DETAILED ACTION
This office action is in response to the application filed on 08/02/2019. Claims 1-20 are pending and are examined.	
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Allowable Subject Matter
Claims 1-20 are allowed.
The following is an examiner’s statement of reasons for allowance:

The closest prior arts made of records are, Kao et al. (U.S Pub No. 2019/0205542 A1, referred to as Kao), Ray et al. (U.S Pub No. 2013/0104236 A1, referred to as Ray) and Oliphant et al. (U.S Pub No. 2015/0040231 A1, referred to as Oliphant).

Kao discloses methods for automated secure software development management, risk assessment and risk remediation. A server generates security requirements for a software application under development based upon a plurality of technical attributes and a threat model. The server creates a first set of development tasks based upon the generated security requirements. The server scans source code to identify one or more security vulnerabilities and creates a second set of development tasks based upon the identified vulnerabilities.
Ray discloses an invention, which relates to pervasive, domain and situational-aware, adaptive, automated, and coordinated analysis and control of enterprise-wide computers, networks, and applications for mitigation of business and operational risks, including efficiency and effectiveness of business processes and enhancement of cyber security.

Oliphant discloses a system for a database associating a plurality of device vulnerabilities to which computing devices can be subject with a plurality of remediation techniques that collectively remediate the plurality of device vulnerabilities. Each of the device vulnerabilities is associated with at least one remediation technique. Each remediation technique associated with a particular device vulnerability remediates that particular vulnerability.

However, regarding claim 1, the prior art of Kao, Ray and Oliphant when taken in the context of the claim as a whole do not disclose nor suggest, “identifying one or more of at least one additional security control that mitigates said 10at least one security threat, and at least one change to at least one of the existing security controls that mitigates said at least one security threat; generating mitigation information indicative of one or more of said at least one additional security control and said changes; and revising said design based at least in part on said mitigation information.”.

Regarding claims 13 and 20, the prior art of Kao, Ray and Oliphant when taken in the context of the claim as a whole do not disclose nor suggest, “to identify one or 

Claims 2-12 depend on claim 1, claims 14-17 depend on claim 13 and claims 19-20 depend on claim 18, and are of consequence allowed.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:  See PTO-892.  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN SAADOUN whose telephone number is (571)272-8408.  The examiner can normally be reached on Mon-Fri 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.







/HASSAN SAADOUN/Examiner, Art Unit 2435  

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435