DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Allowable Subject Matter
Claims 1-20 are allowed.
Regarding claim 1, 18, and its respective dependents, the art of record either alone or in combination fails to particular disclose or suggest the claim when considered as whole and particularly the concept of claim limitation of “obtaining vulnerability scan results for a first subset of a plurality of assets of an enterprise system; populating an observation data structure, based at least in part on the obtained vulnerability scan results, indicating which of a plurality of vulnerabilities are observed on respective ones of the plurality of assets of the enterprise system; determining a set of recommendations for missing entries of the observation data structure for a second subset of the plurality of assets of the enterprise system utilizing at least one recommender system comprising at least one similarity function for determining similarity between a first set of vulnerabilities observed on one or more of the first subset of the plurality of assets and a second set of vulnerabilities observed on one or more of the second subset of the plurality of assets; predicting one or more vulnerabilities affecting one or more of the assets in the second subset of the plurality of assets utilizing a machine learning model and the determined set of recommendations; and applying one or more remediation actions for remediating at least a given one of the predicted vulnerabilities affecting at least a given one of the one or more assets in the second subset of the plurality of assets; wherein the method is performed by at least one processing device comprising a processor coupled to a memory.”
As to the art of record, Trepagnier eta al. reference discloses the concept of determining the risk rating of software vulnerabilities of host device. However, Trepagnier eta al. does not teach with respect 
As to the art of record, Joy et al. reference the concept of determining the vulnerabilities of each processing node in the network. However, Joy et al. does not teach with respect to does not teach with respect to the entire or combination claim limitation of “populating an observation data structure, based at least in part on the obtained vulnerability scan results, indicating which of a plurality of vulnerabilities are observed on respective ones of the plurality of assets of the enterprise system; determining a set of recommendations for missing entries of the observation data structure for a second subset of the plurality of assets of the enterprise system utilizing at least one recommender system comprising at least one similarity function for determining similarity between a first set of vulnerabilities observed on one or more of the first subset of the plurality of assets and a second set of vulnerabilities observed on one or more of the second subset of the plurality of assets; predicting one or more vulnerabilities affecting one or more of the assets in the second subset of the plurality of assets utilizing 
As to the art of record, Hibbert et al. reference discloses the concept of running an application on the digital device to determine the vulnerabilities of the device. However, Hibbert et al. does not teach with respect to the entire or combination claim limitation of “populating an observation data structure, based at least in part on the obtained vulnerability scan results, indicating which of a plurality of vulnerabilities are observed on respective ones of the plurality of assets of the enterprise system; determining a set of recommendations for missing entries of the observation data structure for a second subset of the plurality of assets of the enterprise system utilizing at least one recommender system comprising at least one similarity function for determining similarity between a first set of vulnerabilities observed on one or more of the first subset of the plurality of assets and a second set of vulnerabilities observed on one or more of the second subset of the plurality of assets; predicting one or more vulnerabilities affecting one or more of the assets in the second subset of the plurality of assets utilizing a machine learning model and the determined set of recommendations; and applying one or more remediation actions for remediating at least a given one of the predicted vulnerabilities affecting at least a given one of the one or more assets in the second subset of the plurality of assets; wherein the method is performed by at least one processing device comprising a processor coupled to a memory.”
As to the art of record, Duchin et al. reference discloses the concept of determining the trustworthiness scores of devices of internet of things. However, Duchin et al. does not teach with respect to the entire or combination claim limitation of “populating an observation data structure, based at least in part on the obtained vulnerability scan results, indicating which of a plurality of vulnerabilities are observed on respective ones of the plurality of assets of the enterprise system; 
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to CAI Y CHEN whose telephone number is (571)270-5679.  The examiner can normally be reached on 8:30 AM -4:30 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Brian Pendleton can be reached on 571-272-7527.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-






/CAI Y CHEN/Primary Examiner, Art Unit 2425