Browse Prior Art Database

System and Method for Patch Application to Devices

IP.com Disclosure Number: IPCOM000240202D
Publication Date: 2015-Jan-12
Document File: 2 page(s) / 68K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed are a system and method to improve the efficiency and reduce costs associated with patch application to devices. The method and system identify similar vulnerabilities and patches, infer which servers have missing patches, and then recommend which patches need to be applied to which servers and whether any sets of patches can be applied together.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 62% of the total text.

Page 01 of 2

System and Method for Patch Application to Devices

When a vendor releases a new Patch, there is an effort in determining applicability of patches. Vendors use various methods to identify which products and which versions of the products are affected by the released patch . Most Information Technology (IT) organizations do not have an inventory of software and hardware products running on servers or devices. A huge manual effort and much scanning are required to determine

which patch is applicable to which product running on devices or servers.

Current solutions include the running of scanning tools on all the servers tracking missing patches. Over time, multiple patches are applied for the same product and same version of the product.

The novel contribution is a system and method for patch application to devices . This includes identifying similar vulnerabilities and patches; a missing patch implies exposed vulnerability. The method can infer which servers have missing patches . The method can then recommend which patches need to be applied to which servers and whether any sets of patches can be applied together.

The method constructs a patch-product profile based on historical patch application . The method uses the National Vulnerability Database (NVD), Common Vulnerability and Exposure (CVE), and Common Platform Enumeration (CPE) to obtain a mapping between vendor patches, vulnerabilities, and products (from CPE).

A bipartite graph is constructed mapping vuln...