Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .


EXAMINER’S AMENDMENT
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with Mr. Ali Imam, on 5/28/21. 
The application has been amended as follows:

Amendments to the Claims
Cancellation of claims 2, 9, 12, and 19.  
Amendment to claims 1, 11, 20 as follows:

(Currently Amended) A computer-implemented method for managing cybersecurity vulnerabilities of resources within at least one network, the method comprising: 
utilizing the at least one processor to manage cybersecurity vulnerabilities within a network by performing operations including: 
determining vulnerability scores corresponding to vulnerabilities of multiple network resources; 

integrating each vulnerability score and a corresponding severity score for the network resources to create a two-dimensional risk ranking enabling visualization and characterization of resource vulnerabilities for the network resources connected over the network; 
prioritizing remediation of the vulnerabilities within the network based on the two dimensional risk ranking having an x axis and a y axis, wherein in the two-dimensional risk ranking, the severity scores are represented along the x axis and the vulnerability scores are represented along the y axis; 
calculating a vulnerability index as a weighted sum of vulnerabilities associated with an application and host; and 
generating a user interface displaying a comparison of an infrastructure vulnerability index and an application vulnerability index.

11. (Currently Amended) A cybersecurity vulnerability management system operating within at least one network, the system comprising: 
at least one computer memory storing instructions; 
at least one computer processor accessing the stored instructions for performing steps including: 
determining vulnerability scores corresponding to vulnerabilities of network resources within a network; 
determining severity scores for the network resources based on application risk rank and network location of the network resources; 

prioritizing remediation of the vulnerabilities within the network based on the two dimensional risk ranking having an x axis and a y axis, wherein in the two-dimensional risk ranking, the severity scores are represented along the x axis and the vulnerability scores are represented along the y axis; and 
calculating a vulnerability index as a weighted sum of vulnerabilities associated with an application and host; and 
generating a user interface displaying a comparison of an infrastructure vulnerability index and an application vulnerability index. 

20. (Currently Amended) A non-transitory computer-readable medium, executed by a processor for managing cybersecurity vulnerabilities of resources within at least one network by performing steps including: 
determining vulnerability scores corresponding to vulnerabilities of network resources within a network; 
determining severity scores for the network resources based on application risk rank and network location; and 
integrating the vulnerability score and the severity score to create a two-dimensional risk ranking enabling visualization and characterization of resource vulnerabilities for the network resources connected over the network; 
; and 
calculating a vulnerability index as a weighted sum of vulnerabilities associated with an application and host; and 
generating a user interface displaying a comparison of an infrastructure vulnerability index and an application vulnerability index.


Response to Arguments
Applicant's remarks, filed on 1/26/21, with respect to the art rejection of the claims have been fully considered and they are persuasive as amended and in the light of the Examiner's amendments and claim amendments dated 1/26/21.

Allowable Subject Matter
Claims 1,3-8,10-11,13-18 and 20 are allowed.
This communication warrants no examiner's reason for allowance, as applicant's reply makes evident the reason for allowance, satisfying the record as whole as required by rule 37 CFR 1.104 (e). Thus, the reason for allowance is in all probability evident from the record and no statement for examiner's reason for allowance is necessary (see MPEP 1302.14).

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARESH PATEL whose telephone number is (571) 272-3973.  The examiner can normally be reached on Monday-Friday.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Carl Colin, can be reached at (571) 272-3862.  The fax phone number for the organization where this application or proceeding is assigned is (571) 273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).

/HARESH N PATEL/Primary Examiner, Art Unit 2493