DETAILED ACTION

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

1.  This Final Office Action is in response to amendment filed on 05/25/2021.
	Claims 1-7, 9-16, 18-25 and 27-28, have been amended. Claims 1-28 remain pending in the application.

Response to Amendment

The amendment filed 05/25/2021 has been entered. Claims 1-7, 9-16, 18-25 and 27-28 have been amended. Claims 1-28 remain pending in the application. 
Applicant amendment to the Specification have overcome the objections previously set forth in the Non-Final Office Action mailed on 03/18/2021. The objection has been withdrawn in view of the amended specification.
Applicant amendment to claims 1-3, 5, 6, 10-12, 14, 16, 19-21, 23, 24 and 28 have overcome the 35 U.S.C § 112(b) rejection previously set forth in the Non-Final Office Action mailed on 01/28/2021. The rejection has been withdrawn in view of the amended claim.


Response to Arguments

Regarding Applicant’s arguments, on pages 14-17 of the remark filed on 05/25/2021, on the newly added limitations of claims 1: “storing in a vulnerability database records of security vulnerabilities identified in execution of at least a first version of the program”, “detecting a further security vulnerability at a given location in a subsequent execution of a second version of the program, developed subsequently to the first version; 
Newly added limitations of claim 10: “store a vulnerability database containing records of security vulnerabilities identified in execution of at least a first version of the program”, “which is configured to detect a further security vulnerability at a given location in a subsequent execution of a second version of the program, developed subsequently to the first version,” 
Newly added limitations of claim 19: “cause the computer to store a vulnerability database containing records of security vulnerabilities identified in execution of at least a first version of the program”, “wherein the instructions cause the computer to detect a further security vulnerability at a given location in a subsequent execution of a second version of the program, developed subsequently to the first version,” 
and the newly added limitations of Claim 28: “storing in a vulnerability database records of security vulnerabilities identified in execution of at least a first version of the program”, “detecting a further security vulnerability at a given location in a subsequent execution of a second version of the program, developed subsequently to the first version” arguments is persuasive.
Therefore, the 35 U.S.C. 103 rejection over Williams U.S Pub. No. 20170250972 in view of Sheridan U.S Pub. No. 20140283081 has been withdrawn. However, upon further consideration, a new ground(s) of rejection is made under 35 U.S.C. § 103 in view of the following prior art: Toback U.S Pub. No. 20140173737 in further view of Makowski U.S Pub. No. 20170019422, in conjunction with Williams U.S Pub. No. 20170250972 and Sheridan U.S Pub. No. 20140283081. Please refer to the 35 U.S.C. 103 section below for a detailed explanation. 
	For the reasons stated above and the new ground(s) of rejection under 35 U.S.C. 103 below, Examiner respectfully disagrees with Applicant’s argument, see Applicant’s Remarks Page 13-17, regarding allowance of the application. Examiner asserts that claims 1-28 are rejected for the reasons stated above in conjunction with the new ground(s) of rejection under 35 U.S.C. 103 below.


Claim Rejections - 35 USC § 103

The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action: 
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of 
Claims 1-5, 7-15, 17-23, and 25-28 is/are rejected under 35 U.S.C. 103 as being unpatentable over Williams et al. (U.S Pub. No. 20140165204, hereinafter referred to as “Williams"), Toback et al. (U.S Pub. No. 20140173737, hereinafter referred to as "Toback") and Makowski et al. (U.S Pub. No. 20170019422, hereinafter referred to as "Makowski”) in further view of Sheridan et al. (U.S Pub. No. 20140283081, hereinafter referred to as "Sheridan")

	Regarding independent Claim 1 (Currently Amended), Williams teaches a method for testing a software application program, comprising: (0002 "field of vulnerability detection and testing in computer systems.") (0004 "detecting the presence of vulnerabilities in a software application.")
	each record comprising a location field containing a respective signature indicative of a location in the execution at which a corresponding security vulnerability was detected and a metadata field indicative of a respective control flow path on which the corresponding security vulnerability occurred; (Fig. 8 label 800- 802"<context>" and "method name"; trace (record) location field  (URL) of security vulnerability, event field (respective signature);( Par. (0116) "the vulnerability detection system 200 can have the full runtime information along with the location of the problem in the code of the application) (Par. (0034) "The tracking module 240 collects the generated event indicators from the application 230 in a database and analyses the stored indicators for the presence of vulnerabilities. The analysis may be performed during the execution of the application"; Event indicator serves as an identifier or signature of the location in which the vulnerability was detected) Fig. 8, and par. 88 Stack 803; serves as the control flow path; (Par. (0075) "The event indicators that are related to control flow or scope can also be tracked, but because there is no associated data with these the event indicators, these types of events can be tracked using the current thread of execution)
	outputting an indication to a developer of the program of an occurrence of a new security vulnerability.  (Par. (0111) "the vulnerability detection system 200 
	However Williams does not explicitly teach storing in a vulnerability database records of security vulnerabilities identified in execution of at least a first version of the program,
	Wherein Toback teaches storing in a vulnerability database records of security vulnerabilities identified in execution of at least a first version of the program (Par. (0053) “The vulnerability database 520 stores vulnerability data for vulnerability database storing record (data) for software components), (Par. (0052) “software components includes one or more of the software component vendor, component name, and version number in a uniform manner to uniquely and consistently identify each software component and track known vulnerabilities. For example, the NVD identifies a component by its vendor, component name, major component version, minor version, and update”; software component corresponding to a first version of program), (Par. (0020) : Alternatively, or additionally, the vulnerability score may reflect multiple versions of a software product, e.g. all versions of a product.”; multiple versions of software program (product), (Par. (0043) “the computer may present an alternative software component or version of the software component within the active task. The user, in response, has the option of replacing the vulnerable software component correlating to multiple versions of software))
	Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Toback to the process of testing software application programs by correlating security vulnerabilities based on location and signature to the detected metadata on a control flow path and outputting an indication to the developer about a new occurrence of a security vulnerability teachings of Williams because of the analogous concept of protecting and preventing harm of malware attacks on software application by detecting security vulnerabilities before it affects devices on a computer system. Toback includes a process of storing in a vulnerability database records pertaining to a security vulnerability that correlates to a version of software on the program, this identifies early to the developers of software known security vulnerabilities that can be detected at a later time. By storing these vulnerabilities in a database that records the specific malware attack on a software version, it will allow developers to be able to track over the lifecycle of a software application new or reoccurring security vulnerabilities.

	However Williams and Toback does not explicitly teach detecting a further security vulnerability at a given location in a subsequent execution of a second version of the program, developed subsequently to the first version 
	Wherein Makowski teaches detecting a further security vulnerability at a given location in a subsequent execution of a second version of the program, developed subsequently to the first version (Par. (Abstract) “ identifying and preventing vulnerability exploitation is provided. [..] comparing a first version of a software module with a second version of a software module.”; detecting (identifying) vulnerability of second version of software subsequently to the first version), (Par. (0028) “ if vulnerable versions of software exist, e.g. vulnerable version of a web browser, and if the vulnerability is known, then a patch, or revised version of the software, may also exist. In such embodiments, the vulnerable version of the software is compared [..] detecting exploitative attacks on the vulnerabilities.”; detecting vulnerabilities of versions of software), (Par. (0060) “the original software application version. If a new vulnerability in the original version is discovered, the source, e.g. Microsoft, issues (505) an updated version. e.g. a software patch. A server, e.g. a server running VulnDiff, then compares (507) the updated software patch with the unpatched software application version. In some embodiments, the differences between the two versions basically represent the fix for the vulnerability”.; second software version developed subsequently to first software version), (Par. (0064) “If while opening the PDF, a breakpoint is hit (the breakpoint being set at a known vulnerability in a vulnerable version of the software program opening the PDF), SymFW will evaluate the PDF file itself against a set of symbolic constraints generated by VulnDiff,”; vulnerability at given location (breakpoint), (Figure 5 labels 501, 503, 505 and “discovery of new vulnerability”; given location of detecting security vulnerability) 
	Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Makowski to the process of testing software application programs by correlating security vulnerabilities based on location and signature to the detected metadata on a control flow path and outputting an 

	However Williams, Toback and Makowski do not explicitly teach computing a new signature of the given location and comparing the new signature to the location field of the records in the database, and when no record is found to match the new signature,
Wherein Sheridan teaches computing a new signature of the given location and comparing the new signature to the location field of the records in the database (Par. (0043) "a signature of a potential vulnerability of the source code is generated. Signatures of one or more potential vulnerabilities may be generated." (Par. 
and when no record is found to match the new signature, (Par. (0007) "When it is determined that the generated signature does not match a previously stored signature, the potential vulnerability the potential vulnerability may be characterized as having the generated signature as a new vulnerability.)
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Sheridan to the process of testing software application programs by correlating security vulnerabilities based on location and signature to the detected metadata on a control flow path and outputting an indication to the developer about a new occurrence of a security vulnerability teachings of Williams, a process of storing in a vulnerability database records pertaining to a 
The motivation to combine these references is because Sheridan provides a secure and trusted method for software developers to strengthen and combat various 

Regarding dependent Claim 2 (Currently Amended), the combination of Williams, Toback, Makowski and Sheridan teach the method of claim 1, Williams further teaches the method according to claim 1, and comprising adding a new record to the vulnerability database with respect to the new security vulnerability. (Par. 111 Any vulnerability discovered would be logged as part of the testing results.) (Par.89 "the tracking module 240 analyzes the stored event indicators and detects any possible vulnerabilities based on the analysis. If at least one vulnerability is detected (step 955), the tracking module 240 generates at least one trace related to the vulnerability; new trace (record) with respect to new vulnerability; new trace (record) to the database for new vulnerability).

Regarding dependent Claim 3 (Currently Amended), the combination of Williams, Toback, Makowski do not explicitly teach the method of claim 1, Williams further teaches the method according to claim 1, and comprising: extracting metadata with respect to the a further control flow path on which the further security vulnerability occurred; and when the new signature is found to match the respective signature of a given record in the vulnerability database, comparing the extracted metadata to the metadata field in the given record in order to classify the further security vulnerability as a recurrent or new security vulnerability. 
Wherein Sheridan teaches the method according to claim 1, and comprising: extracting metadata with respect to a further control flow path on which the further security vulnerability occurred; (Par. (0036) "The metadata collector 223 may collect various information about one or more nodes associated with a detected vulnerability"; data collected on nodes on a control flow path when identified with vulnerability.)
and when the new signature is found to match the respective signature of a given record in the vulnerability database, comparing the extracted metadata to the metadata field in the given record in order to classify the further security vulnerability as a recurrent or new security vulnerability. (Figure 5 label 504 Par. (0059) "For example, each generated signature may be compared to all of the previously stored signatures. If the generated signature is identical to or substantially similar to at least one of the previously stored signatures, then it may be determined that the generated signature matches the previously stored signatures. If there is not a match, then processing continues to operation 506, where it is determined that a new vulnerability is detected. If there is a match, then processing continues to operation 508, where it is determined that the vulnerability is a duplicate.")
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Sheridan to the process of testing software application programs by correlating security vulnerabilities based on location and signature to the detected metadata on a control flow path and outputting an indication to the developer about a new occurrence of a security vulnerability teachings of Williams, a process of storing in a vulnerability database records pertaining to a security vulnerability that correlates to a version of software on the program teachings of 
The motivation to combine these references is because to address the issue of vulnerabilities the software developers need fast efficient solutions, to do so the organization and classification of each vulnerability is essential so that repeat problems detected later on will not come as a surprise and newer vulnerabilities can be addressed allow fluid movement and efficiency in the software making it easier for the software developers in return.

Regarding dependent Claim 4 (Currently Amended), the combination of Williams, Toback, Makowski do not explicitly teach the method according to claim 3, wherein the metadata field in each record contains a hash computed over the location, the respective control flow path, and a type of the corresponding security vulnerability, and wherein comparing the extracted metadata comprises computing the hash for the further security vulnerability, and matching the computed hash to the hash in the given record.
Wherein Sheridan teaches the method according to claim 3, wherein the metadata field in each record contains a hash computed over the location, the respective control flow path, and a type of the corresponding security vulnerability, (Par. (0053) "For example, the signature generator 224 may apply a hash function to the metadata and use the output of the hash function as the signature.) (Par. (0022) "then the SCA engine generates a hash of all the collected meta-data. This resulting hash of meta-data represents the unique signature of the vulnerability. This unique signature is generated using contextual information that will persist over the lifetime of the application unless the codebase containing the vulnerability dramatically 
and wherein comparing the extracted metadata comprises computing the hash for the further security vulnerability, and matching the computed hash to the hash in the given record. (Par. (0084) "All of this information is then hashed together and represents the vulnerability signature. If a subsequent scan matches the hash value, then the SCA engine has high confidence that it is dealing with the same vulnerability in the same contextually similar location in code.).
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Sheridan to the process of testing 


Regarding dependent Claim 5 (Currently Amended), the combination of Williams, Toback, Makowski teach the method of claim 1, Williams further teaches indicating to the developer of the program that the corresponding security vulnerability has been resolved.
However Williams, Toback, and Makowski do not explicitly teach the method according to claim 1, and comprising: traversing, in the subsequent execution of the program, a further location at which no security vulnerability is detected; computing a further signature of the further location and comparing the further signature to the location field of the records in the vulnerability database; and when one of the records is found to match the new signature,
the method according to claim 1, and comprising: traversing, in the subsequent execution of the program, a further location at which no security vulnerability is detected; (Par. 0050 "If no vulnerability is detected, in some embodiments, the traverser may continue to search for vulnerabilities, whereas in other embodiments, the process may end if the traverser has finished traversing the representation of the source code.")
 computing a further signature of the further location and comparing the further signature to the location field of the records in the vulnerability database; (Par. (0043) "a signature of a potential vulnerability of the source code is generated. Signatures of one or more potential vulnerabilities may be generated.") (Par. (0037) "The signature generator 224 may use the collected metadata in one or more of a variety of ways so as to generate a unique signature associated with the vulnerability") (Par. (0038) "Correlating the generated signature with previously stored signatures may include comparing the signatures with one another to determine whether they are identical or are substantially similar to one another."; new signature is compared to the signature in the database) (Par. (0038) "Correlating the generated signature with 
 and when one of the records is found to match the new signature, (Par. 0061 "If it is determined that previously stored signatures exist but there is no corresponding new signature, then it may be determined that the vulnerability associated with the previously stored generator has been fixed or removed as a result of revisions to the source code used to generate the previously stored signatures").
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Sheridan to the process of testing software application programs by correlating security vulnerabilities based on location 

Regarding dependent Claim 7 (Currently Amended), the combination of Williams, Toback, Makowski teaches the method of claim 1, Williams further teaches the method according to claim 1, wherein the respective control flow path in the metadata field is identified by at least a source and a sink of data processed at the location of the corresponding security vulnerability. (Par. (0029) "to identify is the flow of untrusted data from its entry point, known as a "source," to a vulnerable Application Programming Interface (API); identified source address (control flow path), (Figure 14 "Jsp Writerlmpl.line 21"; signifies the location of the identified vulnerability in the URL (location) . (Par. (0096) "For example, the summary section 1401 can include a 

Regarding dependent Claim 8 (Original), the combination of Williams, Toback, Makowski teaches the method of claim 1, Williams further teaches the method according to claim 1, wherein the location at which each of the security vulnerabilities was found to occur corresponds to a request submitted to a server running the program,  (Par. (0052) Other important types of active sensors may include monitors for HTTP requests and responses and application server configuration. HTTP request and response sensors capture the HTTP traffic either received at or transmitted from the application server. HTTP response and request sensors may then analyze the captured HTTP traffic for vulnerabilities.), (Par. (0103) "When the application handles a replay of an HTTP request associated with a previously discovered vulnerability, but the vulnerability is no longer present, some implementations may identify that the vulnerability has been fixed. If the HTTP request is very similar to the original request, the remediation can be detected with a single 
and wherein the request is normalized by replacing variable parameters in the request with constant placeholders prior to computing the respective signature. (Figure 8 Java object <parameter types> replaced with placeholders)(Par. (0088) "This data 802 can include input parameters, output values, and stack 803) (Par. (0088) "The trace 800 includes one or more the event fields 801 associated with event indicators received from the instrumented application; event field contains respective signature (event indicator) prior to the execution of the vulnerability test).

Regarding dependent Claim 9 (Currently Amended), the combination of Williams, Toback, Makowski teaches the method of claim 1, Williams further teaches the method according to claim 1, and comprising, prior to the execution of the program, instrumenting the program with instructions configured to detect the security vulnerabilities and output the location and metadata with respect to the respective control flow path of each of the security vulnerabilities. (Par. (0033) "The vulnerability detection system 200 inserts software sensors into each of the methods designated by the events in the security rules-a process referred to as "instrumentation."; prior to the executions sensors instructed to detect vulnerabilities).
Regarding independent Claim 10 (Currently Amended), Williams teaches apparatus for testing a software application program, comprising: a memory, which is configured to (0002 "field of vulnerability detection and testing in computer systems.") (0004 "detecting the presence of vulnerabilities in a software application.") (Par. (0118) the system 2000 can be included in the application server 102 executing the vulnerability detection system 200. The system 2000 includes a processor 2010, a memory 2020, a storage device 2030"; Figure 20 label 2000 is the apparatus) (Figure 20 label 2020; memory),
each record comprising a location field containing a respective signature indicative of a location in the execution at which a corresponding security vulnerability was detected and a metadata field indicative of a respective control flow path on which the corresponding security vulnerability occurred; and a processor, which is configured to (Fig. 8 label 800- 802"<context>" and "method name"; trace (record) location field  (URL) of security vulnerability, event field (respective signature);( Par. (0116) "the vulnerability detection system 200 can have the full runtime information along with the location of the problem in the code of the application) (Par. (0034) "The tracking module 240 collects the generated event indicators from the application 230 in a database and analyses the stored indicators for the presence of vulnerabilities. The analysis may be performed during the execution of the application"; Event indicator serves as an identifier or signature of the location in which the vulnerability was detected) Fig. 8, and par. 88 Stack 803; serves as the control flow path; (Par. (0075) "The event indicators that are related to control flow or scope can also be tracked, but because there is no associated data with these the event indicators, these types of events can be tracked using the current thread of execution) (Figure 20 label 2010; processor),
to output an indication to a developer of the program of an occurrence of a new security vulnerability. (Par. (0111) "the vulnerability detection system 200 would be accessible directly from the developer's integrated development environment (IDE) 
However Williams does not explicitly teach store a vulnerability database containing records of security vulnerabilities identified in execution of at least a first version of the program,
Wherein Toback teaches store a vulnerability database containing records of security vulnerabilities identified in execution of at least a first version of the program, (Par. (0053) “The vulnerability database 520 stores vulnerability data for software components. In one embodiment the vulnerability database 520 is an externally maintained database, such as the NVD. Alternatively, the vulnerability vulnerability database storing record (data) for software components), (Par. (0052) “software components includes one or more of the software component vendor, component name, and version number in a uniform manner to uniquely and consistently identify each software component and track known vulnerabilities. For example, the NVD identifies a component by its vendor, component name, major component version, minor version, and update”; software component corresponding to a first version of program), (Par. (0020) : Alternatively, or additionally, the vulnerability score may reflect multiple versions of a software product, e.g. all versions of a product.”; multiple versions of software program (product), (Par. (0043) “the computer may present an alternative software component or version of the software component within the active task. The user, in response, has the option of replacing the vulnerable software component with the presented alternative component/version.”; software component correlating to multiple versions of software))


	However Williams and Toback do not explicitly teach to detect a further security vulnerability at a given location in a subsequent execution of a second version of the program, developed subsequently to the first version,
	Wherein Makowski teaches to detect a further security vulnerability at a given location in a subsequent execution of a second version of the program, developed subsequently to the first version, (Par. (Abstract) “ identifying and preventing vulnerability exploitation is provided. [..] comparing a first version of a software module with a second version of a software module.”; detecting (identifying) vulnerability of second version of software subsequently to the first version), (Par. (0028) “ if vulnerable versions of software exist, e.g. vulnerable version of a web browser, and if the vulnerability is known, then a patch, or revised version of the software, may also exist. In such embodiments, the vulnerable version of the software is compared [..] detecting exploitative attacks on the vulnerabilities.”; detecting vulnerabilities of versions of software), (Par. (0060) “the original software application version. If a new vulnerability in the original version is discovered, the source, e.g. Microsoft, issues (505) an updated version. e.g. a software patch. A server, e.g. a server running VulnDiff, then compares (507) the updated software patch with the unpatched software application version. In some embodiments, the differences between the two versions basically represent the fix for the vulnerability”.; second software version developed subsequently to first software version), (Par. (0064) “If while opening the PDF, a breakpoint is hit (the breakpoint being set at a known vulnerability in a vulnerable version of the software program opening the PDF), SymFW will evaluate the PDF file itself against a set of symbolic constraints generated by VulnDiff,”; vulnerability at given location (breakpoint), (Figure 5 labels 501, 503, 505 and “discovery of new vulnerability”; given location of detecting security vulnerability) 
	Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Makowski to the process of testing software application programs by correlating security vulnerabilities based on location and signature to the detected metadata on a control flow path and outputting an 

	However Williams, Toback and Makowski do not explicitly teach to compute a new signature of the given location and comparing the new signature to the location field of the records in the vulnerability database, and when no record is found to match the new signature
	Wherein Sheridan teaches to compute a new signature of the given location and comparing the new signature to the location field of the records in the vulnerability database, (Par. (0043) "a signature of a potential vulnerability of the source code is generated. Signatures of one or more potential vulnerabilities may be 
and when no record is found to match the new signature (Par. (0007) "When it is determined that the generated signature does not match a previously stored signature, the potential vulnerability the potential vulnerability may be characterized as having the generated signature as a new vulnerability.)


Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Sheridan to the process of testing software application programs by correlating security vulnerabilities based on location and signature to the detected metadata on a control flow path and outputting an 



Regarding dependent Claims 11-15 and 17-18, claims 11-15 and 17-18 are apparatus claims that correspond and recite similar limitations to the method of claim 2-5 and 7-9. Therefore, claims 11-15 and 17-18 are rejected for at least the same reasons as the method of claims 2-5 and 7-9.

Regarding independent Claim 19 (Currently Amended), Williams teaches a computer software product for testing a software application program, the product comprising a non-transitory computer-readable medium in which program instructions are stored, which instructions, when read by a computer, cause the computer to (Par. 0002 "field of vulnerability detection and testing in computer systems.") (0004 "detecting the presence of vulnerabilities in a software application.") (Figure 20 label 2030; computer readable medium, (Par. (0121) "The features described can be implemented in digital electronic circuitry, or in computer hardware, firmware, software, or in combinations of them.)
each record comprising a location field containing a respective signature indicative of a location in the execution at which a corresponding security vulnerability was detected and a metadata field indicative of a respective control flow path on which the corresponding security vulnerability occurred, (Fig. 8 label 800- 802"<context>" and "method name"; trace (record) location field  (URL) of security vulnerability, event field (respective signature);( Par. (0116) "the vulnerability detection system 200 can have the full runtime information along with the location of the problem in the code of the application) (Par. (0034) "The tracking module 240 collects the generated event indicators from the application 230 in a database and analyses the stored indicators for the presence of vulnerabilities. The analysis may be performed 
to output an indication to a developer of the program of an occurrence of a new security vulnerability. (Par. (0111) "the vulnerability detection system 200 would be accessible directly from the developer's integrated development environment (IDE) and would produce warnings about detected vulnerabilities in the developer's code. Identified vulnerabilities would be displayed in the developer's IDE with suggested fixes. In addition, a profiling tool can integrate with the vulnerability detection system 200 to discover vulnerabilities during software development. Any vulnerability discovered would be logged as part of the testing results; indicating to developer new vulnerability), (Par. (0089) "a user can browse the results or be alerted about existence of 
However Williams does not explicitly teach store a vulnerability database containing records of security vulnerabilities identified in execution of at least a first version of the program, 
Wherein Toback teaches store a vulnerability database containing records of security vulnerabilities identified in execution of at least a first version of the program (Par. (0053) “The vulnerability database 520 stores vulnerability data for software components. In one embodiment the vulnerability database 520 is an externally maintained database, such as the NVD. Alternatively, the vulnerability database 520 is internally maintained, e.g., within an enterprise or by the developer. As described with reference to block 110 in FIG. 1, the vulnerability tracking system 505 receives software component vulnerability information from one or more vulnerability databases 520.”; vulnerability database storing record (data) for software components), (Par. (0052) “software components includes one or more of the software component vendor, component name, and version number in a uniform manner to uniquely and software component corresponding to a first version of program), (Par. (0020) : Alternatively, or additionally, the vulnerability score may reflect multiple versions of a software product, e.g. all versions of a product.”; multiple versions of software program (product), (Par. (0043) “the computer may present an alternative software component or version of the software component within the active task. The user, in response, has the option of replacing the vulnerable software component with the presented alternative component/version.”; software component correlating to multiple versions of software))
	Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Toback to the process of testing software application programs by correlating security vulnerabilities based on location and signature to the detected metadata on a control flow path and outputting an indication to the developer about a new occurrence of a security vulnerability teachings of Williams because of the analogous concept of protecting and preventing harm of malware 
	The motivation to combine these reference is because by storing records of security vulnerabilities the developer can be alerted and provide a solution to the difficulties of tracking software version changes over time.
	However Williams and Toback do not explicitly teach wherein the instructions cause the computer to detect a further security vulnerability at a given location in a subsequent execution of a second version of the program.
	Wherein Makowski teaches wherein the instructions cause the computer to detect a further security vulnerability at a given location in a subsequent execution of a second version of the program. (Par. (Abstract) “ identifying and preventing vulnerability exploitation is provided. [..] comparing a first version of a software module with a second version of a software module.”; detecting (identifying) vulnerability of second version of software subsequently to the first version), (Par. (0028) “ if vulnerable versions of software exist, e.g. vulnerable version of a web browser, and if the vulnerability is known, then a patch, or revised version of the software, may also exist. In such embodiments, the vulnerable version of the software is compared [..] detecting exploitative attacks on the vulnerabilities.”; detecting vulnerabilities of versions of software), (Par. (0060) “the original software application version. If a new vulnerability in the original version is discovered, the source, e.g. Microsoft, issues (505) an updated version. e.g. a software patch. A server, e.g. a server running VulnDiff, then compares (507) the updated software patch with the unpatched software application version. In some embodiments, the differences between the two versions basically represent the fix for the vulnerability”.; second software version developed subsequently to first software version), (Par. (0064) “If while opening the PDF, a breakpoint is hit (the breakpoint being set at a known vulnerability in a vulnerability at given location (breakpoint), (Figure 5 labels 501, 503, 505 and “discovery of new vulnerability”; given location of detecting security vulnerability) 
	Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Makowski to the process of testing software application programs by correlating security vulnerabilities based on location and signature to the detected metadata on a control flow path and outputting an indication to the developer about a new occurrence of a security vulnerability teachings of Williams and a process of storing in a vulnerability database records pertaining to a security vulnerability that correlates to a version of software on the program teachings of Toback because of the analogous concept of protecting and preventing harm of malware attacks on software application by detecting security vulnerabilities before it affects devices on a computer system. Makowski includes a method of detecting a further security vulnerability at a given location specific to a second version’s security vulnerability correlating with an already detected first version security vulnerability. This 
	The motivation to combine these references is because by coupling these teachings to a stored database with a first software version and a means of indicating the security vulnerability tied to a signature/location, the developers can have better understanding through the lifecycle of the software version on how to improve it over time and in contrast if the software developer’s see a weakness and a compromised or affected software version they can have the power to veto or cancel that version based on these findings. This in return strengthens the integrity of the software application system and eases the burden on software developers. 

	Wherein Sheridan teaches to compute a new signature of the given location and comparing the new signature to the location field of the records in the vulnerability database, (Par. (0043) "a signature of a potential vulnerability of the source code is generated. Signatures of one or more potential vulnerabilities may be generated." (Par. (0037) "The signature generator 224 may use the collected metadata in one or more of a variety of ways so as to generate a unique signature associated with the vulnerability") (Par. (0038) "Correlating the generated signature with previously stored signatures may include comparing the signatures with one another to determine whether they are identical or are substantially similar to one another."; new signature is compared to the signature in the database) 
and when no record is found to match the new signature, (Par. (0007) "When it is determined that the generated signature does not match a previously stored 
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Sheridan to the process of testing software application programs by correlating security vulnerabilities based on location and signature to the detected metadata on a control flow path and outputting an indication to the developer about a new occurrence of a security vulnerability teachings of Williams, a process of storing in a vulnerability database records pertaining to a security vulnerability that correlates to a version of software on the program teachings of Toback and a method of detecting a further security vulnerability at a given location specific to a second version’s security vulnerability correlating with an already detected first version security vulnerability teachings of Makowski because of the analogous concept of protecting and preventing harm of malware attacks on software application by detecting security vulnerabilities before it affects devices on a computer system. Sheridan contributes and describes the use of signatures to match and compare vulnerabilities detected that are new or recurring. This allows a more efficient method of 
The motivation to combine these references is because Sheridan provides a secure and trusted method for software developers to strengthen and combat various vulnerability attacks on their systems. By matching the database records with the signature that correlates to where the vulnerability was found this allows the fast and thorough process of vulnerability detection and resolution for many software applications being executed.


Regarding dependent Claims 20-23 and 25-27, claims 20-23 and 25-27 are computer software product claims that correspond and recite similar limitations to the 

Regarding independent Claim 28 (Currently Amended), Williams teaches a method for testing a software application program, comprising: (0002 "field of vulnerability detection and testing in computer systems.") (0004 "detecting the presence of vulnerabilities in a software application.")
each record comprising a location field containing a respective signature indicative of a location in the execution at which a corresponding security vulnerability was detected and a metadata field indicative of a respective control flow path on which the corresponding security vulnerability occurred (Fig. 8 label 800- 802"<context>" and "method name"; trace (record) location field  (URL) of security vulnerability, event field (respective signature);( Par. (0116) "the vulnerability detection system 200 can have the full runtime information along with the location of the problem in the code of the application) (Par. (0034) "The tracking module 240 collects the 
However Williams does not explicitly teach storing in a vulnerability database records of security vulnerabilities identified in execution of at least a first version of the program.
Wherein Toback teaches storing in a vulnerability database records of security vulnerabilities identified in execution of at least a first version of the program (Par. (0053) “The vulnerability database 520 stores vulnerability data for software components. In one embodiment the vulnerability database 520 is an externally maintained database, such as the NVD. Alternatively, the vulnerability vulnerability database storing record (data) for software components), (Par. (0052) “software components includes one or more of the software component vendor, component name, and version number in a uniform manner to uniquely and consistently identify each software component and track known vulnerabilities. For example, the NVD identifies a component by its vendor, component name, major component version, minor version, and update”; software component corresponding to a first version of program), (Par. (0020) : Alternatively, or additionally, the vulnerability score may reflect multiple versions of a software product, e.g. all versions of a product.”; multiple versions of software program (product), (Par. (0043) “the computer may present an alternative software component or version of the software component within the active task. The user, in response, has the option of replacing the vulnerable software component with the presented alternative component/version.”; software component correlating to multiple versions of software))

	However Williams and Toback does not explicitly teach detecting a further security vulnerability at a given location in a subsequent execution of a second version of the program, developed subsequently to the first version;
Wherein Makowski teaches detecting a further security vulnerability at a given location in a subsequent execution of a second version of the program, developed subsequently to the first version; (Par. (Abstract) “ identifying and preventing vulnerability exploitation is provided. [..] comparing a first version of a software module with a second version of a software module.”; detecting (identifying) vulnerability of second version of software subsequently to the first version), (Par. (0028) “ if vulnerable versions of software exist, e.g. vulnerable version of a web browser, and if the vulnerability is known, then a patch, or revised version of the software, may also exist. In such embodiments, the vulnerable version of the software is compared [..] detecting exploitative attacks on the vulnerabilities.”; detecting vulnerabilities of versions of software), (Par. (0060) “the original software application version. If a new vulnerability in the original version is second software version developed subsequently to first software version), (Par. (0064) “If while opening the PDF, a breakpoint is hit (the breakpoint being set at a known vulnerability in a vulnerable version of the software program opening the PDF), SymFW will evaluate the PDF file itself against a set of symbolic constraints generated by VulnDiff,”; vulnerability at given location (breakpoint), (Figure 5 labels 501, 503, 505 and “discovery of new vulnerability”; given location of detecting security vulnerability) 
	Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Makowski to the process of testing software application programs by correlating security vulnerabilities based on location and signature to the detected metadata on a control flow path and outputting an indication to the developer about a new occurrence of a security vulnerability teachings 
	The motivation to combine these references is because by coupling these teachings to a stored database with a first software version and a means of indicating 
However Williams, Toback and Makowski do not explicitly teach computing a new signature of the given location and comparing the new signature to the location field of the records in the vulnerability database; extracting metadata with respect to the a further control flow path on which the further security vulnerability occurred; and when the new signature is found to match the respective signature of a given record in the vulnerability database, comparing the extracted metadata to the metadata field in the given record in order to classify the further security vulnerability as a recurrent or new security vulnerability.
computing a new signature of the given location and comparing the new signature to the location field of the records in the vulnerability database; (Par. (0043) "a signature of a potential vulnerability of
 the source code is generated. Signatures of one or more potential vulnerabilities may be generated." (Par. (0037) "The signature generator 224 may use the collected metadata in one or more of a variety of ways so as to generate a unique signature associated with the vulnerability") (Par. (0038) "Correlating the generated signature with previously stored signatures may include comparing the signatures with one another to determine whether they are identical or are substantially similar to one another."; new signature is compared to the signature in the database)
extracting metadata with respect to a further control flow path on which the further security vulnerability occurred; (Par. (0036) "The metadata collector 223 may collect various information about one or more nodes associated with a detected vulnerability"; data collected on nodes on a control flow path when identified with vulnerability.)
and when the new signature is found to match the respective signature of a given record in the vulnerability database, comparing the extracted metadata to the metadata field in the given record in order to classify the further security vulnerability as a recurrent or new security vulnerability. (Figure 5 label 504 Par. (0059) "For example, each generated signature may be compared to all of the previously stored signatures. If the generated signature is identical to or substantially similar to at least one of the previously stored signatures, then it may be determined that the generated signature matches the previously stored signatures. If there is not a match, then processing continues to operation 506, where it is determined that a new vulnerability is detected. If there is a match, then processing continues to operation 508, where it is determined that the vulnerability is a duplicate.").
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Sheridan to the process of testing software application programs by correlating security vulnerabilities based on location and signature to the detected metadata on a control flow path and outputting an indication to the developer about a new occurrence of a security vulnerability teachings 
The motivation to combine these references is because Williams and Sheridan provide a secure and trusted method for software developers to strengthen and combat various vulnerability attacks on their systems. By matching the database records with the signature that correlates to where the vulnerability was found this allows the fast and thorough process of vulnerability detection and resolution for many software applications being executed. As well as identifying and collecting information on when and where vulnerabilities occur to provide the fast and utmost reaction for possible solutions for software developers.

Claims 6, 16, and 24 is/are rejected under 35 U.S.C. 103 as being unpatentable over Williams et al. (U.S Pub. No. 20140165204, hereinafter referred to as “Williams"), Toback et al. (U.S Pub. No. 20140173737, hereinafter referred to as "Toback"), Makowski et al. (U.S Pub. No. 20170019422, hereinafter referred to as "Makowski”) and Sheridan et al. (U.S Pub. No. 20140283081, hereinafter referred to as "Sheridan") in further view of Bach et al. (U.S Pub. No. 20160078231, hereinafter referred to as “Bach”)

Regarding dependent claim 6 (Currently amended), the combination of Williams, Toback, Makowski and Sheridan do not teach the method according to claim 1, and comprising, after completing the subsequent execution of the program without having traversed the respective control flow path of a given security vulnerability that is recorded in the vulnerability database, indicating to the developer of the program that a state of the given security vulnerability is unknown due to insufficient coverage.
Wherein Bach teaches the method according to claim 1, and comprising, after completing the subsequent execution of the program without having traversed the respective control flow path of a given security vulnerability that is recorded in the vulnerability database, indicating to the developer of the program that a state of the given security vulnerability is unknown due to insufficient coverage. (Par. (0088) "Version V1 of the software as of time t1 has no vulnerabilities. At time t2 a vulnerability to version V1 arises (V1Vuln), but is undetected and 
Therefore, it would have been obvious before the effective filing date of the claimed invention to combine the teachings of Bach  to the process of testing software application programs by correlating security vulnerabilities based on location and signature to the detected metadata on a control flow path and outputting an indication to the developer about a new occurrence of a security vulnerability teachings of Williams, a process of storing in a vulnerability database records pertaining to a security vulnerability that correlates to a version of software on the program teachings of Toback and a method of detecting a further security vulnerability at a given location specific to a second version’s security vulnerability correlating with an already detected first version 
to the fact that there is insufficient coverage and that multiple vulnerabilities could still be detected. It is rationale to combine because this alerts the developer that even though multiple tests are executed in the program unknown, undetected or unexamined vulnerabilities may occur, this notifies the software developers and provides them an efficient way to access monitor and manage the vulnerability detection system to allow them to modify the execution and provide a solution for the software over its life cycle.
There is a motivation to combine these references is because it allows the software developers to periodically monitor and be alerted by the vulnerability detection system to provide reasonable and efficient solutions when there is a change to the vulnerability on record. By checking for the vulnerability detected on the corresponding 


Regarding Claims 16 and 24, claims 16 and 24 recite similar limitations to claim 6 and the teachings Williams Toback, Makowski, Sheridan and Bach discuss all the limitations in claim 6 and thereby rejected on the same grounds.

	






Relevant Prior Art

The prior art made of record and not relied upon is considered pertinent to applicant's disclosure.


1.	Brian Chess (US Pub 20050273859) "Apparatus And Method For Testing Secure Software" I chose to review this reference because it is discussed a software program with instructions to analyze program instructions for security vulnerabilities. Executable instructions identify potential security vulnerabilities within program instructions based upon input from an attack database and information derived during a static analysis of the program instructions.

2.	Maty Simon (US Pub 20100083240) "LOCATING SECURITY VULNERABILITIES IN SOURCE CODE" I chose to review this reference because it dealt with security vulnerability in the software development life cycle. The reference 

3.	Alexander Roichman (US Pub. 20170270303) "Integrated Interactive Application Security Testing" I chose to review this reference because it deals with a method for testing a software application program and tests that are applied to the program in order to detect security vulnerabilities in the program.

Conclusion

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL.  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  



Applicants are encouraged to take advantage of the After Final Consideration Pilot 2.0 (AFCP 2.0) which authorizes non-production time for consideration of responses filed after a final rejection. The purpose of the pilot is to compact prosecution of the case. The request must include 1) A signed AFCP request form (PTO/SB/434 or equivalent) that includes a statement that applicant is requesting consideration under the AFCP; 2) An amendment to at least one independent claim that does not broaden 

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN A HUSSEIN whose telephone number is (571)272-3554. The examiner can normally be reached on 7:30am-5pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/HASSAN A HUSSEIN/ 
Examiner, Art Unit 2497
/ELENI A SHIFERAW/Supervisory Patent Examiner, Art Unit 2497