DETAILED ACTION
Remarks
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

This Office Action is filed in response to Applicant’s Request for Continued Examination dated March 5, 2021.  Claims 1, 3, 10, 11, 13, 19, and 20 are currently amended and claims 1, 3, 6-13, 15, and 17-20 remain pending in the application and have been fully considered by Examiner.
In view of Applicant's amendments and Remarks, the 35 USC 101 rejections are hereby withdrawn.
Applicant's arguments with respect to the prior art rejections have been considered, but are moot in view of the new grounds of rejection presented herein (see the Claim Rejections -- 35 USC 103 section below, particularly MacDonald 8701084).  

Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  


Examiner Notes
Examiner cites particular columns, paragraphs, figures and line numbers in the references as applied to the claims below for the convenience of the applicant. Although the specified citations are representative of the teachings in the art and are applied to the specific limitations within the individual claim, other passages and figures may apply as well. It is respectfully requested that, in preparing responses, the applicant fully consider the references in their entirety as potentially teaching all or part of the claimed invention, as well as the context of the passage as taught by the prior art or disclosed by the examiner.

Claim Objections
Claim 12 is objected to because of the following informality:  lines 1-3 should be amended to recite -- processing the computer readable code written by the user associated with the user profile to determine a type of security critical feature the computer readable code 

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.


Claim 12 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject 

	With respect to claim 12, lines 6-9 recite with emphasis added, “identifying the type of the security feature that has a greatest quantity of instances in the database, wherein the competence level is further based on the type of the security feature that has a greatest quantity of instances in the database.” It is unclear whether “the security feature” mean the “security critical feature” recited on lines 3-5 of claim 12, which renders the scope of the claim indefinite.  For purposes of compact prosecution only, Examiner has interpreted claim 12 as reciting -- identifying the type of the security critical feature that has a greatest quantity of instances in the database, wherein the competence level is further based on the type of the security critical feature that has a greatest quantity of instances in the database --.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.


Claims 1, 6, 13, and 17 are rejected under 35 U.S.C. 103 as being unpatentable over Kao et al. (20190205542 – hereinafter Kao) in view of Young et al. (20190339964 – hereinafter Young), Andrews et al. (20040117761 – hereinafter Andrews), and MacDonald (8701084 – hereinafter MacDonald).

	With respect to claim 1, Kao discloses A method, comprising: 
	processing, by a processor, computer readable code [as the computer readable code is being written] in a development environment to identify one or more errors in the computer readable code, [the development environment being viewable by way of a display] (e.g., Figs. 1-2 along with associated text, e.g., [0049], For example, the security analysis module 108c can execute one or more tools to parse lines of code in one or more source code modules to identify a first set of security vulnerabilities; see also [0043] and [0050].); 
	[causing at least one error of the one or more errors in the computer readable code to be displayed differently in the development environment compared to a portion of the computer readable code that is free from having the one or more errors in real-time as the code is being written in the development environment;]
	identifying a user profile associated with the development environment [within which the computer readable code is written] (e.g., Figs. 1-2 along with associated text, e.g., [0043], the data integration module 108d also captures security training data associated with, e.g., developers [user] and other personnel that are implementing the software application under development [computer readable code]. For example, a certain developers may have specific security training or certification, while others may not have the same level of experience or skills--which could pose security risks in the context of the code base of the software application being developed. All of this security training data can be stored in user profiles (e.g., in an HR system) [user profile associated with a development environment used to generate the computer readable code] or other types of data structures, and the data integration module 108d can retrieve this data from, e.g., an external identity provider. The security analysis module 108c can ; 
	searching a database for user profile information indicative of a training sequence performed by a user associated with the user profile (e.g., Figs. 1-2 along with associated text, e.g., [0043], the data integration module 108d also captures security training data associated with, e.g., developers [user] and other personnel that are implementing the software application under development. For example, a certain developers may have specific security training or certification [training sequence], while others may not have the same level of experience or skills--which could pose security risks in the context of the code base of the software application being developed. All of this security training data can be stored in user profiles (e.g., in an HR system) or other types of data structures, and the data integration module 108d can retrieve this data [searching a database for user profile information indicative of a training sequence performed by a user associated with the user profile] from, e.g., an external identity provider. The security analysis module 108c can analyze the security training data associated with one or more aspects of the software application under development (e.g., by analyzing the training data for developers working on that aspect of the application).); 
	identifying a type of at least one of the one or more errors identified in the computer readable code (e.g., Figs. 1-2 along with associated text, e.g., [0049], the module 108c aggregates the first set of security vulnerabilities, the second set of security vulnerabilities, and the third set of security vulnerabilities into a final set of security vulnerabilities [security ; 
	comparing the type of the at least one of the one or more errors identified in the computer readable code with one or more properties associated with the training sequence (e.g., Figs. 1-2 and associated text, e.g., [0043], In a related aspect, the data integration module 108d also captures security training data associated with, e.g., developers and other personnel that are implementing the software application under development.... All of this security training data can be stored in user profiles; [0050], the security analysis module 108c can recognize one or more of the final set of security vulnerabilities [the type of at least one of the one or more errors] as critical vulnerabilities (e.g., by comparison to a vulnerability database [one or more properties associated with the training sequence]).); 
	calculating a severity of the at least one error based on the comparison with the one or more properties associated with the training sequence (Id., particularly, the security analysis module 108c can recognize one or more of the final set of security vulnerabilities as critical vulnerabilities [calculating a severity of the at least one error] (e.g., by comparison to a vulnerability database [one or more properties associated with the training sequence].); 
	assigning a competence level to the user associated with the user profile [based on the calculated severity] (e.g., Figs. 1-2 and associated text, e.g., [0043], In a related aspect, the data integration module 108d also captures security training data associated with, e.g., developers and other personnel that are implementing the software application under development. For example, certain developers may have specific security training or certification, while others may not have the same level of experience or skills [competence level ]--which could pose security risks in the context of the code base of the software application being developed.  All of this security user profiles (e.g., in an HR system).... The security analysis module 108c can analyze the security training data associated with one or more aspects of the software application under development (e.g., by analyzing the training data for developers working on that aspect of the application) and the module 108c can determine a training gap based upon the security training data.... In some cases, the security analysis module 108c can mark a training deficiency as a gating issue.); and 
	generating a remediation suggestion to correct at least one of the one or more errors in the computer readable code based on the competence level (e.g., Figs. 1-2 and associated text, e.g., [0043], In a related aspect, the data integration module 108d also captures security training data associated with, e.g., developers and other personnel that are implementing the software application under development. For example, certain developers may have specific security training or certification, while others may not have the same level of experience or skills [competence level] --which could pose security risks in the context of the code base of the software application being developed.... The security analysis module 108c can analyze the security training data associated with one or more aspects of the software application under development (e.g., by analyzing the training data for developers working on that aspect of the application) and the module 108c can determine a training gap based upon the security training data.... As a result, the module 108c can create a development task in the software development issue tracking platform based upon the training gap (e.g., assign an experienced developer to review the source code and/or rework the source code to identify and remediate any security issues relating to the SSO implementation) [generating a remediation suggestion to correct at least one of the one or more errors in the computer readable code based on the competence level]; [0050], the security analysis module 108c can recognize one or more of the final set of security vulnerabilities.); and 
	[causing the remediation suggestion to be concurrently displayed with the computer readable code in the development environment, wherein the remediation suggestion comprises a comparison view of the computer readable code having the at least one of the one or more errors and a preview of the computer readable code free from having the at least one of the one or more errors, and a selectable link to correct the computer readable code in accordance with the preview of the computer readable code free from having the at least one of the one or more errors,] and
	each of the one or more errors is associated with a type of security vulnerability in the computer readable code (e.g., Figs. 1-2 and associated text, e.g., [0043], the module 108c can create a development task in the software development issue tracking platform based upon the training gap (e.g., assign an experienced developer to review the source code and/or rework the source code to identify and remediate any security issues relating to the SSO implementation); [0050], the security analysis module 108c can recognize one or more of the final set of security vulnerabilities.).
	Kao does not appear to explicitly disclose as the computer readable code is being written, causing at least one error of the one or more errors in the computer readable code to be displayed differently in the development environment compared to a portion of the computer readable code that is free from having the one or more errors in real-time as the code is being written in the development environment, or within which the computer readable code is written.  However, this is taught in analogous art, Young (e.g., [0013], The GUI 24 of the first distributed source code authoring management system client 28 may include an editor window 26 in which a code file 30 may be displayed. The editor window 26 may be configured to provide real-time mark-up of the code file 30 as the user inputs code into the editor window. For example, the editor window 26 may provide mark-up such as syntax coloring, error and warning marks, brace matching, line numbers, change tracking, etc. to the text that the user inputs into the editor window).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the invention of Kao with the invention of Young because it would allow developers to immediately see when errors arise in their code which would reduce time spent debugging the code.  
	Although Kao discloses assigning a competence level to the user associated with the user profile (see above), it also does not appear to explicitly disclose based on the calculated severity. However, this is taught by analogous art, Andrews (e.g., Figs. 3-5 and associated text, e.g., [0046], the severity of the bug will be reflected in the number of defective lines, to be calculated hereinafter [calculated severity]; [0047], In step 409, the measure of coding quality [competence level] is derived based on the number of defective lines of code (a defect count) relative to an evaluation of the total number of opportunities for such defects (an opportunity for defect count) [based on the calculated severity]; see also [0006] A novel system and method are described for measuring the productivity of code developers by measuring the "churn" or code modification activities necessitated during the code development process; see also [0002], [0004-5], [0034], [0040], and [0044].).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Andrews because it will result in higher quality code, as suggested by Andrews (see [0017]).  
causing the remediation suggestion to be concurrently displayed with the computer readable code in the development environment, wherein the remediation suggestion comprises a comparison view of the computer readable code having the at least one of the one or more errors and a preview of the computer readable code free from having the at least one of the one or more errors, and a selectable link to correct the computer readable code in accordance with the preview of the computer readable code free from having the at least one of the one or more errors. However, this is taught in analogous art MacDonald (e.g., Figs. 1-5 and associated text, e.g., FIG. 3 illustrates an exemplary embodiment of the editor GUI 200 from FIG. 2 with revised code 302. The revised code 302 may be presented in the same GUI window as the previous code [causing the remediation suggestion to be concurrently displayed with the computer readable code in the development environment]... Once satisfied, the user can decide whether to accept, e.g. with button 314, or reject the change, e.g. with button 310 [selectable link to correct the computer readable code in accordance with the preview of the computer readable code free from having the at least one of the one or more errors]; see also col. 4:26-38, Analysis may include, for example, checking for logic errors, syntax errors, typographical errors.... Analysis may also be directed to refactoring the code....Refactoring may correct code having design, test, or other structural flaws; see also claim 5, wherein performing a first modification of the software code includes at least one of: correcting errors in the software code; see also col. 1:5-11).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of MacDonald to automatically determine the impact of a prospective code change before implementing it because conventional practice may be cumbersome for the user, as suggested by MacDonald (see col. 1:14-22).  

With respect to claim 13, Kao discloses A system, comprising: 
at least one processor; and at least one non-transitory computer readable storage medium comprising computer readable instructions that, when executed by the at least one processor, cause the system to (e.g., Fig. 1 and associated text, e.g., [0011] The invention, in one aspect, features a system for automated secure software development management; see also [0012-13] and [0215].): 
process computer readable code [as the computer readable code is being written] in a development environment to identify one or more errors in the computer readable code, [the development environment being viewable by way of a display] (e.g., Figs. 1-2 along with associated text, e.g., [0049], For example, the security analysis module 108c can execute one or more tools to parse lines of code in one or more source code modules to identify a first set of security vulnerabilities; see also [0043] and [0050].); 
[cause at least one error of the one or more errors in the computer readable code to be displayed differently in the development environment compared to a portion of the computer readable code that is free from having the one or more errors in real-time as the code is being written in the development environment;]
identify a user profile associated with the development environment [within which the computer readable code is written] (e.g., Figs. 1-2 along with associated text, e.g., [0043], the data integration module 108d also captures security training data associated with, e.g., developers [user] and other personnel that are implementing the software application under development [computer readable code]. For example, a certain developers may have specific security training or certification, while others may not have the same level of experience or security training data can be stored in user profiles (e.g., in an HR system) [user profile associated with a development environment used to generate the computer readable code] or other types of data structures, and the data integration module 108d can retrieve this data from, e.g., an external identity provider. The security analysis module 108c can analyze the security training data associated with one or more aspects of the software application under development (e.g., by analyzing the training data for developers working on that aspect of the application) [associated with a development environment used to generate the computer readable code] and the module 108c can determine a training gap based upon the security training data.); 
search a database for user profile information indicative of a training sequence performed by a user associated with the user profile  (e.g., Figs. 1-2 along with associated text, e.g., [0043], the data integration module 108d also captures security training data associated with, e.g., developers [user] and other personnel that are implementing the software application under development. For example, a certain developers may have specific security training or certification [training sequence], while others may not have the same level of experience or skills--which could pose security risks in the context of the code base of the software application being developed. All of this security training data can be stored in user profiles (e.g., in an HR system) or other types of data structures, and the data integration module 108d can retrieve this data [searching a database for user profile information indicative of a training sequence performed by a user associated with the user profile] from, e.g., an external identity provider. The security analysis module 108c can analyze the security training data associated with one or training data for developers working on that aspect of the application).); 
identify a type of at least one of the one or more errors identified in the computer readable code (e.g., Figs. 1-2 along with associated text, e.g., [0049], the module 108c aggregates the first set of security vulnerabilities, the second set of security vulnerabilities, and the third set of security vulnerabilities into a final set of security vulnerabilities [security vulnerabilities, i.e. a type of at least one of the one or more errors identified in the computer readable code]; see also [0043] and [0050].); 
compare the type of the at least one of the one or more errors identified in the computer readable code with one or more properties associated with the training sequence (e.g., Figs. 1-2 and associated text, e.g., [0043], In a related aspect, the data integration module 108d also captures security training data associated with, e.g., developers and other personnel that are implementing the software application under development.... All of this security training data can be stored in user profiles; [0050], the security analysis module 108c can recognize one or more of the final set of security vulnerabilities [the type of at least one of the one or more errors] as critical vulnerabilities (e.g., by comparison to a vulnerability database [one or more properties associated with the training sequence]).); 
calculate a severity of the at least one error based on the comparison with the one or more properties associated with the training sequence (Id., particularly, the security analysis module 108c can recognize one or more of the final set of security vulnerabilities as critical vulnerabilities [calculating a severity of the at least one error] (e.g., by comparison to a vulnerability database [one or more properties associated with the training sequence].); 
assign a competence level to the user associated with the user profile [based on the calculated severity] (e.g., Figs. 1-2 and associated text, e.g., [0043], In a related aspect, the data integration module 108d also captures security training data associated with, e.g., developers and other personnel that are implementing the software application under development. For example, certain developers may have specific security training or certification, while others may not have the same level of experience or skills [competence level ]--which could pose security risks in the context of the code base of the software application being developed.  All of this security training data can be stored in user profiles (e.g., in an HR system).... The security analysis module 108c can analyze the security training data associated with one or more aspects of the software application under development (e.g., by analyzing the training data for developers working on that aspect of the application) and the module 108c can determine a training gap based upon the security training data.... In some cases, the security analysis module 108c can mark a training deficiency as a gating issue.); 
	generate a remediation suggestion to correct at least one of the one or more errors in the computer readable code based on the competence level (e.g., Figs. 1-2 and associated text, e.g., [0043], In a related aspect, the data integration module 108d also captures security training data associated with, e.g., developers and other personnel that are implementing the software application under development. For example, certain developers may have specific security training or certification, while others may not have the same level of experience or skills [competence level] --which could pose security risks in the context of the code base of the software application being developed.... The security analysis module 108c can analyze the security training data associated with one or more aspects of the software application under development (e.g., by analyzing the training data for developers working on that aspect of the security vulnerabilities.); and 
	[cause the remediation suggestion to be concurrently displayed with the computer readable code in the development environment, wherein the remediation suggestion comprises a comparison view of the computer readable code having the at least one of the one or more errors and a preview of the computer readable code free from having the at least one of the one or more errors, and a selectable link to correct the computer readable code in accordance with the preview of the computer readable code free from having the at least one of the one or more errors], and
	each of the one or more errors is associated with a type of security vulnerability in the computer readable code (e.g., Figs. 1-2 and associated text, e.g., [0043], the module 108c can create a development task in the software development issue tracking platform based upon the training gap (e.g., assign an experienced developer to review the source code and/or rework the source code to identify and remediate any security issues relating to the SSO implementation); [0050], the security analysis module 108c can recognize one or more of the final set of security vulnerabilities.).
	Kao does not appear to explicitly disclose as the computer readable code is being written, cause at least one error of the one or more errors in the computer readable code to be displayed differently in the development environment compared to a portion of the computer readable code that is free from having the one or more errors in real-time as the code is being written in the development environment, or within which the computer readable code is written.  However, this is taught in analogous art, Young (e.g., [0013], The GUI 24 of the first distributed source code authoring management system client 28 may include an editor window 26 in which a code file 30 may be displayed. The editor window 26 may be configured to provide real-time mark-up of the code file 30 as the user inputs code into the editor window. For example, the editor window 26 may provide mark-up such as syntax coloring, error and warning marks, brace matching, line numbers, change tracking, etc. to the text that the user inputs into the editor window).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the invention of Kao with the invention of Young because it would allow developers to immediately see when errors arise in their code which would reduce time spent debugging the code.  
Although Koa discloses assigning a competence level to the user associated with the user profile (see above), it also does not appear to explicitly disclose based on the calculated severity. However, this is taught by analogous art, Andrews (e.g., Figs. 3-5 and associated text, e.g., [0046], the severity of the bug will be reflected in the number of defective lines, to be calculated hereinafter [calculated severity]; [0047], In step 409, the measure of coding quality [competence level] is derived based on the number of defective lines of code (a defect count) relative to an evaluation of the total number of opportunities for such defects (an opportunity for defect count) [based on the calculated severity]; see also [0006] A novel system and method are 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Andrews because it will result in higher quality code, as suggested by Andrews (see [0017]).  
Kao in view of Young and Andrews does not appear to explicitly disclose cause the remediation suggestion to be concurrently displayed with the computer readable code in the development environment, wherein the remediation suggestion comprises a comparison view of the computer readable code having the at least one of the one or more errors and a preview of the computer readable code free from having the at least one of the one or more errors, and a selectable link to correct the computer readable code in accordance with the preview of the computer readable code free from having the at least one of the one or more errors. However, this is taught in analogous art MacDonald (e.g., Figs. 1-5 and associated text, e.g., FIG. 3 illustrates an exemplary embodiment of the editor GUI 200 from FIG. 2 with revised code 302. The revised code 302 may be presented in the same GUI window as the previous code [cause the remediation suggestion to be concurrently displayed with the computer readable code in the development environment]... Once satisfied, the user can decide whether to accept, e.g. with button 314, or reject the change, e.g. with button 310 [selectable link to correct the computer readable code in accordance with the preview of the computer readable code free from having the at least one of the one or more errors]; see also col. 4:26-38, Analysis may include, for example, checking for logic errors, syntax errors, typographical errors.... Analysis may also be directed to refactoring the code....Refactoring may correct code having design, test, or other flaws; see also claim 5, wherein performing a first modification of the software code includes at least one of: correcting errors in the software code; see also col. 1:5-11).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of MacDonald to automatically determine the impact of a prospective code change before implementing it because conventional practice may be cumbersome for the user, as suggested by MacDonald (see col. 1:14-22).  

With respect to claims 6 and 17, Andrews further discloses calculating a total quantity of the one or more errors in the computer readable code, wherein the competence level assigned to the user associated with the user profile is further based on the total quantity of the one or more errors in the computer readable code (e.g., Figs. 3-5 along with associated text, e.g., [0006] the number of defective lines of code is compared to a total number of opportunities to create such defects. Generally speaking, in an embodiment of the invention, a defective line of code [error] is a line of code that needs to be "changed" subsequent to drafting of a version of the code due to being erroneous; [0047], In step 409, the measure of coding quality [competence level] is derived based on the number of defective lines of code (a defect count) [calculating a total quantity of the one or more errors in the computer readable code] relative to an evaluation of the total number of opportunities for such defects (an opportunity for defect count); see also [0002], [0004-5], [0034], [0040], and [0044].).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Andrews for the same reason set forth above with respect to claims 1 and 13.

Claims 3 and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Kao in view of Young, Andrews, and MacDonald as applied to claims 1 and 13 above, and further in view of Delarue et al. (9081595 – hereinafter Delarue).

With respect to claims 3 and 15, Kao in view of Young, Andrews, and MacDonald does not appear to explicitly discloses wherein the computer readable code comprises one or more textual characters and the at least one error is caused to be displayed differently by one or more differentiation modes, the one or more differentiation modes comprising one or more of highlighting the at least one error, underlining the at least one error, changing a font of the at least one error, changing a font size of the at least one error, displaying the at least one error in a bold font, displaying the at least one error in an italicized font, or displaying the at least one error using a different color text compared to the portion of the computer readable code that is free from having the one or more errors. However, this is taught in analogous art, Delarue  (e.g., Figs. 1, 4, 7, 9, and 10-16 and associated text, e.g., col. 3:10-18, The source code window may include indications that highlight coding rules, run-time checks, and/or run-time violations that the software verification tool located in the source code. For example, the source code window may provide a particular violation indicator (e.g., a solid colored triangle) for a violation determined to be a coding rule error; col. 7:8-29, The classifications may be presented to the user in a number of possible ways, such as by changing the appearance of the code (e.g., font type, font size, font color, highlighting, etc.) based on its classification. In one example implementation, the code may be presented using a color coding scheme. For example, the code may be shown on a display in a GREEN color (code that has no errors), a RED color (code that definitely has errors in all possible dynamic execution paths), a ORANGE color (unknown or unproven error conditions and/or a mix of situations that include GREEN code in some situations and RED code in others); see also col. 10:1-40; see also col. 12:3-46; see also col. 13:17-21 and 39-46.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Delarue to “help a user to quickly identify violations and spend less time debugging the source code. For example, the exact location of a violation may be visible in the source code and/or superimposed on a source code representation, which may make it easier to locate a problem, understand a problem, and/or fix a problem,” as suggested by Delarue (see col. 10:40-46).

Claims 7 and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Kao in view of Young, Andrews, and MacDonald as applied to claims 6 and 17 above, and further in view of Menzel (9305279 – hereinafter Menzel).

	With respect to claims 7 and 18, Kao in view of Young, Andrews, and MacDonald does not appear to explicitly disclose storing the total quantity of the one or more errors in the database; and storing the type of security vulnerability associated with each of the one or more errors stored in the database, wherein the competence level assigned to the user associated with the user profile is further based on the type of security vulnerability associated with each error stored in the database.  However, this is taught by analogous art, Menzel (e.g., Figs. 2-5 and associated text, e.g., col. 8:33-49, For example, for each developer relevant to the request, the system can access a developer profile to obtain counts of violation introductions, violation removals, and churn attributed to each developer. The churn can developer scores [competence level], the system can use transformed values rather than raw counts of violation introductions, violation removals, and churn. For example, the system can transform the raw counts by normalizing or scaling the counts and using the transformed values rather than the raw counts of the violation introductions, violation removals, and churn. The system may also give more weight to some actions than others. For example, very serious violations that tend to frequently result in run-time errors can be assigned more weight than other violations that are less serious [based on the type]; see also col. 5:63-col. 6:3, The attribution engine 220 can store the attributions 235 in a collection of developer profiles 250 that stores information about each developer that has contributed to the code base 240. For example, the attribution engine 220 can store, for each developer in the developer profiles 250, data representing violation introductions attributed to the developer, violation removals attributed to the developer, and the lines of churn attributed to the developer.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Menzel because “The ranking allows an organization to immediately identify contributors having a high number of problematic contributions to a code base, which can allow individually tailored training Ranking developers can result in gamification of a project, which results in developers who are more engaged and perform at a higher level. Ranking developers can help identify contributors having a consistently low number of problematic contributions or a high number of good contributions, and these developers can be rewarded,” as suggested by Menzel (see col. 33:22-33).

Claim 8 is rejected under 35 U.S.C. 103 as being unpatentable over Kao in view of Young, Andrews, and MacDonald as applied to claim 1 above, and further in view of Kems et al. (20190164449 – hereinafter Kems).

	With respect to claim 8, Kao in view Young, Andrews, and MacDonald does not appear to explicitly disclose identifying a quantity of tasks included in the training sequence performed by the user associated with the user profile; identifying a quantity of the tasks completed free from error; and comparing a quantity of the one or more errors with the quantity of tasks completed free from error, wherein the competence level assigned to the user associated with the user profile is further based on the comparison of the quantity of the one or more errors with the quantity of tasks completed free from error. However, this is taught by Kems (e.g., Figs. 1, 5, and 7 along with associated text, e.g., [0020], 1) providing a web-based stimulus that is configured to receive input from the user and provide instruction to the user concerning a testing procedure; (2) providing an assessment web application that is configured to administer an assessment and receive a candidate submission; (3) receiving a candidate submission, injecting the candidate submission in a reference codebase, and rendering the candidate submission in a browser before capturing a plurality of screenshots of the rendered candidate submission; (4) using a mismatch generator to compare the screenshots to a design template, identify areas of difference, visually display those areas in an error color, calculate a ratio of error pixels to non -error pixels and store the result as a mismatch percentage; and (5) storing the plurality of screenshots and mismatch percentage on a remote server device. In embodiments, a score calculator may be used to calculate a final score based upon at least the mismatch percentage.).
.

Claim 9 is rejected under 35 U.S.C. 103 as being unpatentable over Kao in view of Young, Andrews, MacDonald, and Kems as applied to claim 8 above, and further in view of Kamath (20190012250 – hereinafter Kamath).

With respect to claim 9, Kao in view Young, Andrews, MacDonald, and Kems does not appear to explicitly disclose generating one or more hints to complete one of more of the tasks included in the training sequence free from error, wherein the competence level assigned to the user associated with the user profile is further based on a quantity of hints applied by the user associated with the user profile to complete the one of more tasks included in the training sequence free from error.  However, in analogous art, Kamath teaches these limitations (e.g., Figs. 1, 3, and 5-6 along with associated text, e.g., [0030] In particular embodiments, the system may present the user with the option to use one or more performance aids before, during, or after their execution of one or more iterations of the particular electronic activity. The one or more performance aids may include, for example: ... one or more hints as to how to improve their performance at the particular electronic activity.... In various embodiments, the system may automatically modify the user's self-awareness score and/or the user's performance score for the particular iteration of the particular electronic activity in response to the user choosing to use one or more of the performance aids in completing the one or more iterations of the electronic activity; see also [0086]).
.

Claims 10 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Kao in view of Young, Andrews, and MacDonald as applied to claim 1 above, and further in view of Sharma et al. (9544327 – hereinafter Sharma).

With respect to claim 10, Kao in view of Young, Andrews, and MacDonald does not appear to explicitly disclose wherein the remediation suggestion further comprises, an instruction to repeat at least a portion of the training sequence comprising one or more tasks previously performed by the user associated with the user profile, or a new training sequence generated for the user based on the competence level comprising one or more new tasks to teach the user associated with the user profile a skill associated with writing the computer readable code. However, in analogous art, Sharma teaches (e.g., Figs. 1-2, 4, 5, 8, and 10 along with associated text, e.g., ; col. 25:29-col.26:47, Such a report can be sent back to a specific user to suggest more secure practices, or it may be made available to the social network, e.g., as a list of top vulnerabilities displayed on a dashboard....Once these top vulnerability types are identified, the analysis process can correlate them, e.g., to the developers that wrote the insecure code.... An identified developer is then associated (mapped) with a particular vulnerability type for which he or she may then be responsible....Once completing the list containing the mapping (of developers to the vulnerabilities they are responsible for writing into the code), the analysis process may produce one or more recommendations, e.g., a list 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Sharma because it “helps ensure that educational budgets are not wasted on those individual that do not need additional training,” as suggested by Sharma (see col. 26:24-29).

With respect to claim 12, Kao further disclose processing the computer readable code written by the user associated with the user profile to determine a type of security critical feature the computer readable code one or more of includes or is directed to, and storing the type of security critical feature in the database; searching the database for one or more instances of the type of security critical feature  (e.g., Figs. 1-2 along with associated text, e.g., [0049], the module 108c aggregates the first set of security vulnerabilities, the second set of security vulnerabilities, and the third set of security vulnerabilities into a final set of security vulnerabilities [security vulnerabilities, i.e. a type of at least one of the one or more errors identified in the computer readable code]; [0050] In one example, the security analysis module 108c translates the security vulnerabilities into, e.g., a set of issues to be either stored in the database 110 (for retrieval by the software development issue tracking platform)... the security analysis module 108c can recognize one or more of the final set of security vulnerabilities as identifying the type of the security feature that has a greatest quantity of instances in the database, wherein the competence level is further based on the type of the security feature that has a greatest quantity of instances in the database. However, in analogous art, Sharma teaches these limitations (e.g., Figs. 1-2, 4, 5, 8, and 10 along with associated text, e.g., ; col. 25:29-col.26:47, Such a report can be sent back to a specific user to suggest more secure practices, or it may be made available to the social network, e.g., as a list of top vulnerabilities displayed on a dashboard....Once these top vulnerability types are identified, the analysis process can correlate them, e.g., to the developers that wrote the insecure code.... An identified developer is then associated (mapped) with a particular vulnerability type for which he or she may then be responsible....Once completing the list containing the mapping (of developers to the vulnerabilities they are responsible for writing into the code), the analysis process may produce one or more recommendations, e.g., a list identifying the specific developers, as well as the additional training that might be provided for those developers.... This provides the recommendation engine (or similar functionality) with additional fine-grained data by which to make educational recommendations. For example, if a particular developer is responsible for a majority of the SQLi vulnerability type check-ins, the system may recommend that this individual be moved to the top of a training list on how to spot and prevent SQL injection attacks; see also col. 4:45-51.).
.

Claim 11 is rejected under 35 U.S.C. 103 as being unpatentable over Kao in view of Young, Andrews, MacDonald, and Sharma as applied to claim 10 above, and further in view of Bastide et al. (20170076244 – hereinafter Bastide).

	With respect to claim 11, Kao in view of Young, Andrews, MacDonald, and Sharma does not appear to explicitly disclose wherein the instruction to repeat at least a portion of the training sequence is based on a determination that a time difference between a last time the user associated with the user profile completed the training sequence and a time the computer readable code was generated is greater than a predetermined threshold value.  However, this is taught by analogous art, Bastide (e.g., Fig. 2 and associated text, e.g., [0062]., The analyzing engine (214-4) may make an evaluation via determining how current a skill is for one member in relation to how current the same skill is for the other members... The analyzing engine (214-4) determines how current skill X is for each of the members.... The average time may be in days, weeks, months, years, other measurements of time, or combinations thereof. This may further be based on when the member acquired the skill X.... If skill X is outside of a specific range of the standard deviation for a specific member, the analyzing engine (214-4) determines skill X for that specific member is not current.... Since this type of evaluation may be conducted when an organization needs to identify a member with that need to update a skill, this 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Bastide so organizations can identify members that need to update their skills, as suggested by Bastide (see [0062]).

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Kao in view of Young, Andrews, and MacDonald as applied to claim 13 above, and further in view of Kems and Kamath.

	With respect to claim 19, Kao in view Young, Andrews, and MacDonald does not appear to explicitly disclose identify a quantity of tasks included in the training sequence performed by the user associated with the user profile; identify a quantity of the tasks completed free from error; compare a quantity of the one or more errors with the quantity of tasks completed free from error; and generate one or more hints to complete one of more of the tasks included in the training sequence free from error, wherein the competence level assigned to the user associated with the user profile is further based on: the comparison of the quantity of the one or more errors with the quantity of tasks completed free from error; and a quantity of hints applied by the user associated with the user profile to complete the one of more tasks included in the training sequence free from error.  However, in analogous art, Kems teaches identify a quantity of tasks included in the training sequence performed by the user associated with the user profile; identify a quantity of the tasks completed free from error; and compare a quantity of the one or more errors with the quantity of tasks completed free from error and wherein the competence level assigned to the user associated with the user profile is further based on: the comparison of the quantity of the one or more errors with the quantity of tasks completed free from error (e.g., Figs. 1, 5, and 7 along with associated text, e.g., [0020], 1) providing a web-based stimulus that is configured to receive input from the user and provide instruction to the user concerning a testing procedure; (2) providing an assessment web application that is configured to administer an assessment and receive a candidate submission; (3) receiving a candidate submission, injecting the candidate submission in a reference codebase, and rendering the candidate submission in a browser before capturing a plurality of screenshots of the rendered candidate submission; (4) using a mismatch generator to compare the screenshots to a design template, identify areas of difference, visually display those areas in an error color, calculate a ratio of error pixels to non -error pixels and store the result as a mismatch percentage; and (5) storing the plurality of screenshots and mismatch percentage on a remote server device. In embodiments, a score calculator may be used to calculate a final score based upon at least the mismatch percentage.).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Kems because what is “needed is a system that can validate skills at scale to filter applicants,” as suggested by Kems (see [0008]).
Furthermore, in analogous art, Kamath teaches generate one or more hints to complete one of more of the tasks included in the training sequence free from error and a quantity of hints applied by the user associated with the user profile to complete the one of more tasks included in the training sequence free from error. (e.g., Figs. 1, 3, and 5-6 along with 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Kamath so the training score is an accurate representation of a user’s performance during the training iterations.

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Kao in view of Young, Yawalkar et al. (20100251027 – hereinafter Yawalkar), Sharma, and MacDonald.

	With respect to claim 20, Kao discloses A method, comprising: 
	processing, by a processor, computer readable code [as the computer readable code is being written] in a development environment to identify one or more errors in the computer readable code, [the development environment being viewable by way of a display] (e.g., Figs. 1-2 along with associated text, e.g., [0049], For example, the security analysis module 108c can execute one or more tools to parse lines of code in one or more source code modules to identify a first set of security vulnerabilities; see also [0043] and [0050].); 
	[causing at least one error of the one or more errors in the computer readable code to be displayed differently in the development environment compared to a portion of the computer readable code that is free from having the one or more errors in real-time as the code is being written in the development environment;]
	identifying a user profile associated with the development environment [in which the computer readable code is written] (e.g., Figs. 1-2 along with associated text, e.g., [0043], the data integration module 108d also captures security training data associated with, e.g., developers [user] and other personnel that are implementing the software application under development [computer readable code]. For example, a certain developers may have specific security training or certification, while others may not have the same level of experience or skills--which could pose security risks in the context of the code base of the software application being developed. All of this security training data can be stored in user profiles (e.g., in an HR system) [user profile associated with a development environment used to generate the computer readable code] or other types of data structures, and the data integration module 108d can retrieve this data from, e.g., an external identity provider. The security analysis module 108c can analyze the security training data associated with one or more aspects of the software application under development (e.g., by analyzing the training data for developers working on that aspect of the application) [associated with a development environment used to generate the computer readable code] and the module 108c can determine a training gap based upon the security training data.); 
	searching a database for user profile information indicative of a training sequence performed by a user associated with the user profile (e.g., Figs. 1-2 along with associated text, e.g., [0043], the data integration module 108d also captures security training data associated security training or certification [training sequence], while others may not have the same level of experience or skills--which could pose security risks in the context of the code base of the software application being developed. All of this security training data can be stored in user profiles (e.g., in an HR system) or other types of data structures, and the data integration module 108d can retrieve this data [searching a database for user profile information indicative of a training sequence performed by a user associated with the user profile] from, e.g., an external identity provider. The security analysis module 108c can analyze the security training data associated with one or more aspects of the software application under development (e.g., by analyzing the training data for developers working on that aspect of the application); see also [0035], [0155], [0194]); 	
	identifying a knowledge level of the user associated with the user profile based on a quantity of training sessions included in the training sequence completed by the user associated with the user profile (e.g., Figs. 1-2 and associated text, e.g., [0043], In a related aspect, the data integration module 108d also captures security training data associated with, e.g., developers and other personnel that are implementing the software application under development. For example, certain developers may have specific security training or certification, while others may not have the same level of experience or skills [knowledge level of the user associated with the user profile based on a quantity of training sessions included in the training sequence completed by the user associated with the user profile] -- which could pose security risks in the context of the code base of the software application being developed.  All of this security training data can be stored in user profiles (e.g., in an HR system).... The security analysis module 108c can analyze the security training data associated with one or more aspects training data for developers working on that aspect of the application) and the module 108c can determine a training gap based upon the security training data.... In some cases, the security analysis module 108c can mark a training deficiency as a gating issue.); 
	identifying a compliance level associated with a type of security feature instructed by way of the training sessions based on a determination of whether the one or more errors match the security feature, [the compliance level being based on a quantity of the one or more errors compared to a quantity of the computer readable code that is free from having the one or more errors] (e.g., Figs. 1-2 and associated text, e.g., [0050], the security analysis module 108c can recognize one or more of the final set of security vulnerabilities [a type of security feature instructed by way of the training sessions] as critical vulnerabilities (e.g., by comparison to a vulnerability database) [based on a determination of whether the one or more errors match the security feature] and preventing a build of the software application under development from being created and/or deployed based upon the critical vulnerabilities [critical security vulnerabilities are present, i.e., a failing compliance level]; see also [0011], The server computing device deploys the software application under development to a production computing system upon determining that the security risk score satisfies a predetermined criterion; [0051] Based upon the generated security requirements and the identified security vulnerabilities as described above, the security modeling engine 108f generates (210) a security risk score; see also [0012-13]; see also [0062]-[0213] for a detailed explanation of how the security risk score is calculated.); 
	[causing a graphical user interface indicative of the knowledge level and the compliance level to be output by a display; the display;] and 
	causing a remediation suggestion to be output by the display, the remediation suggestion being based on the competence level, wherein each of the one or more errors is associated with a type of security vulnerability in the computer readable code, [the remediation suggestion is caused to be concurrently displayed with the computer readable code in the development environment] (e.g., Figs. 1-2 and associated text, e.g., [0043], In a related aspect, the data integration module 108d also captures security training data associated with, e.g., developers and other personnel that are implementing the software application under development. For example, certain developers may have specific security training or certification, while others may not have the same level of experience or skills [competence level] --which could pose security risks in the context of the code base of the software application being developed.... The security analysis module 108c can analyze the security training data associated with one or more aspects of the software application under development (e.g., by analyzing the training data for developers working on that aspect of the application) and the module 108c can determine a training gap based upon the security training data.... As a result, the module 108c can create a development task in the software development issue tracking platform based upon the training gap (e.g., assign an experienced developer to review the source code and/or rework the source code to identify and remediate any security issues relating to the SSO implementation) [the remediation suggestion being based on the competence level]; [0050], the security analysis module 108c can recognize one or more of the final set of security vulnerabilities; see also [0024] and [0218].) and [the remediation suggestion comprises a comparison view of the computer readable code having the at least one of the one or more errors and a preview of the computer readable code free from having the at least one of the one or more errors; a selectable link to correct the computer readable code in accordance with the preview of ; and
	[an instruction to repeat at least a portion of the training sequence comprising one or more tasks previously performed by the user associated with the user profile, or a new training sequence generated for the used based on one or more of the knowledge level or the competence level comprising one or more new tasks to teach the user associated with the user profile a skill associated with generating the computer readable code].
	Kao does not appear to explicitly disclose as the computer readable code is being written, causing at least one error of the one or more errors in the computer readable code to be displayed differently in the development environment compared to a portion of the computer readable code that is free from having the one or more errors in real-time as the code is being written in the development environment, or within which the computer readable code is written.  However, this is taught in analogous art, Young (e.g., [0013], The GUI 24 of the first distributed source code authoring management system client 28 may include an editor window 26 in which a code file 30 may be displayed. The editor window 26 may be configured to provide real-time mark-up of the code file 30 as the user inputs code into the editor window. For example, the editor window 26 may provide mark-up such as syntax coloring, error and warning marks, brace matching, line numbers, change tracking, etc. to the text that the user inputs into the editor window).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the invention of Kao with the invention of Young because it would allow developers to immediately see when errors arise in their code which would reduce time spent debugging the code.  
	Although Kao discloses the compliance level (see above, it does not appear to explicitly disclose the compliance level being based on a quantity of the one or more errors compared to a quantity of the computer readable code that is free from having the one or more errors and causing a graphical user interface indicative of the knowledge level and the compliance level to be output by a display.  However, in analogous art, Yawalkar teaches the compliance level being based on a quantity of the one or more errors compared to a quantity of the computer readable code that is free from having the one or more errors and causing a graphical user interface indicative of [the knowledge level and] the compliance level to be output by a display (e.g., Figs. 1-2, 5, and 7-12 along with associated text, e.g., [0051] PQI generation facility 550 may be configured to generate a product quality index corresponding to a software instance. The product quality index may indicate a quality level of the software instance compared to a substantially "defect-free" or "perfect" software instance. The product quality index will be described in more detail below [the compliance level being based on a quantity of the one or more errors compared to a quantity of the computer readable code that is free from having the one or more errors]; [0080], FIG. 8 illustrates a GUI 800 that may be generated and displayed by PQI generation facility 550 and that is configured to graphically depict a comparison of quality levels of a plurality of releases of a software instance; see also [0069]-[0077]).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to incorporate the invention of Yawalkar because it “may be useful in determining which module merits the most attention by the software developers,” as suggested by Yawalkar (see [0081]).
indicative of the knowledge level or the remediation comprising an instruction to repeat at least a portion of the training sequence comprising one or more tasks previously performed by the user associated with the user profile, or a new training sequence generated for the used based on one or more of the knowledge level or the competence level comprising one or more new tasks to teach the user associated with the user profile a skill associated with generating the computer readable code.  However, in analogous art, Sharma teaches these limitations (e.g., Figs. 1-2, 4, 5, 8, and 10 along with associated text, e.g., col. 25:29-col.26:47, Such a report can be sent back to a specific user to suggest more secure practices, or it may be made available to the social network, e.g., as a list of top vulnerabilities displayed on a dashboard....Once these top vulnerability types are identified, the analysis process can correlate them, e.g., to the developers that wrote the insecure code.... An identified developer is then associated (mapped) with a particular vulnerability type for which he or she may then be responsible....Once completing the list containing the mapping (of developers to the vulnerabilities they are responsible for writing into the code), the analysis process may produce one or more recommendations, e.g., a list identifying the specific developers, as well as the additional training that might be provided for those developers.... This provides the recommendation engine (or similar functionality) with additional fine-grained data by which to make educational recommendations. For example, if a particular developer is responsible for a majority of the SQLi vulnerability type check-ins, the system may recommend that this individual be moved to the top of a training list on how to spot and prevent SQL injection attacks; see also col. 4:45-51.).

Kao does not appear to explicitly disclose the remediation suggestion is caused to be concurrently displayed with the computer readable code in the development environment and the remediation suggestion comprises a comparison view of the computer readable code having the at least one of the one or more errors and a preview of the computer readable code free from having the at least one of the one or more errors; a selectable link to correct the computer readable code in accordance with the preview of the computer readable code free from having the at least one of the one or more errors.  However, this is taught in analogous art MacDonald (e.g., Figs. 1-5 and associated text, e.g., FIG. 3 illustrates an exemplary embodiment of the editor GUI 200 from FIG. 2 with revised code 302. The revised code 302 may be presented in the same GUI window as the previous code [the remediation suggestion is caused to be concurrently displayed with the computer readable code in the development environment]... Once satisfied, the user can decide whether to accept, e.g. with button 314, or reject the change, e.g. with button 310 [selectable link to correct the computer readable code in accordance with the preview of the computer readable code free from having the at least one of the one or more errors]; see also col. 4:26-38, Analysis may include, for example, checking for logic errors, syntax errors, typographical errors.... Analysis may also be directed to refactoring the code....Refactoring may correct code having design, test, or other structural flaws; see also claim 5, wherein performing a first modification of the software code includes at least one of: correcting errors in the software code; see also col. 1:5-11).
.

Conclusion
	The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. Specifically, Muslu et al. “Speculative Analysis of Integrated Development Environment Recommendations” teaches presenting an analysis of source code error corrections in an integrated development environment.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to STEPHEN DAVID BERMAN whose telephone number is (571)272-7206.  The examiner can normally be reached on M-F, 9-6 Eastern.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hyung S. Sough can be reached on 571-272-6799.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated 

/STEPHEN D BERMAN/Examiner, Art Unit 2192 

/S. SOUGH/SPE, Art Unit 2192