulnerability call trace for the received source code. Responsive to a determination that all static analysis results are not validated, mock objects are generated using the vulnerability call trace and a unit test is created using the generated mock objects. The unit test is executed using the generated mock objects and responsive to a determination that an identified vulnerability was validated; a next static analysis result is selected. Responsive to a determination that all static analysis results are validated, results and computed unit tests are reported.Type: ApplicationFiled: December 18, 2014Publication date: June 4, 2015Inventors: Nevon C. Brake, Paul Ionescu, Iosif Viorel Onut, John T. Peyton, JR., Wayne Duncan Smith
-
Patent number: 8935794Abstract: Verifying application security vulnerabilities includes receiving a source code to analyze, performing a static analysis using the received source code and generating a vulnerability call trace for the received source code. Responsive to a determination that all static analysis results are not validated, mock objects are generated using the vulnerability call trace and a unit test is created using the generated mock objects. The unit test is executed using the generated mock objects and responsive to a determination that an identified vulnerability was validated; a next static analysis result is selected. Responsive to a determination that all static analysis results are validated, results and computed unit tests are reported.Type: GrantFiled: May 7, 2013Date of Patent: January 13, 2015Assignee: International Business Machines CorporationInventors: Nevon C. Brake, Paul Ionescu, Iosif Viorel Onut, John T. Peyton, Jr., Wayne Duncan Smith
-
Publication number: 20130312102Abstract: Verifying application security vulnerabilities includes receiving a source code to analyze, performing a static analysis using the received source code and generating a vulnerability call trace for the received source code. Responsive to a determination that all static analysis results are not validated, mock objects are generated using the vulnerability call trace and a unit test is created using the generated mock objects. The unit test is executed using the generated mock objects and responsive to a determination that an identified vulnerability was validated; a next static analysis result is selected. Responsive to a determination that all static analysis results are validated, results and computed unit tests are reported.Type: ApplicationFiled: May 7, 2013Publication date: November 21, 2013Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Nevon C. Brake, Paul Ionescu, Iosif Viorel Onut, John T. Peyton, JR., Wayne Duncan Smith
-
Patent number: 8434070Abstract: Systems and methods are provided for creating a data structure associated with a software application that is based on at least one framework. According to the method, source code and at least one configuration file of the software application is analyzed by at least one framework-specific processor so as to determine entry point information indicating entry points in the source code, request attribute access information indicating where attributes attached to a request data structure are read and written, and forward information indicating forwards performed by the software application. A data structure for a static analysis engine is created based on this information. The data structure includes a list of synthetic methods that model framework-related behavior of the software application, and a list of entry points indicating the synthetic methods and/or application methods of the software application that can be invoked by the framework.Type: GrantFiled: October 26, 2010Date of Patent: April 30, 2013Assignee: International Business Machines CorporationInventors: Shay Artzi, Ryan Berg, John T. Peyton, Jr., Marco Pistoia, Manu Sridharan, Robert Wiener
-
Publication number: 20120102471Abstract: Systems and methods are provided for creating a data structure associated with a software application that is based on at least one framework. According to the method, source code and at least one configuration file of the software application is analyzed by at least one framework-specific processor so as to determine entry point information indicating entry points in the source code, request attribute access information indicating where attributes attached to a request data structure are read and written, and forward information indicating forwards performed by the software application. A data structure for a static analysis engine is created based on this information. The data structure includes a list of synthetic methods that model framework-related behavior of the software application, and a list of entry points indicating the synthetic methods and/or application methods of the software application that can be invoked by the framework.Type: ApplicationFiled: October 26, 2010Publication date: April 26, 2012Applicant: International Business Machines CorporationInventors: Shay ARTZI, Ryan BERG, John T. PEYTON, JR., Marco PISTOIA, Manu SRIDHARAN, Robert WIENER
-
Publication number: 20120102474Abstract: Systems and methods are provided for statically analyzing a software application that is based on at least one framework. According to the method, source code of the software application and a specification associated with the software application are analyzed. The specification includes a list of synthetic methods that model framework-related behavior of the software application, and a list of entry points indicating the synthetic methods and/or application methods of the software application that can be invoked by the framework. Based on the source code and the specification, intermediate representations for the source code and the synthetic methods are generated. Based on the intermediate representations and the specification, call graphs are generated to model which application methods of the software application invoke synthetic methods or other application methods of the software application.Type: ApplicationFiled: October 26, 2010Publication date: April 26, 2012Applicant: International Business Machines CorporationInventors: Shay Artzi, Ryan Berg, Yinnon A. Haviv, John T. Peyton, JR., Marco Pistoia, Manu Sridharan, Babita Sharma, Omri Weisman, Robert Wiener
-
Patent number: 5920723Abstract: A compiler method is adapted to be executed by a computer with limited memory, yet enables cross-CU optimization during the conversion of a source code listing to an object code listing. The compiler method includes the steps of: converting plural source code listings into plural CUs, each CU being an intermediate code representation; analyzing each CU and deriving a global CU table which includes a reference to each analyzed CU; a program symbol table which indicates in which CU each program routine is defined and/or referred to; and a global call graph which notes each routine in each CU, indicates references therebetween, and further indicates where the routine exists in the program symbol table. The method further derives a CU symbol table which includes information that includes a reference for each routine defined in a CU to the intermediate representation for that routine.Type: GrantFiled: February 5, 1997Date of Patent: July 6, 1999Assignee: Hewlett-Packard CompanyInventors: John T. Peyton, Jr., Stuart de Jong