Abstract: Examples provide a single-command menu option for initiating security scanning of source code without user interaction with the security scan component performing the security scan. The single-command menu option can include a single-click menu option in a graphical user interface, a command-line utility or a web interface for performing web service calls to the security scanning service(s). A user selects source code for scanning. A zip file is created for the selected source code. The zip file is placed in a target directory or scan queue for upload to the security scan component. A user ID appended to the source code is utilized to return a summary report of the scan results to the user without user credentials or login to the system.

Abstract: Systems and methods for preventing vulnerable software assets from being deployed by modifying the underlying source code in such a way that a build of the software asset will fail. In one aspect of the present disclosure, a system for securing software artifacts in a repository comprises a repository interface communicably coupleable to a software repository to retrieve an original artifact usable for building a software asset, and to replace the original artifact in the software repository with a modified artifact. A security scanner is configured to initiate a security scan of the original artifact and produce an output indicating the presence of a security vulnerability in the original artifact. An encoder is configured to reversibly modify the original artifact to produce the modified artifact, the modified artifact unusable for building the software asset.

Abstract: Examples provide a system for managing access-restricted partial cryptographic keys for encrypting and decrypting data. In some examples, a slot server generates and stores a first partial key. The first partial key is access-restricted based on access control data. A slot value mapped to the storage location is returned to the client by the slot server. The client generates a second partial key which is stored at the client device with the slot value. To obtain the first partial key, the client sends a request to the slot server, including the slot value. The requesting client is validated using access control data. If the request comes from a validated client, the slot server provides the first partial key to the client. The first partial key and the second partial key are combinable to generate a composite key for encrypting and decrypting data.

Abstract: Systems and methods are disclosed for managing access to vulnerability data in large scale operations, such as by synchronizing access to vulnerability data for active developers who have recently modified source code. For example, source vulnerability scanner (SVS) access may be granted to source code developers identified in a source control management system (SCM) as having made modifications within some recent timeframe, and may further revoke access for stale user accounts. This efficiently implements the information security principle of least privilege, and may easily scale to operations involving hundreds or thousands of active developers and asset owners, and tens of thousands of network assets ? and even larger operations.

Abstract: Examples provide a system for managing access-restricted partial cryptographic keys for encrypting and decrypting data. In some examples, a slot server generates and stores a first partial key. The first partial key is access-restricted based on access control data. A slot value mapped to the storage location is returned to the client by the slot server. The client generates a second partial key which is stored at the client device with the slot value. To obtain the first partial key, the client sends a request to the slot server, including the slot value. The requesting client is validated using access control data. If the request comes from a validated client, the slot server provides the first partial key to the client. The first partial key and the second partial key are combinable to generate a composite key for encrypting and decrypting data.

Abstract: A specialized computer file system for self-managing data storage resources provided as a service to remotely executed applications. The system includes a data storage device configured to store a plurality of data files in a non-relational data store. A storage server is configured to upload a data file to the data storage device to be stored with the plurality of data files. The storage server generate a file link associated with the data file. The storage server transmit the file link to the client application, wherein the client application transmits the file link to an end user. A maintenance server is configured to execute an erase operation to autonomously erase the at least one data file from the data storage device after the data file has been stored in the data storage device for a specified duration of time.

Abstract: Systems and methods for preventing vulnerable software assets from being deployed by modifying the underlying source code in such a way that a build of the software asset will fail. In one aspect of the present disclosure, a system for securing software artifacts in a repository comprises a repository interface communicably coupleable to a software repository to retrieve an original artifact usable for building a software asset, and to replace the original artifact in the software repository with a modified artifact. A security scanner is configured to initiate a security scan of the original artifact and produce an output indicating the presence of a security vulnerability in the original artifact. An encoder is configured to reversibly modify the original artifact to produce the modified artifact, the modified artifact unusable for building the software asset.

Abstract: Examples provide database access restrictions by an access manager component using predefined set of allowed IP addresses on a per-table, per-column, per-row and/or per-cell level. The access manager component permits a user to define a set of allowed IP addresses and/or a range of allowed IP addresses for connecting to a database and/or accessing data within a database. The access manager component applies table-level restrictions, column-level restrictions, row-level restrictions and/or cell-level restrictions to grant or deny read and write access to data within the database based on the IP address of the device attempting to access the data.

Abstract: Examples provide a single-command menu option for initiating security scanning of source code without user interaction with the security scan component performing the security scan. The single-command menu option can include a single-click menu option in a graphical user interface, a command-line utility or a web interface for performing web service calls to the security scanning service(s). A user selects source code for scanning. A zip file is created for the selected source code. The zip file is placed in a target directory or scan queue for upload to the security scan component. A user ID appended to the source code is utilized to return a summary report of the scan results to the user without user credentials or login to the system.

Abstract: Systems and methods are disclosed for managing access to vulnerability data in large scale operations, such as by synchronizing access to vulnerability data for active developers who have recently modified source code. For example, source vulnerability scanner (SVS) access may be granted to source code developers identified in a source control management system (SCM) as having made modifications within some recent timeframe, and may further revoke access for stale user accounts. This efficiently implements the information security principle of least privilege, and may easily scale to operations involving hundreds or thousands of active developers and asset owners, and tens of thousands of network assets ? and even larger operations.

Abstract: A package management system for binary files that include executable instructions (such as executable files, statically linked libraries, and dynamically linked libraries). The system comprises a packager configured to identify a plurality of build artifacts used to create an original binary file, and create and store an augmented binary file comprising the plurality of build artifacts appended to the original binary file, such that the augmented binary file has the same functionality when executed as the original binary file. The system can further include an extractor configured to receive the augmented binary file and produce an output comprising the plurality of build artifacts from the augmented binary file.

Abstract: A specialized computer file system for self-managing data storage resources provided as a service to remotely executed applications. The system includes a data storage device configured to store a plurality of data files in a non-relational data store. A storage server is configured to upload a data file to the data storage device to be stored with the plurality of data files. The storage server generate a file link associated with the data file. The storage server transmit the file link to the client application, wherein the client application transmits the file link to an end user. A maintenance server is configured to execute an erase operation to autonomously erase the at least one data file from the data storage device after the data file has been stored in the data storage device for a specified duration of time.

Abstract: A speech processing method can automatically and dynamically adjust speech grammar weights at runtime based upon usage data. Each of the speech grammar weights can be associated with an available speech command contained within a speech grammar to which the speech grammar weights apply. The usage data can indicate a relative frequency with which each of the available speech commands is utilized.

Abstract: A method of selectively pasting attributes of files can include, responsive to a user input, storing each selected file and at least one attribute associated with each selected file. Responsive to a subsequent input, a target object can be identified and either the attribute associated with each selected file can be inserted into the target object or a copy of each selected file can be created within the target object according to whether the target object supports file object types.

Abstract: A method for producing speech output can include the step of selecting a TTS output device from a plurality of available output devices. The selected output device can be associated with outputting content of an application responsive to a print command. According to the method, the print command can be detected, which results in the content of the application being conveyed to the selected TTS output device. The TTS output device can be associated with at least one text-to-speech engine. Upon content conveyance to the TTS output device, at least a portion of the content can be automatically converted using the text-to-speech engine. The speech converted content can be outputted.