Abstract: A technique for network attack tainting and tracking includes monitoring data packets received from a network for a malicious request. Responsive to detecting a malicious request, a forensic token is created having information pertaining to the malicious request that is configured to be stored by a source of the malicious request and discoverable regarding involvement of the source in the malicious request. The forensic token is injected into a response message, and the response message is then transmitted to the source of the request as a response to the request.

Abstract: A technique for secure data storage and access during transition operations includes retrieving an encrypted instance of a data object from a data store. The retrieved encrypted instance of the data object is stored in a cryptcache. The encrypted instance in the cryptcache is decrypted to a cleartext instance of the data object and stored as the cleartext instance of the data object in a clearcache. The clearcache instance of the data object is secured by controlling an access window defining an amount of time the cleartext instance of the data object is accessible in the clearcache.

Abstract: A method for analyzing past user sessions for malicious intent. A security incident is detected by a computer system. Responsive to detecting the security incident, a forensic investigation is triggered by the computer system using a set of security rules for detecting website vulnerability in which the set of security rules is applied to a set of past user sessions, wherein the set of security rules is for a dynamic analysis product.

Abstract: A technique for network attack tainting and tracking includes monitoring data packets received from a network for a malicious request. Responsive to detecting a malicious request, a forensic token is created having information pertaining to the malicious request that is configured to be stored by a source of the malicious request and discoverable regarding involvement of the source in the malicious request. The forensic token is injected into a response message, and the response message is then transmitted to the source of the request as a response to the request.

Abstract: A technique for network attack tainting and tracking includes monitoring data packets received from a network for a malicious request. Responsive to detecting a malicious request, a payload is created that is digitally signed. The digitally signed payload is encrypted and injected into a response message, and the response message is then transmitted to a source of the request as a response to the request.

Abstract: A method and system are provided that, in turn, provide a secure policy audit in a shared enforcement environment. The method includes providing an auditing component in a software defined network. The method further includes receiving, by the auditing component, a first auditing event from a first component in the software defined network and a related auditing event from a second component in the software defined network. The method also includes analyzing, by the auditing component, the first auditing event and the related auditing event against an enforcement of an access policy criteria for the software defined network. The access policy criteria requires auditing events from at least two enforcement points in the software defined network. The first and second component form the at least two enforcement points. The method additionally includes determining, by the auditing component, one of a compliance and a non-compliance with the access policy criteria.

Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.

Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.

Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.

Abstract: A technique for network attack tainting and tracking includes monitoring data packets received from a network for a malicious request. Responsive to detecting a malicious request, a payload is created that is digitally signed. The digitally signed payload is encrypted and injected into a response message, and the response message is then transmitted to a source of the request as a response to the request.

Abstract: A technique for secure data storage and access during transition operations includes retrieving an encrypted instance of a data object from a data store. The retrieved encrypted instance of the data object is stored in a cryptcache. The encrypted instance in the cryptcache is decrypted to a cleartext instance of the data object and stored as the cleartext instance of the data object in a clearcache. The clearcache instance of the data object is secured by controlling an access window defining an amount of time the cleartext instance of the data object is accessible in the clearcache.

Abstract: A method for analyzing past user sessions for malicious intent. A security incident is detected by a computer system. Responsive to detecting the security incident, a forensic investigation is triggered by the computer system using a set of security rules for detecting website vulnerability in which the set of security rules is applied to a set of past user sessions, wherein the set of security rules is for a dynamic analysis product.

Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.

Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.

Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.

Abstract: Mechanisms are provided for correlating security vulnerability detection across multiple applications. The mechanisms perform a security vulnerability analysis of first source code of a first application, and identify, based on results of the security vulnerability analysis, a security vulnerability in a first portion of the first source code. The mechanisms associate characteristics of the security vulnerability with the first portion, and correlate the characteristics of the security vulnerability with second source code of a second application based on the association of the characteristics of the security vulnerability with the first portion. In addition, the mechanisms generate an output to a computing device of a consumer or contributor associated with the second source code identifying a presence of the security vulnerability in the second source code based on the correlation.

Abstract: A computer-implemented method improves a computer system's security. A description of real-time trends, for multiple computer security issues from a third party resource is associated with multiple security routines for a computer system. The multiple security routines are sorted according to the real-time trends, such that the sorting establishes an order of priority for running each of the multiple security routines based on the real-time trends. A percentage of sorted security routines to execute on the computer system is executed in their order of priority to identify one or more computer security issues for the computer system. One or more processors then execute a resolution program to resolve the one or more computer security issues that are identified for the computer system.

Abstract: A method and system are provided that, in turn, provide a secure policy audit in a shared enforcement environment. The method includes providing an auditing component in a software defined network. The method further includes receiving, by the auditing component, a first auditing event from a first component in the software defined network and a related auditing event from a second component in the software defined network. The method also includes analyzing, by the auditing component, the first auditing event and the related auditing event against an enforcement of an access policy criteria for the software defined network. The access policy criteria requires auditing events from at least two enforcement points in the software defined network. The first and second component form the at least two enforcement points. The method additionally includes determining, by the auditing component, one of a compliance and a non-compliance with the access policy criteria.

Abstract: A method and system are provided that, in turn, provide a secure policy audit in a shared enforcement environment. The method includes providing an auditing component in a software defined network. The method further includes receiving, by the auditing component, a first auditing event from a first component in the software defined network and a related auditing event from a second component in the software defined network. The method also includes analyzing, by the auditing component, the first auditing event and the related auditing event against an enforcement of an access policy criteria for the software defined network. The access policy criteria requires auditing events from at least two enforcement points in the software defined network. The first and second component form the at least two enforcement points. The method additionally includes determining, by the auditing component, one of a compliance and a non-compliance with the access policy criteria.

Abstract: A computer-implemented method improves a computer system's security. A description of real-time trends, for multiple computer security issues from a third party resource is associated with multiple security routines for a computer system. The multiple security routines are sorted according to the real-time trends, such that the sorting establishes an order of priority for running each of the multiple security routines based on the real-time trends. A percentage of sorted security routines to execute on the computer system is executed in their order of priority to identify one or more computer security issues for the computer system. One or more processors then execute a resolution program to resolve the one or more computer security issues that are identified for the computer system.