Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendments
The amended claims 1 – 10 were considered under 35 USC 112, 101 (abstract idea) and 103 for patentability over closest and analogous prior arts Bishop et al (US Pub. #: 9,798,884), hereafter Bishop, Ladnai et al (US Pub. #: 20170300690), hereafter Ladnai and Bock et al (US Pub. #: 20090113248) hereafter Bock have been fully considered and are persuasive. Claim 11 is cancelled.

Allowable Subject Matter
1.	Amended claims 1 – 10 are allowed in light of applicant’s arguments, approved examiner’s proposed amendments and in light of prior art(s) made of record. 

Examiner’s Amendment
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.  Authorization for this examiner’s amendment was given in an interview with Mark Patrick (attorney) for filed amended claims on 02-03-2021:
1. 	(Currently Amended)  A method for finding security weaknesses in a software program, 
 comprising a software analysis tool; 
parsing software code of the software program to create parsed code, the parsed code including code information needed to perform a static analysis using the software analysis tool, wherein the software analysis tool is configured to identify security weaknesses described in terms of common weakness enumerations (CWEs); 
performing a static analysis of the parsed code to determine 
identifying each CWE in the set of target CWEs to be either a code-only CWE (CO CWE), a root-cause CWE (RC CWE), or a leads-to CWE (LT CWE), wherein each LT CWE comprises a final CWE in a chain of events that also includes at least one CO CWE or RC CWE, wherein the set of target CWEs include at least a first RC CWE and a first LT CWE; 
identifying a first blocking set of CWEs for the first RC CWE, wherein the first blocking set of CWEs for the first RC CWE comprises at least one CO CWE;
identifying a second blocking set of CWEs for the first LT CWE, wherein the second blocking set of CWEs for the first LT CWE comprises at least one CO CWE, and wherein the second blocking set of CWEs for the first LT CWE is associated with an RC CWE in the set of target CWEs;
performing a static analysis of the parsed code to find each CO CWE in the software code, thereby creating a list of CO CWEs in the software code;
reporting the list of CO CWEs to a user on a user interface;
determining whether at least one CO CWE in the list of CO CWEs is within the first blocking set of CWEs for the first RC CWE;
determining whether at least one CO CWE in the list of CO CWEs is within the second blocking set of CWEs for the first LT CWE; 
reporting the first RC CWE or the first LT CWE as not present responsive to a determination that no CO CWE in the list of CO CWEs is within the first blocking set of CWEs or the second blocking set of CWEs; and
reporting the first RC CWE or the first LT CWE as potentially present responsive to a determination that at least one CO CWE in the list of CO CWEs is within the first blocking set of CWEs or the second blocking set of CWEs.

2. 	(Currently Amended)  The method of claim 1, wherein performing the static analysis of parsed code to determine the set of target CWEs to discover comprises performing a formal methods static analysis of the parsed code to determine the set of target CWEs to discover.

3.	(Previously Presented)  The method of claim 1, wherein identifying each CWE in the set of target CWEs further comprises determining whether the software code includes an extra information, directly determinable CWE (XI-DD CWE), the method further comprising:
querying the user for additional information associated with the XI-DD CWE.

4.	(Previously Presented)  The method of claim 3, further comprising:
analyzing the parsed code for additional information associated with XI-DD CWEs to determine the presence of XI-DD CWEs.

5.	(Previously Presented)  The method of claim 4, the method further comprising:
prompting the user to verify the additional information associated with the XI-DD CWEs.

6.	(Previously Presented)  The method of claim 1, the method further comprising graphing the software code for additional accuracy of the static analysis of the parsed code.

7.	(Previously Presented)  The method of claim 1, wherein performing the static analysis of the parsed code further comprises:
identifying software behavior associated with a targeted human judgment, directly determinable CWE (HJ-DD CWE); 
querying the user for the presence of a HJ-DD CWE based upon the determined software behavior; and
recording the discovery of at least one user-determined HJ-CWE.

or the first LT CWE as potentially present includes reporting the first LT CWE as potentially present.

9.	(Currently Amended)  The method of claim 1, wherein reporting the first RC CWE or the first LT CWE as potentially present includes reporting the first RC CWE as potentially present.

10.	(Previously Presented)  The method of claim 9, the method further comprising:
graphing the software code of the software program to create a causal graph;
identifying one or more CO CWEs in the list of CO CWEs that are found within the first blocking set of CWEs for the first RC CWE;
performing a root cause analysis, based on the causal graph, for each of the one or more CO CWEs; and
reporting each RC CWE identified by the root cause analysis.

11.	(Cancelled).
 
Reasons for Allowance
The following is an examiner’s statement of reasons for allowance: 
As to the independent claim 1, the prior art of reference Bishop teaches Col. 4 lines 30-45: the system loads source code into the first and/or second memory to perform static analysis of instructions (col. 1 lines 37-47) after creating binary code files (col. 5 lines 54-57) in which that particular vulnerability was found, location identifiers, such as line numbers, a class or a method in which the detect/vulnerability was found, etc. Col. 3 lines 5-8, 18-25: the set of CWEs and other classification defects are identified. Col. 3 lines 3-15: identifies the classification of the code vulnerabilities in one or more of the group of classifications such as event trigger, communication, covering tracks, etc. Col. 2 lines 30-32: After various defects/vulnerabilities in  

Further, a second prior art of record Ladnai teaches: [0004] once a root cause is identified, the event graph may be traversed forward from the root cause to identify other computing objects  

Further, a third prior art of record Bock teaches: [0041] it is determined whether the root cause of the fault event can be identified. If the root cause cannot be identified, the user may be presented with the data values stored at stored as well as possible causes and actions stored in fault tree analysis data. Abstract: In the event of a fault, fault tree analysis metadata may be evaluated to attempt to determine a root cause of the fault. If a root cause can be automatically determined, it may be presented to a user in a troubleshooting console, or may be used to trigger an automated corrective action. Alternatively, if a root cause cannot be automatically determined, the user may be presented with additional fault tree analysis metadata and any relevant data parameters in the troubleshooting console, so that the user may determine the root cause of the fault event.

None of the other prior arts of record teach by themselves or in any combination, would have anticipated nor render obvious by combination the claimed invention of the present application at or before the time it was filed.  The prior arts of record fail to teach: the root cause (rc), leads to (lt) and code-only (co) common weakness enumerations (CWE) analyses are separately performed using an automated static analysis tool. The set of CWEs are classified further into first and second blocking sets. In the first set, for each rc there is a co-only CWE associated with and in the second set for each lt there is a co-only CWE is mapped with. In other words, for each 

Therefore, independent claim 1 and their corresponding dependent claims are allowed in light of applicant’s arguments, approved examiner’s amendments and prior arts of record.  Claim 11 is cancelled.
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. See PTO-892 Notice of References Cited.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Badri -- Champakesan whose telephone number is (571)270-3867.  The examiner can normally be reached on M-F: 7:45am-5pm (EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is 
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Taghi T. Arani can be reached on 5712723787.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/BADRINARAYANAN /Examiner, Art Unit 2438.