Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
1.	This Office Action is in response to the application filed on 11/30/2021.
Detailed Action
2.	Claims 1, 9, and 17 have currently been amended. 

Response to Arguments
3.	The applicant’s arguments filed 11/30/2021 have been taken into consideration, but are moot in view of new grounds of rejection.
A.	The rejection under 35 USC 101 has been withdrawn in light of the currently amended claim language.

B.	In response to the applicant’s argument (disclosed on pg. 2-3 of the remarks segment) that Genevski et al fails to teach or suggest facilitating delayed consumption of the new version of the component in response to determining that the new version of the component presents the unusual risk profile:
	According to par [0071], par [0168], lines 1-10, par [0198], par [0209] and par [0214] of the applicant’s specification, delayed consumption of the new version of the component is for a period of time that the applicant’s specification may be several hours, a few days or until the new version of the component is determined to no longer present an unusual risk or suspicious data) consumption of a new/updated component version, via flagging, blocking, or quarantining the new version if the new version has been determined to contain patterns (stored in a repository or database containing previous behavior data from previous component versions) correlating to behaviors matching a previous usual risk profile, in comparison to past behavior analysis.
	The examiner maintains (according to the broadest reasonable interpretation of the limitation in question) that the teachings of (disclosed by par [0026-0027], [0031], [0053], and par [0056] of Genevski et al) quarantining and isolating new versions of software components for a period of time until predefined conditions are met (e.g., facilitating delayed consumption of the new version of the component), upon comparing behavior of a current and prior software version, of the same software, and deployment history to the newly implemented version (e.g., historical behavior) in order to determine whether errors or anomalies are detected within the new software component release, in order to release the new software component version from quarantine and officially deploy the new software version (e.g., in response to determining that the new version of the component presents the unusual risk profile).  

C.	In response to the applicant’s argument (disclosed on pg. 3-5 of the remarks segment) that Friedrich et al fails to teach or suggest historical behavioral analysis of the project that is released with prior versions of the component, the historical behavior of the publisher of the project release with prior version of the component:
and/or (ii) historical committer behavior of a committer that committed the new version of the component, and/or (iii) historical behavior of a publisher of the project, incorporating the and/or clause only requires one of the claimed limitations to be considered in regards to what the historical behavioral analysis is determined, for a new version of a ‘component’ (which, along with the term ‘committer’, is broadly disclosed within the applicant’s claim language, in comparison to the applicant’s specification). According to par [0050] of the applicant’s specification, a committer is drawn to an entity or individual that periodically provides input to a particular project. 
Using the broadest reasonable interpretation of each broadly implemented claim element and broadly-claimed and/or clauses, and in light of the claimed amendments, see newly cited prior art reference Fox et al (US 2013/0074038), which discloses (in par [0005] and [0048] of Fox et al) collecting historical issues regarding previously stored artifacts regarding a history of code changes pertaining to previous software versions (e.g., historical behavioral analysis of the project that is released with prior versions of the component) and collecting historical issues regarding previously stored artifacts regarding a history of code changes entered by a committer (e.g., “historical committer behavior”).


Claim Rejections – 35 USC 103

A patent may not be obtained through the invention is not identically disclosed or described as set forth in of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the invention was made. 

5.	Claims 1-23 are rejected under 35 USC 103 as being unpatentable over Friedrich et al (US 2020/0151041) in view of Genevski et al (US 2014/0013315), further in view of Fox et al (US 2013/0074038).
Regarding claim 1, Friedrich et al teaches a computer system for security of components, comprising:
at least one processor (fig. 1, ‘102) and
a memory storing instructions that, when executed by the at least one processor, configure the at least one processor (fig. 6, ‘618) to: 
determine whether the new version of the component presents an unusual risk profile (fig. 1, ‘128, fig. 2, ‘202/’206/’208, [0004] & par [0007], lines 1-5, which disclose performing anomaly detection for a new/incremented application version by comparing previously generated performance metrics corresponding to previous versions of the application to determine if the new application version contains an error record containing anomalous data when compared to the error record stored on the previous application version, using a pre-stored anomalous module).
Genevski et al further teaches facilitating delayed consumption of the new version of the component in response to determining that the new version of the component presents the unusual risk profile (par [0026], lines 9-13, [0053], lines 1-5 & [0056], lines 11-17, which disclose isolating and preventing full use of an updated software version, rolling back deployment and quarantining an updated/“new” software version until errors and anomalies are no longer detected upon the “next” version being tested).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result of improving upon preventing decreased network performance corresponding to delays of updated software deployment by deploying updated software versions to expecting users, but isolating and not allowing full utilization of the new software version until the software version has been cleared any anomalous conditions or errors (as disclosed in par [0026], lines 9-12 and par [0058] of Genevski et al), which would reduce the amount of time users within the software deployment environment Friedrich et al spend waiting on updated software release to be deployed to their computing platforms, while also preventing the receiving user platforms from fully accessing every aspect of the new version and receiving any detected anomalies that may be contained within the updated software version. 
Fox et al further teaches for a new version of a component (par [0021], lines 1-10, “source code updates”), determining, based on a dataset of release events over time, including event data collected over time indicating projects to which components are stored (par [0008], “indication of artifacts”), committers that committed to the projects, and repositories into which components are stored (par [0005] & par [0008], “history of commits” & “software repository”), a historical behavioral analysis (par [0005], lines 7-10, “issue tracking information” & “history of issues”) of: 
(i) a project, among the projects, that is released with prior versions of the component (par [0043] & [0047], which disclose determining historical issues pertaining to a project and historical issues with previous versions), and/or 
(ii) historical committer behavior of a committer, among the committers, that committed the new version of the component (par [0043], “history of issues and commits”), and/or 
(iii) historical behavior of a publisher of the project, among the projects (par [0034] and par [0036], which disclose a repository storing artifacts contributed by developers); and
wherein determining whether the new version of the component presents an unusual risk profile is based on the historical behavioral analysis of the project (par [0005] & par [0008-0009], “history of issues filed against a plurality of artifacts”), the historical committer behavior (par [0048], “history of commits”), and/or the historical behavior of the publisher.
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version artifact evaluation environment of Fox et al within the software anomaly detecting and error analysis systems of Friedrich et al and Genevski et al, in order to improve the detection of error corresponding to software deployment of an updated version of the software (taught by Friedrich et al and Genevski et al) when combining the code change history pertaining to a previously stored software artifacts and data stored regarding a history of software code committers (disclosed by Fox et al), because the combined history evaluating provides an extra layer software version metric analysis to further prevent previously 
Regarding claim 2, Friedrich et al teaches wherein the processor is further configured to determine a profile of the new version of the component (fig. 5, ‘502, par [0007], lines 1-5, and par [0014], lines 1-5, which disclose generating an error record of the incremental application version).
Regarding claim 3, Friedrich et al teaches wherein the processor is further configured to determine whether the new version presents the unusual risk in response to a publish event incorporating the new version of the component (par [0018], lines 1-6, which discloses detecting anomalies in an incremental application release).
Regarding claim 4, Friedrich et al teaches wherein the publish event is a commit, or a release (par [0018], lines 1-5, “incremental application release”).
Regarding claim 5, Genevski et al further teaches wherein the processor is further configured to, on a periodic basis, monitor to discover existence of the new version in a software repository (par [0040], lines 6-9), and determine whether the new version that exists presents the unusual risk responsive to discovering the existence of the new version ([0056], lines 11-17, “error or anomalies”).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 1.
Regarding claim 6, Genevski et al further teaches wherein the processor is further configured to perform adaptive access control which facilitates delayed consumption of the new version which is determined to present the unusual risk profile (par [0026], lines 9-13, [0053], lines 1-5 & [0056], lines 11-17, which disclose only providing a receiving user with only partial use of an updated software version while quarantining an updated/“new” software version until errors and anomalies are no longer detected upon the “next” version being tested).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 1.
Regarding claim 7, Genevski et al further teaches wherein the processor is further configured to, in response to determining that the new version of the component presents the unusual risk profile, block, quarantine (par [0009]), or flag use of the new version.
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 1.
Regarding claim 8 Friedrich et al teaches wherein the processor is further configured to determine whether the new version of the component presents the unusual risk based on a classification change of the new version of the component (par [0005], lines 1-5, which discloses performing anomaly detection on the updated/incremental application versions in comparison to the legacy version of the application). 
Genevski et al further teaches wherein the classification change includes one or both of a source code differential classification and a dependency change classification (par [0019], lines 5-15).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 1.
Regarding claim 9, Friedrich et al teaches a computer-implemented method for providing security of components, comprising:
determining, by the processor, whether the new version of the component presents an unusual risk profile (fig. 1, ‘128, fig. 2, ‘202/’206/’208, [0004] & par [0007], lines 1-5, which disclose performing anomaly detection for a new/incremented application version by comparing previously generated performance metrics corresponding to previous versions of the application to determine if the new application version contains an error record containing anomalous data when compared to the error record stored on the previous application version, using a pre-stored anomalous module).
Genevski et al further teaches facilitating, by the processor, delayed consumption of the new version of the component in response to determining that the new version of the component presents the unusual risk profile (par [0026], lines 9-13, [0053], lines 1-5 & [0056], lines 11-17, which disclose isolating and preventing full use of an updated software version, rolling back deployment and quarantining an updated/“new” software version until errors and anomalies are no longer detected upon the “next” version being tested).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result of improving upon preventing decreased network performance corresponding to delays of updated software deployment by deploying updated software versions to expecting users, but isolating and not allowing full utilization of the new software version until the software version has been cleared any anomalous conditions or errors (as disclosed in par [0026], lines 9-12 and par [0058] of Genevski et al), which would reduce the amount of time users within the software deployment environment Friedrich et al spend waiting on updated software release to be deployed to their computing platforms, while also preventing the receiving user platforms from fully accessing every aspect of the new version and receiving any detected anomalies that may be contained within the updated software version. 
Fox et al further teaches for a new version of a component (par [0021], lines 1-10, “source code updates”), determining, based on a dataset of release events over time, including event data collected over time indicating projects to which components are stored (par [0008], “indication of artifacts”), committers that committed to the projects, and repositories into which components are stored (par [0005] & par [0008], “history of commits” & “software repository”), a historical behavioral analysis (par [0005], lines 7-10, “issue tracking information” & “history of issues”) of: 
par [0043] & [0047], which disclose determining historical issues pertaining to a project and historical issues with previous versions), and/or 
(ii) historical committer behavior of a committer, among the committers, that committed the new version of the component (par [0043], “history of issues and commits”), and/or 
(iii) historical behavior of a publisher of the project, among the projects (par [0034] and par [0036], which disclose a repository storing artifacts contributed by developers); and
wherein determining whether the new version of the component presents an unusual risk profile is based on the historical behavioral analysis of the project (par [0005] & par [0008-0009], “history of issues filed against a plurality of artifacts”), the historical committer behavior (par [0048], “history of commits”), and/or the historical behavior of the publisher.
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version artifact evaluation environment of Fox et al within the software anomaly detecting and error analysis systems of Friedrich et al and Genevski et al, in order to improve the detection of error corresponding to software deployment of an updated version of the software (taught by Friedrich et al and Genevski et al) when combining the code change history pertaining to a previously stored software artifacts and data stored regarding a history of software code committers (disclosed by Fox et al), because the combined history evaluating provides an extra layer software version metric analysis to further prevent previously detected software version vulnerabilities from going undetected for upgrades to the new software version release.
Regarding claim 10, Friedrich et al teaches determining, by the processor, a profile of the new version of the component (fig. 5, ‘502, par [0007], lines 1-5, and par [0014], lines 1-5, which disclose generating an error record of the incremental application version).
Regarding claim 11, Friedrich et al teaches wherein the determining, by the processor, whether the new version presents the unusual risk is performed in response to a publish event incorporating the new version of the component (par [0018], lines 1-6, which discloses detecting anomalies in an incremental application release).
Regarding claim 12, Friedrich et al teaches wherein the publish event that triggers the determining the unusual risk is a commit, or a release (par [0018], lines 1-5, “incremental application release”).
Regarding claim 13, Genevski et al further teaches monitoring, by the processor, on a periodic basis, to discover existence of the new version in a software repository (par [0040], lines 6-9), and determine whether the new version that exists presents the unusual risk responsive to discovering the existence of the new version ([0056], lines 11-17, “error or anomalies”).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 9.
Regarding claim 14, Genevski et al further teaches performing, by the processor, adaptive access control which facilitates delayed consumption of the new version which is determined to present the unusual risk profile (par [0026], lines 9-13, [0053], lines 1-5 & [0056], lines 11-17, which disclose only providing a receiving user with only partial use of an updated software version while quarantining an updated/“new” software version until errors and anomalies are no longer detected upon the “next” version being tested).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 9.
Regarding claim 15, Genevski et al further teaches, by the processor, in response to determining that the new version of the component presents the unusual risk profile, blocking, quarantining (par [0009]), or flagging use of the new version.
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 9.
Regarding claim 16, Friedrich et al teaches, by the processor, determining whether the new version of the component presents the unusual risk based on a classification change of the new version of the component (par [0005], lines 1-5, which discloses performing anomaly detection on the updated/incremental application versions in comparison to the legacy version of the application). 
Genevski et al further teaches wherein the classification change includes one or both of a source code differential classification and a dependency change classification (par [0019], lines 5-15).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 9.
Regarding claim 17, Friedrich et al teaches determining, by the processor, whether the new version of the component presents an unusual risk profile (fig. 1, ‘128, fig. 2, ‘202/’206/’208, [0004] & par [0007], lines 1-5, which disclose performing anomaly detection for a new/incremented application version by comparing previously generated performance metrics corresponding to previous versions of the application to determine if the new application version contains an error record containing anomalous data when compared to the error record stored on the previous application version, using a pre-stored anomalous module).
Genevski et al further teaches facilitating delayed consumption of the new version of the component in response to determining that the new version of the component presents the unusual risk profile (par [0026], lines 9-13, [0053], lines 1-5 & [0056], lines 11-17, which disclose isolating and preventing full use of an updated software version, rolling back deployment and quarantining an updated/“new” software version until errors and anomalies are no longer detected upon the “next” version being tested).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et  within the software anomaly detecting system of Friedrich et al, which would provide the predictive result of improving upon preventing decreased network performance corresponding to delays of updated software deployment by deploying updated software versions to expecting users, but isolating and not allowing full utilization of the new software version until the software version has been cleared any anomalous conditions or errors (as disclosed in par [0026], lines 9-12 and par [0058] of Genevski et al), which would reduce the amount of time users within the software deployment environment Friedrich et al spend waiting on updated software release to be deployed to their computing platforms, while also preventing the receiving user platforms from fully accessing every aspect of the new version and receiving any detected anomalies that may be contained within the updated software version. 
Fox et al further teaches for a new version of a component (par [0021], lines 1-10, “source code updates”), determining, based on a dataset of release events over time, including event data collected over time indicating projects to which components are stored (par [0008], “indication of artifacts”), committers that committed to the projects, and repositories into which components are stored (par [0005] & par [0008], “history of commits” & “software repository”), a historical behavioral analysis (par [0005], lines 7-10, “issue tracking information” & “history of issues”) of: 
(i) a project, among the projects, that is released with prior versions of the component (par [0043] & [0047], which disclose determining historical issues pertaining to a project and historical issues with previous versions), and/or 
(ii) historical committer behavior of a committer, among the committers, that committed the new version of the component (par [0043], “history of issues and commits”), and/or 
par [0034] and par [0036], which disclose a repository storing artifacts contributed by developers); and
wherein determining whether the new version of the component presents an unusual risk profile is based on the historical behavioral analysis of the project (par [0005] & par [0008-0009], “history of issues filed against a plurality of artifacts”), the historical committer behavior (par [0048], “history of commits”), and/or the historical behavior of the publisher.
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version artifact evaluation environment of Fox et al within the software anomaly detecting and error analysis systems of Friedrich et al and Genevski et al, in order to improve the detection of error corresponding to software deployment of an updated version of the software (taught by Friedrich et al and Genevski et al) when combining the code change history pertaining to a previously stored software artifacts and data stored regarding a history of software code committers (disclosed by Fox et al), because the combined history evaluating provides an extra layer software version metric analysis to further prevent previously detected software version vulnerabilities from going undetected for upgrades to the new software version release.
Regarding claim 18, Friedrich et al teaches determining a profile of the new version of the component (fig. 5, ‘502, par [0007], lines 1-5, and par [0014], lines 1-5, which disclose generating an error record of the incremental application version).
Regarding claim 19, Friedrich et al teaches wherein the determining whether the new version presents the unusual risk is performed in response to a publish event incorporating par [0018], lines 1-6, which discloses detecting anomalies in an incremental application release).
Regarding claim 20, Friedrich et al teaches wherein the publish event that triggers the determining the unusual risk is a commit, or a release (par [0018], lines 1-5, “incremental application release”).
Regarding claim 21, Genevski et al further teaches monitoring, on a periodic basis, to discover existence of the new version in a software repository (par [0040], lines 6-9), and determine whether the new version that exists presents the unusual risk responsive to discovering the existence of the new version ([0056], lines 11-17, “error or anomalies”).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 17.
Regarding claim 22, Genevski et al further teaches performing adaptive access control which facilitates delayed consumption of the new version which is determined to present the unusual risk profile (par [0026], lines 9-13, [0053], lines 1-5 & [0056], lines 11-17, which disclose only providing a receiving user with only partial use of an updated software version while quarantining an updated/“new” software version until errors and anomalies are no longer detected upon the “next” version being tested).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et  within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 17.
Regarding claim 23, Friedrich et al teaches determining whether the new version of the component presents the unusual risk based on a classification change of the new version of the component (par [0005], lines 1-5, which discloses performing anomaly detection on the updated/incremental application versions in comparison to the legacy version of the application). 
Genevski et al further teaches wherein the classification change includes one or both of a source code differential classification and a dependency change classification (par [0019], lines 5-15).
It would have been obvious to one of ordinary skill in the art before the effective date of the invention to combine the software version release error analysis embodiment of Genevski et al within the software anomaly detecting system of Friedrich et al, which would provide the predictive result previously addressed regarding claim 17.
Conclusion
Applicant's amendment necessitated the new grounds of rejection presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Randy A. Scott whose telephone number is (571) 272-3797. The examiner can normally be reached on Monday-Thursday 7:30 am-5:00 pm, second Fridays 7:30 am-4pm.
If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Luu Pham can be reached on (571) 270-5002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/RANDY A SCOTT/Primary Examiner, Art Unit 2439
20211205