Browse Prior Art Database

WorldWide Security Advisory Collection and Distribution Process

IP.com Disclosure Number: IPCOM000051262D
Original Publication Date: 2005-Feb-10
Included in the Prior Art Database: 2005-Feb-10
Document File: 2 page(s) / 33K

Publishing Venue

IBM

Abstract

A method to classify security advisories into two categories (security advisory or non-security advisory), without human intervention, using a bayesian spam filter.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 2

WorldWide Security Advisory Collection and Distribution Process

Disclosed is a method for automatically detecting a security advisory, from a list of possible security advisories, using a Bayesian filter. Bayesian filters are traditionally used to filter unwanted email, or spam. In this idea, however, Bayesian filters are used to classify email into one of two categories: security advisory or non-security advisory.

Vendor security advisories ('advisories') are used to inform users that a security vulnerability has been discovered within a particular vendor's product. The security advisory will provide a fix or workaround for the problem specified. An example security advisory may read something like this:

"Joe Smith has been credited with discovering a security vulnerability in Company XYZ's product. Company XYZ has taken steps to correct this vulnerability by releasing the following patch and/or workaround."

A process has been developed to redistribute security advisories and track them to completion, based on security policy. According to security policy, a system administrator is responsible for complying with the advisory patch or workaround outlined within the security advisory. Depending on the severity of the advisory (high, medium, or low threat), timelines are implemented for which the system administrator must comply with the patch or workaround.

An 'Advisory Team' is responsible for harvesting security advisories and distributing them to the proper individuals. Advisories are harvested from multiple sources, the most prevalent being vendor security advisory email list. Essentially, the Advisory Team subscribes to vendor security advisory lists and redistributes the advisories to individuals intending to comply with the corporate security policy.

Within this 'advisory process' (see fig. 1), a unique implementation of a Bayesian filter is used. Traditionally, a Bayesian filter is used to classify email as spam email or non-spam. In...