Veracode has filed a patent for a method to preserve privacy when sharing remediation knowledge for software flaws across organizations. The method involves deidentifying program code by removing or obfuscating potentially identifying portions without impacting the structure of the code. This deidentified remediation knowledge is then used to train a fix suggestion model that generates predictions for suggested fixes to flaws based on their structural context. The deidentification process can occur before training or during prediction to ensure privacy. GlobalData’s report on Veracode gives a 360-degree view of the company including its patenting strategy. Buy the report here.
Smarter leaders trust GlobalData
According to GlobalData’s company profile on Veracode, social data privacy protection was a key innovation area identified from patents. Veracode's grant share as of June 2023 was 1%. Grant share is based on the ratio of number of grants to total number of patents.
Privacy-preserving deidentification of program code for flaw remediation
A recently filed patent (Publication Number: US20230153459A1) describes a method for deidentifying program code fixes associated with specific organizations. The method involves obtaining a program code fix for a flaw in a software project and determining the structural context of the fix. If the program code fix contains code that potentially identifies the organization associated with it, the method modifies the code to deidentify it.
The determination of the structural context of the program code fix can be done by analyzing the abstract syntax tree or control flow graph of the code fix. This analysis helps identify the differences between the flawed code and the fixed code.
To determine if the program code fix contains potentially identifying code, the method evaluates the nodes of the structural context against specific rules. These rules can include determining if the code corresponds to standard code units or open source code units.
If the program code fix is found to contain potentially identifying code, the method modifies the code by obfuscating or removing the source code construct that contains the identifying information. This modification generates a deidentified representation of the code fix.
The patent also describes the use of machine-readable media containing program code for deidentifying program code fixes. This code generates a structural representation of the fix, determines if any source code constructs contain potentially identifying information, and modifies the code to remove or obfuscate the identifying information.
Additionally, the patent includes an apparatus that utilizes a processor and machine-readable medium to obtain program code fixes associated with different organizations. The apparatus determines the structural context of each code fix, identifies potentially identifying code, and deidentifies the code if necessary.
Overall, this patent presents a method and apparatus for deidentifying program code fixes associated with specific organizations. By modifying the code to remove potentially identifying information, the method aims to protect the privacy and security of organizations involved in software development.
To know more about GlobalData’s detailed insights on Veracode, buy the report here.
Data Insights
From
The gold standard of business intelligence.
Blending expert knowledge with cutting-edge technology, GlobalData’s unrivalled proprietary data will enable you to decode what’s happening in your market. You can make better informed decisions and gain a future-proof advantage over your competitors.
GlobalData, the leading provider of industry intelligence, provided the underlying data, research, and analysis used to produce this article.
GlobalData Patent Analytics tracks bibliographic data, legal events data, point in time patent ownerships, and backward and forward citations from global patenting offices. Textual analysis and official patent classifications are used to group patents into key thematic areas and link them to specific companies across the world’s largest industries.
