AUTOMATING TRUST IN SOFTWARE UPGRADES

AUTOMATING TRUST IN SOFTWARE UPGRADES

A method, computer system, and computer program product are provided for automatically analyzing software packages to identify the degree of differences between compared software packages and to apply security policies. A first software bill of materials for a software package is processed to extrac...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Pritikin, Max, Schutt, Jeffrey G
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:A method, computer system, and computer program product are provided for automatically analyzing software packages to identify the degree of differences between compared software packages and to apply security policies. A first software bill of materials for a software package is processed to extract a plurality of components of the software package, wherein the first software bill of materials indicates a first hierarchy of components based on relationships between components. The first hierarchy is compared to a second hierarchy, the second hierarchy corresponding to a second software bill of materials, to determine a degree of difference between the first hierarchy and the second hierarchy. The degree of difference is compared to one or more threshold values. A security policy is applied with respect to the software package according to a comparison of the degree of difference to the one or more threshold values.