DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.

Claim Objections
Claim 3 contains a minor typo of " indicative of my the mitigation failure occurs " in line 2, which should read " indicative of why the mitigation failure occurs ", appropriate correction is required.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –


(a)(1) the claimed invention was patented, described in a printed publication, or in public use, on sale or otherwise available to the public before the effective filing date of the claimed invention.


Claim 8 rejected under 35 U.S.C. 102 as being anticipated by Bunker et al. (Pub. No.: 2010/0242114, hereinafter Bunker).
Regarding claim 8: Bunker discloses A non-transitory computer-readable medium, communicatively coupled to a processor, configured to store a command set executable by the processor to facilitate operation of a component set, the component set comprising:
a first access component configured to access a first mitigation function that mitigates a first security vulnerability; and a second access component configured to access a second mitigation function Bunker - [0037]: the mapped vulnerability to filter data from the database 408 is provided to the mapping function 406. [0040]: the results of the mapping performed by the vulnerability management to filter mapping functionality 406 and the filter status functionality 412 to illustrate the protections provided by the filters that are associated with particular vulnerabilities. [0048]: Field 808 may be selected such that the vulnerability and mitigated risk for the presently selected node are displayed).

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1-7 and 9-20 are rejected under 35 U.S.C. 103 as being unpatentable over Bunker et al. (Pub. No.: 2010/0242114, hereinafter Bunker) in view of Grieco et al. (Pub. No.: US 2016/0232358).
Regarding claim 15: Bunker discloses A processor, communicatively coupled to a non-transitory computer-readable medium, configured to execute a command set retained upon the non-transitory computer-readable medium to perform a method, the method comprising:
identifying a first mitigation task list for the first system based, at least in part, on the first vulnerability assessment; causing the first mitigation task list to be performed upon the first system; identifying a second mitigation task list for the second system based, at least in part, on the second vulnerability assessment; causing the second mitigation task list to be performed upon the second system (Bunker - [0037]: the mapped vulnerability to filter data from the database 408 is provided to the mapping function 406. [0040]: the results of the mapping performed by the vulnerability management to filter mapping functionality 406 and the filter status functionality 412 to illustrate the protections provided by the filters that are associated with particular vulnerabilities. [0048]: Field 808 may be selected such that the vulnerability and mitigated risk for the presently selected node are displayed);
evaluating the first system post-performance of the first mitigation task list to produce a first evaluation result; causing output of a first report based, at least in part, on the first evaluation result, evaluating the second system post-performance of the second mitigation task list to produce a second evaluation result; and causing output of a second report based, at least in part, on the second evaluation result (Bunker - [0034]: If a particular vulnerability is mitigated through an IPS filter, an exceptions management report component of the vulnerability management system may provide an indication that particular vulnerabilities have been addressed via use of implemented IPS filters, i.e. a countermeasure is in place. [0040]: The mitigated risk report functionality 422 generates a list of vulnerabilities that are presently protected by an enabled filter within a particular intrusion protection system. [0048]: Field 808 may be selected such that the vulnerability and mitigated risk for the presently selected node are displayed);
where the first mitigation task list and the second mitigation task list share a common mitigation item to mitigate the common vulnerability item (Bunker - [0036]: Database 408 has the entire mapping of all known vulnerabilities of any network to all known filters options provided by the IPS servers 310).
However Bunker doesn’t explicitly teach, but Grieco discloses: performing a first vulnerability assessment on a first system based, at least in part, on a profile of the first system to produce a first vulnerability list; performing a second vulnerability assessment on a second system based, at least in part, on a profile of the second system to produce a second vulnerability list (Grieco - [0041]: obtaining a plurality of unique software identifiers each for a corresponding one of a plurality of executable applications observed at one or more devices forming part of an information technology infrastructure; obtaining global security risk metadata for one or more executable applications observed at the one or more devices; mapping one or more unique software identifiers to global security risk metadata obtained for one or more executable applications that are identified by the one or more unique software identifiers to generate a vulnerable application dataset);
where the first system and the second system are separate and distinct systems (Grieco - Fig.1, a device 25(1)-25(N)),
where the first vulnerability list and the second vulnerability list share a common vulnerability item (Grieco - [0008]: The vulnerability assessment system obtains global security risk metadata for executable applications observed at the one or more devices. The vulnerability assessment system maps one or more unique software identifiers in the application metadata to global security risk metadata that corresponds to applications identified by the one or more unique software identifiers, thereby generating a vulnerable application dataset).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Bunker with Grieco so that each vulnerability assessment is performed based on each device’s profile. The modification would have allowed the system to mitigate vulnerabilities for enhancing security. 
Regarding claim 16: Bunker as modified discloses where the first vulnerability list comprises a vulnerability item not found in the second vulnerability list and where the first mitigation task list comprises a mitigation item not found in the second mitigation task list (Bunker - [0043]: The vulnerability management system 316 is daily updated with new vulnerabilities found and new IPS filters are regularly written to protect from these new vulnerabilities).
Regarding claim 17: Bunker as modified discloses where the second vulnerability list comprises a vulnerability item not found in the first vulnerability list and where the second mitigation task list comprises a mitigation item not found in the first mitigation task list (Bunker - [0043]: The vulnerability management system 316 is daily updated with new vulnerabilities found and new IPS filters are regularly written to protect from these new vulnerabilities).
Regarding claim 18: Bunker as modified discloses where performing the first vulnerability assessment, identifying the first mitigation task list, causing the first mitigation task list to be performed, evaluating the first system post-performance, and causing output of the first report occur within a first time span, where performing the second vulnerability assessment, identifying the second mitigation task list, Bunker - [0043]: The vulnerability management system 316 is daily updated. [0045]: the number of hours between polls of the SMS 314 by the scanning server 317 must be selected).
Regarding claim 19: Bunker as modified discloses the method comprising:
analyzing the first report to produce an analysis result that indicates a particular vulnerability item that is not successfully mitigated as a result of the first mitigation task list; and
producing a solution for the particular vulnerability item based, at least in part, on the analysis result (Bunker - [0034]: If the vulnerability management system server 316 detects vulnerabilities within the enterprise network 302 for which there are no IPS filters available, the system provides an indication that a patch is necessary for the vulnerable device),
where the second vulnerability assessment comprises the particular vulnerability item(Bunker - [0043]: vulnerabilities which have no IPS filter coverage and must be mitigated via patch or configuration level solutions),
where the second mitigation task list comprises the solution (Bunker - [0034]: This integrated view provided by the vulnerability management system 316 enables a user to mitigate the risk at the network level by tuning the IPS filters or at the host level by applying patches to a vulnerable device), and
where the second report indicates the particular vulnerability item being mitigated for the second system (Bunker - [0034]: If a particular vulnerability is mitigated through an IPS filter, an exceptions management report component of the vulnerability management system may provide an indication that particular vulnerabilities have been addressed via use of implemented IPS filters, i.e. a countermeasure is in place).
Regarding claim 20: Bunker as modified discloses the method comprising:
assessing attributes of the first system to produce a first assessment result; assessing attributes of the second system to produce a second assessment result (Grieco - [0041]: obtaining a plurality of unique software identifiers each for a corresponding one of a plurality of executable applications observed at one or more devices);
creating the profile of the first system based, at least in part, on the first assessment result; creating the profile of the second system based, at least in part, on the second assessment result (Grieco - [0041]: obtaining global security risk metadata for one or more executable applications observed at the one or more devices; mapping one or more unique software identifiers to global security risk metadata obtained for one or more executable applications that are identified by the one or more unique software identifiers to generate a vulnerable application dataset);
searching, in view of the first vulnerability assessment, a database that associates individual vulnerabilities with individual mitigation tasks to identify the first mitigation task list; and searching, in view of the second vulnerability assessment, the database that associates individual vulnerabilities with individual mitigation tasks to identify the second mitigation task list (Bunker - [0037]: The mapping function 406 is able to map/associate particular vulnerabilities within the system with specific filters that will protect against the vulnerability that has been detected by the vulnerability management detection functionality 402. [0032]: The vulnerability management system server 316 has a map of every known vulnerability of the network 302 and the filter(s) that can protect for that vulnerability at the IPS 310 stored within an associated database 319).
Grieco is combined with Bunker herein for similar obviousness reasons and motivation and the same rationale as stated for claim 15.

Regarding claim 1: The limitations of claim 1 are similar to the limitations of claim 15 except where the report indicates an overall success of mitigation (Bunker - [0040]: The mitigated risk report functionality 422 generates a list of vulnerabilities that are presently protected by an enabled filter within a particular intrusion protection system).
Regarding claim 2: Bunker as modified discloses where the report details a mitigation success of the causation of the mitigation task list upon the system and where the report details a mitigation failure of the causation of the mitigation task list upon the system (Bunker - [0050]: The active risk analysis screen shows if a vulnerability is fully covered, partially covered or not covered by the IPS filters).
Regarding claim 3: Bunker as modified discloses the method comprising:
analyzing the mitigation failure to produce an analysis result indicative of my the mitigation failure occurs (Bunker - [0036]: each IPS server 310 to compare against the found vulnerabilities of the network and the mapped information contained within the database 408 to determine which vulnerabilities are … not protected); and
producing a solution of the mitigation failure based, at least in part, on the analysis result (Bunker - [0036]: the vulnerability management to filter mapping functionality 406 can find what other filters are available to provide full coverage for the rest of the vulnerabilities and which vulnerabilities need to be patched since they have no filters coverage).
Regarding claim 4: Bunker as modified discloses where the system is a first system, where the vulnerability assessment is a first vulnerability assessment, and where the mitigation task list is a first mitigation task list, the method comprising:
adding the solution to a database that associates individual vulnerabilities with individual mitigation tasks (Bunker - [0047]: Utilizing the report results, the filters that are presently set within the IPS servers 310 may be updated at step 712 to either add additional filters to protect against as yet unprotected system vulnerabilities);
performing a second vulnerability assessment of the second system based, at least in part, on a profile of the second system (Grieco - [0041]: obtaining a plurality of unique software identifiers each for a corresponding one of a plurality of executable applications observed at one or more devices forming part of an information technology infrastructure; obtaining global security risk metadata for one or more executable applications observed at the one or more devices; mapping one or more unique software identifiers to global security risk metadata obtained for one or more executable applications that are identified by the one or more unique software identifiers to generate a vulnerable application dataset);
identifying a second mitigation task list for the second system based, at least in part, on the second vulnerability assessment; causing the second mitigation task list to be performed upon the second system (Grieco - [0032]: if the vulnerability assessment system 30 determines that a device 25(1)-25(N) is running a piece of software that is vulnerable, but it is unknown if adversaries are using it as an avenue of attack, the vulnerability assessment system 30 could trigger deeper inspections on that single set of processes. e.g. deep packet inspection, block from executing etc.); and
where the second mitigation task list comprises the solution (Bunker - [0034]: This integrated view provided by the vulnerability management system 316 enables a user to mitigate the risk at the network level by tuning the IPS filters or at the host level by applying patches to a vulnerable device).
Grieco is combined with Bunker herein for similar obviousness reasons and motivation and the same rationale as stated for claim 1.
Regarding claim 5: Bunker as modified discloses where performing the vulnerability assessment of the system based, at least in part, on the profile of the system comprises:
identifying an attribute list of the system included in the profile (Grieco - [0041]: obtaining global security risk metadata for one or more executable applications observed at the one or more devices); and
identifying a vulnerability list associated with the attribute list (Grieco - [0041]: mapping one or more unique software identifiers to global security risk metadata obtained for one or more executable applications that are identified by the one or more unique software identifiers to generate a vulnerable application dataset).
Grieco is combined with Bunker herein for similar obviousness reasons and motivation and the same rationale as stated for claim 1.
Regarding claim 6: Bunker as modified discloses where identifying the mitigation task list for the system based, at least in part, on the vulnerability assessment comprises:
accessing a database that associates individual vulnerabilities with individual mitigation tasks; and searching the database to determine the mitigation task list associated with the vulnerability list (Bunker - [0037]: The mapping function 406 is able to map/associate particular vulnerabilities within the system with specific filters that will protect against the vulnerability that has been detected by the vulnerability management detection functionality 402. [0032]: The vulnerability management system server 316 has a map of every known vulnerability of the network 302 and the filter(s) that can protect for that vulnerability at the IPS 310 stored within an associated database 319).
Regarding claim 7: Bunker as modified discloses where accessing the profile for the system comprises:
evaluating the system to produce the evaluation result; and
creating the profile based, at least in part, on the evaluation result (Bunker - [0034]: If a particular vulnerability is mitigated through an IPS filter, an exceptions management report component of the vulnerability management system may provide an indication that particular vulnerabilities have been addressed via use of implemented IPS filters, i.e. a countermeasure is in place. [0040]: The mitigated risk report functionality 422 generates a list of vulnerabilities that are presently protected by an enabled filter within a particular intrusion protection system. [0048]: Field 808 may be selected such that the vulnerability and mitigated risk for the presently selected node are displayed).

Regarding claim 9: Bunker as modified discloses the component set comprising:
a first causation component configured to cause the system to be subjected to the first mitigation function when the system profile indicates that the system suffers from the first security vulnerability; and
a second causation component configured to cause the system to be subjected to the second mitigation function when the system profile indicates that the system suffers from the second security vulnerability (Grieco - [0032]: if the vulnerability assessment system 30 determines that a device 25(1)-25(N) is running a piece of software that is vulnerable, but it is unknown if adversaries are using it as an avenue of attack, the vulnerability assessment system 30 could trigger deeper inspections on that single set of processes. e.g. deep packet inspection, block from executing etc.).
It would have been prima facie obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to modify the method of Bunker with Grieco so that mitigation function can be performed if there is detected vulnerability. The modification would have allowed the system to mitigate vulnerabilities for enhancing security. 
Regarding claim 10: Bunker as modified discloses the component set comprising:
an analysis component configured to analyze the system to produce an analysis result (Bunker - [0036]: each IPS server 310 to compare against the found vulnerabilities of the network and the mapped information contained within the database 408 to determine which vulnerabilities are … not protected); and
a construction component configured to construct the system profile based, at least in part, on the analysis result result (Bunker - [0036]: the vulnerability management to filter mapping functionality 406 can find what other filters are available to provide full coverage for the rest of the vulnerabilities and which vulnerabilities need to be patched since they have no filters coverage).
Regarding claim 11: Bunker as modified discloses the component set comprising:
a first observation component configured to observe the system being subjected to the first mitigation function to produce a first observation result; a second observation component configured to observe the system being subjected to the second mitigation function to produce a second observation result (Bunker - [0034]: If a particular vulnerability is mitigated through an IPS filter, an exceptions management report component of the vulnerability management system may provide an indication that particular vulnerabilities have been addressed via use of implemented IPS filters, i.e. a countermeasure is in place. [0040]: The mitigated risk report functionality 422 generates a list of vulnerabilities that are presently protected by an enabled filter within a particular intrusion protection system. [0048]: Field 808 may be selected such that the vulnerability and mitigated risk for the presently selected node are displayed); and
a generation component configured to generate a mitigation success/failure report based, at least in part, on the first observation result and the second observation result (Bunker - [0050]: The active risk analysis screen shows if a vulnerability is fully covered, partially covered or not covered by the IPS filters).
Regarding claim 12: Bunker as modified discloses the component set comprising:
an identification component configured to identify a mitigation failure based, at least in part, on the first observation result and the second observation result; and a correction component configured to create a correction for the mitigation failure (Bunker - [0034]: If the vulnerability management system server 316 detects vulnerabilities within the enterprise network 302 for which there are no IPS filters available, the system provides an indication that a patch is necessary for the vulnerable device).
Regarding claim 13: Bunker as modified discloses where the system is a first system, the component set comprising:
an update component configured to update a database with the correction (Bunker - [0047]: Utilizing the report results, the filters that are presently set within the IPS servers 310 may be updated at step 712 to either add additional filters to protect against as yet unprotected system vulnerabilities); and
a third access component configured to access a third mitigation function from the database that mitigates a third security vulnerability of a second system; where the correction is the third mitigation function (Bunker - [0032]: The vulnerability management system 316 combines the mapped information from the database 319 with real time filter/signature information from the IPS servers 310 to recommend to the SMS 314 which filters/signatures can be applied to protect for the vulnerabilities of enterprise network 302),
where the first access component is configured to access the first mitigation function from the database, and where the second access component is configured to access the second mitigation function from the database (Bunker - [0033]: the vulnerability management system 316 applies the vulnerability to filter mapping stored in its database to the vulnerabilities discovered by the vulnerability scan process to determine the various IPS filters within the IPS servers 310 that will provide protection from the discovered vulnerabilities if applied).
Regarding claim 14: Bunker as modified discloses the component set comprising:
an attribute component configured to identify an attribute list of the system indicated by the system profile (Grieco - [0041]: obtaining a plurality of unique software identifiers each for a corresponding one of a plurality of executable applications observed at one or more devices);;
a vulnerability component configured to identify a vulnerability list associated with the attribute list (Grieco - [0041]: obtaining global security risk metadata for one or more executable applications observed at the one or more devices; mapping one or more unique software identifiers to global security risk metadata obtained for one or more executable applications that are identified by the one or more unique software identifiers to generate a vulnerable application dataset); and
a selection component configured to select a mitigation function list based, at least in part, on the vulnerability list (Bunker - [0037]: Mapping function 406 analysis provides the recommend action for the selection of the missing filters based on the network current vulnerabilities to provide the needed network protection),
where the mitigation function list comprises the first mitigation function and the second mitigation function and where the vulnerability list comprises the first security vulnerability and the second security vulnerability (Bunker - [0043]: The vulnerability management system 316 is daily updated with new vulnerabilities found and new IPS filters are regularly written to protect from these new vulnerabilities).
Grieco is combined with Bunker herein for similar obviousness reasons and motivation and the same rationale as stated for claim 9.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure as the prior art additionally discloses certain parts of the claim features (See “PTO-892 Notice of Reference Cited”).
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MENG LI whose telephone number is (571)272-8729.  The examiner can normally be reached on M-F 8:30-5:30.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s acting supervisor, Kristine Kincaid can be reached on (571) 272-4063.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8729.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 





/MENG LI/
Primary Examiner, Art Unit 2437