NOTICE OF ALLOWANCE

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Claims 1-20 are presented for examination.

Allowable Subject Matter
Claims 1-20 are allowed.
The following is an examiner’s statement of reasons for allowance: 
Although the prior art of record (such as Smith (US Patent 10,454,963 B1)) teaches a vulnerability assessment tool comprising: a memory configured to store: a first application intrusion count, comprising the number of application intrusions detected on the first application (col. 3, lines 16-18); a second application intrusion count, comprising the number of application intrusions detected on the second application (col. 3, lines 16-18); a third application intrusion count, comprising the number of application intrusions detected on the third application (col. 3, lines 16-18); a first application vulnerability count, comprising the number of vulnerabilities identified in the first application hosted on the first server (col. 3, lines 13-16); a second application vulnerability count, comprising the number of vulnerabilities identified in the second application (col. 3, lines 13-16); a third application vulnerability count, comprising the number of vulnerabilities identified in the second application (col. 3, lines 13-16); a fourth application vulnerability count, comprising the number of vulnerabilities identified in the third application hosted on the second server (col. 3, lines 13-16), none of the prior art of record alone  a first server hosting: a copy of a first application; and a first copy of a second application; a second server hosting: a second copy of the second application; and a copy of a third application; a first application vulnerability count, comprising the number of vulnerabilities identified in the copy of the first application hosted on the first server; a second application vulnerability count, comprising the number of vulnerabilities identified in the first copy of the second application; a third application vulnerability count, comprising the number of vulnerabilities identified in the second copy of the second application; a fourth application vulnerability count, comprising the number of vulnerabilities identified in the copy of the third application hosted on the second server; a first server vulnerability count, comprising a number of vulnerabilities identified on the first server; a second server vulnerability count, comprising the number of vulnerabilities identified on the second server; a hardware processor configured to: determine a first exploitation ratio, comprising a ratio between the first application intrusion count and a first total vulnerability count, the first total vulnerability count comprising the sum of the first application vulnerability count and the first server vulnerability count; determine a second exploitation ratio, comprising a ratio between the second application intrusion count and a second total vulnerability count, the second total vulnerability count comprising the sum of the second application vulnerability count and the first server vulnerability count; determine a third exploitation ratio, comprising a ratio between the second application intrusion count and a third total vulnerability count, the third total vulnerability count comprising the sum of the third application vulnerability count and the second server vulnerability count; determine a fourth exploitation ratio, comprising the ratio between the third application intrusion count and a fourth total vulnerability count, the fourth total vulnerability count comprising the fourth application vulnerability count and the second server vulnerability count; determine that one of the first exploitation ratio, the second exploitation ratio, the third exploitation ratio, or the fourth exploitation ratio exceeds the others; flag for security improvements the copy of the first, second, or third application associated with the exploitation ratio exceeding the other exploitation ratios.
The closest prior art made of record are:
Smith discloses a system and method for historical exploit and vulnerability detection.
	
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Prior Art Made of Record
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Guarnieri et al. (US 2014/0082736 A1) discloses a system and method for certifying server side web applications against security vulnerabilities.
Kim et al. (US 2019/0114436 A1) discloses a system and method for automatically detecting security vulnerability based on hybrid fuzzing.
Mahabir et al. (US 2017/0346824 A1) discloses a system and method for mobile device risk management.
Morris et al. (WO 2012/110501 A1) discloses a system and method for dealing with malware.
Smith (US Patent 10,275,601 B2) discloses a system and method for flaw attribution and correlation.


Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to SARAH SU whose telephone number is (571)270-3835. The examiner can normally be reached 7:30 AM - 4:00 PM.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn Feild can be reached on 571-272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/SARAH SU/Primary Examiner, Art Unit 2431