Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This office action is in response to communication filed 5/27/2020. Claims 1-18 are currently pending and claims 1 and 10 are the independent claims. 

Claim Objections
Claims 2, 7-9, 11, and 16-18 are objected to because of the following informalities:
As per claims 2 and 11, they recite “…using Al or machine learning…” without first defining “AI” to mean “artificial intelligence”.
As per claims 7-9 and 16-18, they are  objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
Appropriate correction is required.

Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 


An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 

Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 
Claim limitations in this application that use the word “means” (or “step”) are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action. Conversely, claim limitations in this application that do not use the word “means” (or “step”) are not being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, except as otherwise indicated in an Office action.
This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  

Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, it/they is/are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may:  (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) sufficient structure to perform the claimed function so as to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of 
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1 and 10 are rejected under 35 U.S.C. 103 as being unpatentable over Mani et al. (herein called Mani) (US PG Pub. 2014/0114980 A1) and Jagannathan et al. (herein called Jagannathan) (US PG Pub. 2016/0224908 A1).

As per claim 1, Mani teaches: a system for risk assessment of an application or infrastructure, comprising: 
Code Intelligence Analyzers that scan historic code commits in code repositories of the application or infrastructure as well as real-time code commits (pars. [0020]-[0025], application change history containing information such as commit date, comment, committer/developer, etc. is extracted from version control/version management/change management server/etc. periodically, whenever developer commits to project/etc. and each change record is processed and information to add to developer record is determined (scan historic code commits/extract change history periodically/etc. is repositories/version management system as well as real-time code commits/extract change history whenever developer commits to project).); 

While Mani teaches analyzing developer commits/contributions to project/etc., it does not explicitly state, however Jagannathan teaches:
a Spacetime Graph, being a multidimensional graph detailing a current state of the application or infrastructure and a history of said code commits of the application or infrastructure, as determined by said Code Intelligence Analyzers and said Developer Behavior Profiler (pars. [0016], [0050], [0056]-[0058], [0061]-[0062], software development project comprises tasks that are assigned to developers to complete the project and determine/generate/etc. project plan/schedule/etc. to complete the project, and over the course of the project, information is provided/generated/etc. regarding the status/current state of the project/application such as developers assigned to each task, percentage complete of each task, quantity of work associated with task, quantity of defects detected, etc. is provided/displayed to user (graph detailing current state/status 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to add a Spacetime Graph, being a multidimensional graph detailing a current state of the application or infrastructure and a history of said code commits of the application or infrastructure, as determined by said Code Intelligence Analyzers and said Developer Behavior Profiler, as conceptually taught by Jagannathan, into that of Mani, because these modifications allow for the current state of a software development project/application to be determined during the development process, which is desirable as it allows developers to plan for the completion of the project by a certain date, determine how far along the development of the application is to better project when the application/project will be complete, determine problems occurring with application development, etc. which is desirable as it 

	As per claim 10, it recites a method having similar limitations to the system of claim 1 and is therefore rejected for the same reasoning as claim 1, above. 

Claims 2-4 and 11-13 are rejected under 35 U.S.C. 103 as being unpatentable over Mani et al. (herein called Mani) (US PG Pub. 2014/0114980 A1) and Jagannathan et al. (herein called Jagannathan) (US PG Pub. 2016/0224908 A1) in further view of Elwell et al. (herein called Elwell) (US  Patent 10,175,979 B1).

As per claim 2, Mani and Jagannathan do not explicitly state, however Elwell teaches: 
Material Changes Detectors configured to detect material changes in said historic and real-time code commits of the application or infrastructure using Al or machine learning and said behavior profiles to identify said material changes that might affect security and compliance posture of the application or infrastructure (col. 3 lines 40-60, col. 8 lines 20-38, developers check in/commit software revisions/new software features/etc. (changes) to source code control system, revisions of source code files are retrieved from source code control system/retrieve historic and real time commits of application which are analyzed to generate code elements, and machine learning algorithm uses code elements with developer identities/developer profile/developer assigned to code/developer that committed code/etc. to evaluate the software using 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to add Material Changes Detectors configured to detect material changes in said historic and real-time code commits of the application or infrastructure using Al or machine learning and said behavior profiles to identify said material changes that might affect security and compliance posture of the application or infrastructure, as conceptually taught by Elwell, into that of Mani and Jagannathan because these modifications allow for defects/errors/bugs/etc. in code changes/commits/revisions/etc. to be determined/predicted/etc., which is desirable as it allows for potential defects/errors in code to be found and corrected thereby helping to ensure that the code operates as intended. 

As per claim 3, Mani and Jagannathan do not explicitly state, however Elwell teaches:  
a Risk Engine configured to calculate a risk for each of said material changes, said risk calculated based on identification of at least one of Technical, Behavioral and Process-related risk factors (col. 4 lines 42-50, col. 5 lines 65-col. 6 line 20, col. 8 lines 20-38, machine learning algorithm predicts probability/likelihood of defects/material changes (determines risk of material changes) using developer identifiers and elements 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to add a Risk Engine configured to calculate a risk for each of said material changes, said risk calculated based on identification of at least one of Technical, Behavioral and Process-related risk factors, as conceptually taught by Elwell, into that of Mani and Jagannathan because these modifications allow for defects/errors/bugs/etc. in code changes/commits/revisions/etc. to be determined/predicted/etc., which is desirable as it allows for potential defects/errors in code to be found and corrected thereby helping to ensure that the code operates as intended.

As per claim 4, Mani and Jagannathan do not explicitly state, however Elwell teaches:  
a Prioritization Engine configured to prioritize for use by a security architect, said material changes based on said calculated risk (col. 5 line 65-col. 6 line 21, machine learning algorithm predicts number of defects, type of defects, and probability of defects, (calculates risk of material changes) and machine learning algorithm recommends developer to assign to repair defect (prioritize/assign material change/defect to developer/security architect for repair when prediction includes probability of defects/based on calculated risk).).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to a Prioritization Engine configured to 

As per claim 11-13, they recite methods having similar limitations to the system of claims 2-4, respectively, and are therefore rejected for the same reasoning as claim 2-4, respectively, above.

Claims 5, 6, 14, and 15 are rejected under 35 U.S.C. 103 as being unpatentable over Mani et al. (herein called Mani) (US PG Pub. 2014/0114980 A1), Jagannathan et al. (herein called Jagannathan) (US PG Pub. 2016/0224908 A1), and Elwell et al. (herein called Elwell) (US Patent 10,175,979 B1), in further view of Bezzi et al. (herein called Bezzi) (US PG Pub. 2019/0347424 A1).

As per claim 5, while Elwell teaches using machine learning to analyze code and predict defects/material changes, Mani, Jagannathan, and Elwell do not explicitly state, however Bezzi teaches 
an Adaptive Code Governance Engine configured to issue a Governance rule including adaptive code governance rules that dictate which detected changes are said material changes, and what said risk is attributed to said material changes (pars. [0020], 
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to add an Adaptive Code Governance Engine configured to issue a Governance rule including adaptive code governance rules that dictate which detected changes are said material changes, and what said risk is attributed to said material changes, as conceptually taught by Bezzi, into that of Mani, Jagannathan, and Elwell because these modifications allow for a machine learning model to use rules/be trained/etc. to detect/predict/identify/etc. desired types of changes in code, thereby helping to locate/identify code changes that a developer/user/etc. desires to perform further analysis on, which is desirable as it helps a user/developer quickly and effectively identify portions of code for further analysis/development/correctly/debugging/etc., which is desirable as it helps users/developers analyze and debug/perform error correction on/etc. code thereby ensuring that the code operates as intended. 

As per claim 6, Mani, Jagannathan, and Bezzi do not explicitly state, however Elwell teaches: 
at least one of creating a ticket in an external issue- tracking system and suggesting a code change in a Source Control System (col. 3 line 58-col. 4 line 10, col. 5 line 65-col. 6 line 21, ticket tracking system records and tracks defects in software/creates new record and assigns defect to developer when defect is discovered/etc. (creating ticket in external issue-tracking system), and machine learning agent/model predicts defects/probability of defects/etc. in code and recommends developer to assign defect to for repair. As Bezzi teaches that machine learning uses the governance rules to identify portions of code/material changes/security relevant changes/defects/etc., it is obvious that the identifying/predicting of the defect/material change/etc. is in response to the machine learning using the rules to identify desired portions of code/defects/relevant changes/material changes, and as the ticket tracking system creates record/ticket and assigns defect to developer for repair when defect is discovered, it is obvious that it creates a record when machine learning predicts/discovers a defect and as such the creation of the record in the ticket tracking system in response to the defect being discovered by the machine learning is creating a ticket in external issue-tracking system a result of said adaptive code governance rule being issued/machine learning model applying rules to identify defects/portions of code/security relevant changes/material changes/etc.).
Therefore it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to add a Risk-Based Workflow Engine configured to trigger a specific workflow as a result of said adaptive code governance 

As per claim 14-15, they recite methods having similar limitations to the system of claims 5-6, respectively, and are therefore rejected for the same reasoning as claim 5-6, respectively, above.

	Allowable Subject Matter
Claims 7-9 and 16-18 are objected to as being dependent upon a rejected base claim, but would be allowable if rewritten in independent form including all of the limitations of the base claim and any intervening claims.
The following is a statement of reasons for the indication of allowable subject matter:
The prior art of record teaches analyzing past/historic/etc. code commits in a repository of an application as well as real time code commits and building a developer profile/behavior profile for each developer of the application based on the commits and relevant issues in an issue tracking system, and further teaches providing a graph . 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DOUGLAS M SLACHTA whose telephone number is (571)270-0653.  The examiner can normally be reached on Monday-Friday 6:30am-4pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.

Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/DOUGLAS M SLACHTA/Examiner, Art Unit 2193