Abstract: This invention discloses systems and methods for detecting vulnerabilities in IT assets by utilizing crowdsourcing techniques. A corpus containing vulnerability data of IT assets with known vulnerabilities is established. Vulnerability data in the corpus comprises security aspects or attributes related to the IT assets. The security aspects of an IT asset constitute its attack surface which is represented as a feature vector in a feature space. A determination is made as to how similar/close a target asset whose unknown vulnerabilities are to be detected, is to the rest of the IT assets in the corpus. This determination is made based on a measure of similarity/distance between the respective feature vectors in the feature space. Based on the review of similarity results by a community of researchers/experts, a determination of unknown vulnerabilities in the target system is made.

Abstract: This invention discloses systems and methods for detecting vulnerabilities in IT assets by utilizing crowdsourcing techniques. A corpus containing vulnerability data of IT assets with known vulnerabilities is established. Vulnerability data in the corpus comprises security aspects or attributes related to the IT assets. The security aspects of an IT asset constitute its attack surface which is represented as a feature vector in a feature space. A determination is made as to how similar/close a target asset whose unknown vulnerabilities are to be detected, is to the rest of the IT assets in the corpus. This determination is made based on a measure of similarity/distance between the respective feature vectors in the feature space. Based on the review of similarity results by a community of researchers/experts, a determination of unknown vulnerabilities in the target system is made.

Abstract: This invention discloses systems and methods for detecting vulnerabilities in IT assets by utilizing crowdsourcing techniques. A corpus containing vulnerability data of IT assets with known vulnerabilities is established. Vulnerability data in the corpus comprises security aspects or attributes related to the IT assets. The security aspects of an IT asset constitute its attack surface which is represented as a feature vector in a feature space. A determination is made as to how similar/close a target asset whose unknown vulnerabilities are to be detected, is to the rest of the IT assets in the corpus. This determination is made based on a measure of similarity/distance between the respective feature vectors in the feature space. Based on the review of similarity results by a community of researchers/experts, a determination of unknown vulnerabilities in the target system is made.