DETAILED ACTION
Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicants' submission filed on March 29, 2021 has been entered.
Claims 1, 10 and 12 have been amended.
Claims 1-10 and 12-14 have been examined and are pending.

Response to Arguments
Applicants have argued that the cited art does not teach or render obvious certain features recited by the amended independent claims (Remarks, pgs. 7-12). Applicants' arguments have been fully considered but are moot in view of the new ground(s) of rejection as set forth below.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

Claims 1-10 and 12-14 are rejected under 35 U.S.C. 103 as being unpatentable over US 5,758,061 - hereinafter "Plum", in view of US 20170103013 A1 - hereinafter "Grechanik", and in view of US 9852290 B1 - hereinafter "Kirk".

With respect to claim 1, Plum teaches,
A method for recognizing a weak point in an original program using a test program, the original program being configured to perform a predetermined function on input data when executed in a predetermined runtime environment and the test program being configured to execute the same predetermined function on the input data when executed in the same predetermined runtime environment as the original program, - "FIG. 1 shows an example computer system 50 (runtime environment) that can be used to perform the software testing techniques provided by the present invention."  (col. 4:62-64; Fig. 1). "As discussed above, it is often commercially important to verify that all (or almost all) parts of a program have been executed during testing. In order to assist with this purpose, the machine embodied in this example reads on its input (e.g., a diskette) a source program (original program) (e.g. "example1.c") written in a programming language (e.g., C, C++, Java, Visual Basic, etc.). This machine writes onto its output (e.g., again a diskette) a modified version (test program) of the source program "example1.c", a version which will perform the same computation as "example1.c" but which will in addition create a record of the parts of the "example1.c" program which have been executed during testing." (col. 9:12-23); wherein the test program is a copy of the original program and is configured to perform all the functions of the original program, - "This machine writes onto its output (e.g., again a diskette) a modified version (test program) of the source program "example1.c", a version which will perform the same computation as "example1.c" but which will in addition create a record of the parts of the "example1.c" program which have been executed during testing. This new version of the program is known as the "instrumented version" (test program). The instrumented version duplicates the logic of the original program but also includes additional code to record when each portion of the program has been executed." (col. 9:18-27) wherein the only difference between the original program and the test program is that the test program additionally includes testing functions not included in the original program, - "The instrumented version duplicates the logic of the original program but also includes additional code to record when each portion of the program has been executed." (col. 9:24-27)
obtaining a test information characterizing the execution of the test program from the testing functions; and - "For each execution, the instrument code inserted by the instrumentation process causes coverage results to be generated and stored." (Abstract)
Plum does not explicitly teach executing the original program and the test program in parallel on identical input data in the predetermined runtime environment; 
However, in analogous art for software testing, Grechanik teaches:
"The modified SUT (test program) and the SUT (original program) may then run 218 in parallel." [0051]; Fig. 2. "The modified SUT is executed independently of and in parallel to running the original version of the application (i.e., SUT) with the same input/configuration settings." [0015][0083]; Fig. 6
It would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to implement Plum with Grechanik's teachings because doing so would provide Plum's system with the ability to reduce the costs of engineering software products, as suggested by Grechanik [0002].
determining whether the original program has a weak point based on a comparison of the test information with a predetermined weak point information indicating conditions for recognizing weak points.
However, in analogous art for software testing, Kirk teaches:
"Reverse engineering to determine effects of executing the malware may enable discovery of particular security vulnerabilities (weak points) targeted by the malware and may enable detection of the malware." (col. 1:17-20)
"The method 500 may further include executing the software component (test program) in the target operating system on the virtual machine, at 506." (col. 13:16-18; Fig. 5)
"The method 500 may also include generating data indicating effects of executing the software component on the virtual machine, at 508. For example, the sensor layer 152, the virtual machine 154, or both, of FIG. 1 may generate the behavior data 124 (test information) indicating the effects of executing the software component 150 on the virtual machine 154, as further described with reference to FIG. 1." (col. 13:22-28; Fig. 5)
"The method 700 may include comparing the data to information in a database, at 702. For example, the data analyzer 146 of FIG. 1 may compare the behavior data 124 to information (e.g., the correlation analysis data 128) (predetermined weak point information) from the database 108, as further described with reference to FIG. 1." (col. 14:13-18; Fig. 7)
"The method 700 may also include identifying similar effects of executing the first software component (test program) and a second software component (original program) based on the comparison of the data to the information in the database, at 704, identifying distinct effects of executing the first software component and the second software component based on the comparison of the data to the information in the database, at 706, and generating second data indicating the similar effects and the distinct effects, at 708." (col. 14:19-27; Fig. 17). Thus, the second data would indicate that the second software component (original program) contains security vulnerabilities (weak points).
It would have been obvious for one of ordinary skill in the art before the effective filing date of the invention to implement Plum and Grechanik with Kirk's teachings because doing so would provide Plum/Grechanik's system with the ability to mitigate security vulnerabilities of a system, as suggested by Kirk (col. 18:13-16).

With respect to claim 2, Grechanik teaches,
wherein the original program and the test program are executed independently from each other. - "For purposes of this application, the software application is referred to as "software under test" or "SUT" (original program) and the modified version referred to as "modified SUT" (test program) or "modifiable SUT". The modified SUT is executed independently of and in parallel to running the original version of the application (i.e., SUT) with the same input/configuration settings." [0015]

With respect to claim 3, Plum teaches,
wherein the testing functions include logging events occurring when executing the test program to obtain log entries as the test information. - "This machine writes onto its output (e.g., again a diskette) a modified version (test program) of the source program "example1.c", a version which will perform the same computation as "example1.c" but which will in addition create a record of the parts of the "example1.c" program which have been executed during testing. This new version of the program is known as the "instrumented version" test program). The instrumented version duplicates the logic of the original program but also includes additional code to record when each portion of the program has been executed." (col. 9:18-27)

With respect to claim 4, Kirk teaches,
monitoring the log entries to recognize a weak point of the original program. - "The method 500 may also include analyzing the generated data, at 512. For example, the data analyzer 146 may analyze the behavior data 124, as further described with reference to FIG. 1." (col. 13:35-38; Fig. 13)

With respect to claim 5, Plum teaches,
wherein the test information comprises at least: ...an exception occurring when executing the test program; - "When the diagnostic version of the program executes, the instrument code may provide error condition indications of exceptional control paths being taken by the program. These indications may provide important information or clues as to why the program is behaving abnormally or unexpectedly." (col. 4:24-29)

With respect to claim 6, Kirk teaches,
providing a user with a warning information indicating that a weak point has been recognized if it is determined that the original program has a weak point. - "For example, the analysis manager 144 may send the analysis data 130 indicating the behavior data 124 to the client system(s) 102." (col. 6:20-22). "For example, the behavior data 124 may indicate a particular set of effects of executing the software component 150." (col. 9:59-61)

With respect to claim 7, Kirk teaches,
wherein the steps of obtaining a test information and of determining whether the original program has a weak point are performed by the test program. - "The method 500 may further include executing the software component (test program) in the target operating system on the virtual machine, at 506." (col. 13:16-18; Fig. 5). "The method 500 may also include generating data indicating effects of executing the software component on the virtual machine, at 508. For example, the sensor layer 152, the virtual machine 154, or both, of FIG. 1 may generate the behavior data 124 (test information) indicating the effects of executing the software component 150 on the virtual machine 154, as further described with reference to FIG. 1." (col. 13:22-28; Fig. 5). "The method 700 may include comparing the data to information in a database, at 702. For example, the data analyzer 146 of FIG. 1 may compare the behavior data 124 to information (e.g., the correlation analysis data 128) (predetermined weak point information) from the database 108, as further described with reference to FIG. 1." (col. 14:13-18; Fig. 7). "The method 700 may also include identifying similar effects of executing the first software component (test program) and a second software component (original program) based on the comparison of the data to the information in the database, at 704, identifying distinct effects of executing the first software component and the second software component based on the comparison of the data to the information in the database, at 706, and generating second data indicating the similar effects and the distinct effects, at 708." (col. 14:19-27; Fig. 17). Thus, the second data would indicate that the second software component (original program) contains security vulnerabilities (weak points).

With respect to claim 8, Plum teaches,
updating at least one of...the test program in view of a recognized weak point. - "When the diagnostic version of the program executes, the instrument code may provide error condition indications of exceptional control paths being taken by the program. These indications may provide important information or clues as to why the program is behaving abnormally or unexpectedly." (col. 4:24-29)

With respect to claim 9, Plum teaches,
wherein the original program and the test program are stored on a same hardware entity. - "FIG. 1 shows an example computer system 50 that can be used to perform the software testing techniques provided by the present invention."  (col. 4:62-64; Fig. 1).

With respect to claim 10, Plum teaches,
A computer program product, comprising a non-transitory computer readable hardware storage device having computer readable program code stored therein, said program code executable by a processor of a computer system to implement a test program for recognizing a weak point in an original program, the original program being configured to perform a predetermined function on input data when executed in a predetermined runtime environment, wherein the test program is a copy of the original program and is configured to perform all the functions of the original program, wherein the only difference between the original program and the test program is that the test program additionally includes testing functions not included in the original program, the test program being configured:


With respect to claim 12, Plum teaches,
A device for recognizing a weak point in an original program using a test program, the original program being configured to perform a predetermined function on input data when executed in a predetermined runtime environment and the test program being configured to execute the same predetermined function on the input data when executed in the same predetermined runtime environment as the original program, wherein the test program is a copy of the original program and is configured to perform all the functions of the original program, wherein the only difference between the original program and the test program is that the test program additionally includes testing functions not included in the original program, the device comprising:
These limitations are rejected for the same reasons given for analogous claim 1.

With respect to claim 13, Plum teaches,
The device according to claim 12, which is configured to execute a method, comprising:
These limitations are rejected for the same reasons given for analogous claim 12.

With respect to claim 14, Plum teaches,
A computer program product, comprising a non-transitory computer readable hardware storage device having computer readable program code stored therein, said program code executable by a processor of a computer system to implement a method, comprising a program code for executing the method according to claim 1.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GEOFFREY R ST LEGER whose telephone number is (571)270-7720.  The examiner can normally be reached on M-F (IFP) ~9:00-5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hyung S Sough can be reached on 571-272-6799.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.