Notice of Pre-AIA  or AIA  Status
The present application is being examined under the pre-AIA  first to invent provisions. 
DETAILED ACTION
Response to Arguments
Applicant’s arguments with respect to independent claim(s) have been considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Applicant states: “Accordingly, these cited passages describe calculating a risk factor/score for a particular “test,” and not for a particular “user” as claimed. For this reason alone, it is urged that claim 1 has been erroneously rejected because the applied references, considered individually or in any combination, fail to teach or suggest user-based risk calculation.
Examiner states: Examiner respectfully disagrees. As written, the limitation does not prevent Girolami-Rose from teaching a risk factor of a particular user. For example, Girolami-Rose teaches attributes of a system all contribute to a risk score. Therefore, it would be obvious to one ordinarily skilled in the art, a user may contribute to all the risk attributes and therefore the score would be “for a particular user. 
Applicant states: “Further with respect to claim 1, the “calculating” step/action is “based on information relating to previous activities of the user with the development system” (emphasis added), where the “information relating to previous activities of the user includes time elapsed since the user last accessed the development system.” Thus, the claimed user risk factor is calculated based on information relating to previous activities of the user with the development system—including a time elapsed since the user last accessed the development system.”
Examiner states: Examiner respectfully disagrees. As written, the limitation merely states that time elapse may be part of the previous activities but not necessarily used in calculating a risk factor of a user. Therefore, under broadest reasonable interpretation Girolami-Rose teaches a risk factor of a user as provided via the office action.
Applicant states: “Still further with respect to claim 1, the claim recites, inter alia, “wherein the risk factor describes a likelihood of the user damaging the development system” (emphasis added). Thus, 
Examiner states: Examiner respectfully disagrees. Girolami teaches that test should be run in order to reduce defects [Col. 1, Lines 35-43] “This selection and ordering causes the test mostly likely to fail to be run first during a test pass and thus increasing the odds of finding problems in a given test pass. 
(5)    In software development, risks can be quantified and defined by certain attributes. For instance, a risky area will have large number of defects/changes for that area, large number of high severity defects for that area, or large number of coders/authors for that same area.” Therefore it would be obvious to one ordinarily skilled in the art, unidentified defects discovered via testing is interpreted as preventing damage to a development system. 
Applicant states: “Further with respect to claim 1, the claim recites, inter alia, “determining, by one or more processors, whether the user has implemented the testing regime in the development system” (emphasis added). Thus, as claimed, a special determination is made as to whether the user has implemented “the testing regime” in the development system—where “the testing regime” that is
the subject of such determination is not just any test, but rather is a specific “testing regime” for
testing program code that is based on the “calculated risk factor of the user.” Relying on the
same passage of Hurdugaci as quoted above, the Examiner finds this determination taught by
Hurdugaci. NFOA 13. However, (1) Hurdugaci does not describe a “test regime” for testing program code that is based on the “calculated risk factor of the user,” as per the claimed “the test
regime,” and (11) Hurdugaci does not describe a special determination being made with respect to
a particular “test regime’’—but instead states that the tool “will prevent this action” without
explaining how such a determination and prevention is actually accomplished. In other words,
Hurdugaci fails to disclose the recited determination.”
Examiner states: Examiner respectfully disagrees. Girolami-Rose teaches a calculating a risk score of a user to identify associated tests. Hurdugaci teaches which tests (i.e. testing regime based upon 
Applicant states: “When an area reaches and passes the thresholds in the “risk threshold file,” the area is flagged as a risk area, and all “test cases” associated with that highlighted risk area are tagged for regression testing. The determined risk is associated with an “area” (Girolami 2:33—36), whereas the “risk factor’ of claim 5 is instead a risk of a “user’—again, a particular, single user. Thus, it is urged that claim 5 has been erroneously rejected because the applied references, considered individually or in any combination, fail to teach or suggest user-based risk calculation. Accordingly, for this additional reason, Applicant respectfully requests reconsideration and withdrawal of the rejection of claim 5 under the Girolami Rejections.”
Examiner states: Examiner respectfully disagrees. The claims do not specify tracking actions per individual users. Therefore, it would be obvious to one ordinarily skilled in the art, a risk factor calculated for a single user would be of the user as taught by Girolami-Rose.
Applicant states: “Claim 10 requires the information used in determining a risk of a particular user
relates to a pattern of access (days and times) for a particular user (“the user’’) to access the
system. If the user typically works “normal” daytime work hours but made a change late at night,
the change may be risky based on that particular user’s history of days and times normally
worked. Conversely, a user that typically works through the night may be making risky changes
when atypically working “normal” work hours”.
Examiner states: Examiner respectfully disagrees. Shihab teaches a table of risk factors. Girolami-Rose teaches calculating risk based upon risk factors. Therefore would be obvious to one ordinarily skilled in the art the combination the combination of Shihab risk factors, incorporated into Girolami-Rose teach sufficiently meets the limitations of the claim. 
Applicant states: “Thus, White describes a predetermined period of time since a user previously attempted to conduct a transaction accessing any of the stored data. Notably, this cited passage does not describe an elapsed time since a user last accessed “the system,” as claimed, 1.e., any type of access to “the system.” Instead, “data” access is relied upon in White rather than access to the system (i.e., any prior access to the system) before the calculation of risk occurs. Thus, it is urged 
Examiner states: Examiner respectfully disagrees. White teaches a risk factors in terms of a elapse time since a user conducted access on a system. Girolami-Rose teaches calculating risk based upon risk factors. Therefore would be obvious to one ordinarily skilled in the art the combination the combination of White’s risk factors, incorporated into Girolami-Rose teach sufficiently meets the limitations of the claim.
Applicant states: “Thus, the cited passage of Girolami describes attributes of a risky area. Notably, the only user-based attribute is an “inexperienced coder/author.” The fact that a coder/author is inexperienced does not depict or otherwise convey particular operations that have been performed by a user, as claimed. Instead, a user is merely flagged as being “inexperienced.” Thus, Girolami is not using information that relates to operations performed by this user in determining/calculating risk. Rather, Girolami is determining risks based on attributes of an area rather than information pertaining to the user. In like manner, Park discloses monitoring the storage units to recognize creation, change, or deletion of stored files—t.e., detecting activity on the storage unit regardless of the user that requests the access. Again, such information pertaining to actions on the storage units is not the same as determining/calculating risk based on attributes of (operations performed by) @ user.”
Examiner states: Examiner respectfully disagrees. Park teaches a risk factors in terms of certain types of events pertaining to code. Girolami-Rose teaches calculating risk based upon risk factors. Therefore would be obvious to one ordinarily skilled in the art the combination the combination of Park’s risk factors, incorporated into Girolami-Rose teach sufficiently meets the a risk associated with a user of the system as taught by Girolami-Rose.
Applicant states: “Respectfully, as discussed supra, nothing in any of these cited passages teaches or suggests that the information used in calculating the risk relates to “past activities of the user with the development system” as claimed. Thus, the applied references, considered individually or in any combination, fail to teach or suggest the features of claim 17. Accordingly, for this additional reason, 
Examiner states: Examiner respectfully disagrees. Shihab teaches a risk factors in terms of past activities of a user accessing a system. Girolami-Rose teaches calculating risk based upon risk factors. Therefore would be obvious to one ordinarily skilled in the art the combination the combination of Shihab’s risk factors, incorporated into Girolami-Rose teach sufficiently meets the a risk associated with a user of the system as taught by Girolami-Rose.
Applicant states: “Respectfully, the only user-based criteria disclosed by Girolami when calculating a test-based risk score is that a user is inexperienced. Such user inexperience is not described as being information that includes a “time elapsed” since such user last accessed a development system. Instead, it has to do with the experience of a user without regard to the user’s last usage of any “development system,” as claimed. An “experienced” user may have significant elapsed time since last access a particular system while an “inexperienced” user may frequently access the same system. Thus, the level of experience of a user is unrelated to the elapsed time since the user’s last access to the system. The only disclosure of Girolami related to time is Girolami’s disclosure that a factor in determining risk arises from “an area [of the program] that has not been tested for a period of time.” This is a time measurement relating to how long since a particular portion (area) of a software program has not been tested—clearly not a measure of time elapsed since the user (a particular single user) last accessed the development system as claimed. For at least this additional reason, Applicant maintains that claim 1 has been erroneously rejected because the applied references, considered individually or in any combination, fail to teach or suggest user elapsed-time-based risk calculation.”
Examiner states: Examiner respectfully disagrees. Shihab teaches risk factors in terms of actions performed by a user. Girolami teaches a time since the user last access the system as a time elapse since the code of the user was last tested as a risk factor. Girolami further teaches accounting for these factors in order to calculate risk. Therefore, it would be obvious to one ordinarily skilled in the art, the combination sufficiently meets the limitations of the claim as argued by Applicant. Futher arguments directed to the other dependent claims have been addressed above.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. 
Claim 16 is rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor, or for pre-AIA  the applicant regards as the invention.
Claim 16 recites “wherein the program instructions are stored” and is unclear which program instruction is referenced. Appropriate correction required. 

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file provisions of the AIA  as explained in MPEP § 2159.  See MPEP §§ 706.02(l)(1) - 706.02(l)(3) for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-19 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims (1-19) of U.S. Patent No. 10572372. 
Although the claims at issue are not identical, they are not patentably distinct from each other because: 
Claims (1-19)  of U.S. Patent Application No. 10572372 as shown in the corresponding table below contains every element of method claims (1-19) respectively of the instant application and therefore anticipates the claims. 

Present Application No. 16744608
1.    A method comprising:
calculating, by one or more processors, a risk factor of a user of a development system based on information relating to previous activities of the user with the development system, wherein the risk factor describes a likelihood of the user damaging the development system, and wherein the information relating to previous activities of the user includes time elapsed since the user last accessed the development system; determining, by one or more processors, a testing regime for testing program code based on the calculated risk factor of the user;
determining, by one or more processors, whether the user has implemented the testing regime in the development system; and
in response to determining that the user has not implemented the testing regime in the development system, preventing, by one or more processors, the user from any further access to the development system in order to prevent damage to the development system by the user.

2.    The method of claim 1, further comprising:


3.    The method of claim 2, further comprising:
storing, by one or more processors, determined information about the current activity of the user.

4.    The method of claim 1, wherein the information relating to previous activities of the user further comprises information representing at least one of: a system access pattern of the user; prior usage of the development system by the user; a number of times the user has accessed the development system; system errors caused by the user;
areas of the development system accessed by the user; and a previously calculated risk factor for the user.

5.    The method of claim 1, wherein said determining the testing regime comprises selecting one or more program code tests based on the calculated risk factor of the user.

6.    The method of claim 1, wherein the development system is a multi-user system adapted to enable collaborative creation of program code by different users.

7.    The method of claim 1, further comprising:
testing, by one or more processors, program code created in the development system by running the testing regime on the program code.

8.    A computer program product for determining a testing regime for program code created in a development system in order to protect the development system, the computer program product comprising a computer readable storage device, wherein the computer readable storage device is hardware having program code embodied therewith, the program code readable and executable by a processor to perform a method comprising: calculating a risk factor of a user of the development system based on information relating to previous activities of the user, wherein the risk factor describes a likelihood of the user damaging the development system; determining a testing 

9.    The computer program product of claim 9, wherein the method further comprises: determining information about a current activity of the user, and wherein said
calculating the risk factor is further based on the information about the current activity of the user.

10.    The method of claim 1, wherein the information relating to previous activities of the user with the development system is a system access pattern of the user, and wherein the system access pattern describes days and times the user has historically accessed the system.



12.    The method of claim 1, wherein the information relating to previous activities of the user with the development system is a previously calculated risk factor for the user that describes a likelihood of the user damaging the development system.

13.    The method of claim 1, wherein the information relating to previous activities of the user with the development system is a time elapsed since the user last accessed the system before said calculating the risk factor occurs.

14.    The method of claim 1, wherein the information relating to previous activities of the user with the development system describes types of operations that have been performed by the user, and wherein the types of operations are from a group consisting of updating an existing file and creating a new file.

15.    The method of claim 1, wherein the information relating to previous activities of the user with the development system describes types of operations that have been performed by the user, and wherein the types of operations are those that delete a file.

16.    A system comprising: a processor, a computer readable memory, and a computer readable storage medium; first program instructions to calculate a risk factor of a user of a development system based on information relating to previous activities of the user, wherein the risk factor describes a likelihood of the user damaging the development system; second program instructions to determine a testing regime for testing program code based on the calculated risk factor of the user; third program instructions to determine whether the user has implemented the testing regime in the development system; and fourth program instructions to, in response to determining that the user has not implemented the testing regime in the development system, prevent the user from further accessing the development system in order to prevent 

17.    The method of claim 1, wherein the information relating to previous activities of the user with the development system is a size of accessed data by the user during past activities, wherein the size of the accessed data describes a number of lines of code changed and a number of files that have been accessed by the user during the past activities, and wherein a low number of lines of code being changed and a low number of files being accessed by the user indicate a high risk factor for the user.

18.    The method of claim 1, wherein the information relating to previous activities of the user with the development system describes previous operations that are similar to a current operation being performed by the user, and wherein the previous operations have caused rapid successive edits to other program code.

19. The method of claim 1, wherein the testing regime is determined by a server, and wherein the method further comprises:
transmitting, by one or more processors, the testing regime from the server to a portable computing device for implementing the testing regime on the program code, wherein failure to implement, in the portable computer, the testing regime on the program code prevents the user from accessing a program code development environment provided by the development system for a predetermined amount of time.

U.S. Patent No. 10572372
1. A method comprising: calculating, by one or more processors, a risk factor of a user of a development system based on information relating to previous activities of the user with the development system, wherein the risk factor describes a likelihood of the user damaging the development system, and wherein the information relating to previous activities of the user includes time elapsed since the user last accessed the development system; determining, by one or more processors, a testing regime for testing program code based on the calculated risk factor of the user; determining, by one or more processors, whether the user has implemented the testing regime in the development system; and in response to determining that the user has not implemented the testing regime in the development system, preventing, by one or more processors, the user from further accessing the development system in order to prevent damage to the development system by the user: assigning, by one or more processors, weighting values to different types of information relating to previous activities of the user so as to represent a relative importance of the different types of information. 



    3. The method of claim 2, further comprising: storing, by one or more processors, determined information about the current activity of the user. 

    4. The method of claim 1, wherein the information relating to previous activities of the user further comprises information representing at least one of: a system access pattern of the user; prior usage of the development system by the user; a number of times the user has accessed the development system; system errors caused by the user; areas of the development system accessed by the user; a previously calculated risk factor for the user. 

    5. The method of claim 1, wherein said determining the testing regime comprises selecting one or more program code tests based on the calculated risk factor of the user. 



    7. The method of claim 1, further comprising: testing, by one or more processors, program code created in the development system by running the testing regime on the program code. 

    8. The method of claim 1, wherein the information relating to previous activities of the user with the development system is a system access pattern of the user, and wherein the system access pattern describes days and times the user has historically accessed the system. 

    9. The method of claim 1, wherein the information relating to previous activities of the user with the development system is a number of times the user has previously accessed the system. 

    10. The method of claim 1, wherein the information relating to previous activities of the user with the development system is a previously calculated risk factor for the user that describes a 

    11. The method of claim 1, wherein the information relating to previous activities of the user with the development system is a time elapsed since the user last accessed the system before said calculating the risk factor occurs. 

    12. The method of claim 1, wherein the information relating to previous activities of the user with the development system describes types of operations that have been performed by the user, and wherein the types of operations are from a group consisting of updating an existing file and creating a new file. 

    13. The method of claim 1, wherein the information relating to previous activities of the user with the development system describes types of operations that have been performed by the user, and wherein the types of operations are those that delete a file. 

    14. The method of claim 1, wherein the information relating to previous activities of the user with the development system is a size of accessed data by the user during past activities, 

    15. The method of claim 1, wherein the information relating to previous activities of the user with the development system describes previous operations that are similar to a current operation being performed by the user, and wherein the previous operations have caused rapid successive edits to other program code. 

    16. The method of claim 1, wherein the testing regime is determined by a server, and wherein the method further comprises: transmitting, by one or more processors, the testing regime from the server to a portable computing device for implementing the testing regime on the program code, wherein failure to implement, in the portable computer, the testing regime on the program code prevents the user from accessing a program code development environment provided by the development system for a predetermined amount of time. 

    17. A computer program product for determining a testing regime for program code created in a development system in order to protect the development system, the computer program product comprising a computer readable storage device, wherein the computer readable storage device is hardware having program code embodied therewith, the program code readable and executable by a processor to perform a method comprising: calculating a risk factor of a user of the development system based on information relating to previous activities of the user, wherein the risk factor describes a likelihood of the user damaging the development system; determining a testing regime for testing program code based on the calculated risk factor of the user; determining whether the user has implemented the testing regime in the development system; and in response to determining that the user has not implemented the testing regime in the development system, preventing the user from further accessing the development system in order to prevent damage to the development system by the user: assigning, by the processor, weighting values to different types of information relating to previous activities 

    18. The computer program product of claim 17, wherein the method further comprises: determining information about a current activity of the user, and wherein said calculating the risk factor is further based on the information about the current activity of the user. 

    19. A system comprising: a processor, a computer readable memory, and a computer readable storage medium; first program instructions to calculate a risk factor of a user of a development system based on information relating to previous activities of the user, wherein the risk factor describes a likelihood of the user damaging the development system; second program instructions to determine a testing regime for testing program code based on the calculated risk factor of the user: third program instructions to determine whether the user has implemented the testing regime in the development system; and fourth program instructions to, in response to determining that the user has not implemented the testing regime in the development system, prevent the user from further accessing the development system in order to prevent damage to the 



Claim Rejections - 35 USC § 103
The following is a quotation of pre-AIA  35 U.S.C. 103(a) which forms the basis for all obviousness rejections set forth in this Office action:
(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary skill in the art to which said subject matter pertains.  Patentability shall not be negatived by the manner in which the invention was made.
Claims 1, 4-8, 16 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Girolami-Rose in view of Hurdugaci in further view of Stackoverflow (NPL, 2010 “What do you do with a developer who does not test his code”) in further view of Jackson (Pub. No. US 2013/0111586).
Claim 1, Girolami-Rose teaches “a method comprising: calculating, by one or more processors, a risk factor of a user of a development system based on information relating to previous activities of the user with the development system, wherein the risk factor describes a likelihood of the user damaging the development system, and wherein the information relating to previous activities of the user includes time elapsed since the user last accessed the development system ([Col. 3, Lines 6-13] In one embodiment of the invention, the threshold or percentage of acceptable risk is defined in a separate file called the Risk Threshold file. This file defines thresholds or tolerances for each attribute that must be exceeded in order to contribute and assign a numeric risk failure score (i.e. “risk factor”) for a test. Tests with higher risk failure scores are ordered to run ahead of tests with lower risk failure scores. [Col. 2, Lines 55-67] attributes contributing to scores include “… 4. an area that has not been tested for a period of time 6. Inexperienced coder/author 7. developer with a track record of poor quality fixes 8.”); determining, by one or more processors, a testing regime for testing program code based on the calculated risk factor of the user ([Col. 3, Lines 37-49] “Risk Policy and scoring (24) In one embodiment, Risk Definition File and Risk Threshold File together form a test case selection policy. The policy can be persisted, and each development iteration can use different policies to determine the test selection and ordering. Risk policy combines risk definition and risk thresholds. "Acceptable Risk" differs depending on the industry or culture risk tolerance, development phase, user quality acceptance criteria, and market trends or delivery cycles. There may be multiple risk policies. Weighting and ordering of tests so that the tests with higher risk failure scores are set to run ahead of those with lower risk failure scores. (25) In one embodiment, interactive user interface provides for management and viewing of risk policies, test case risk failure scores, and selected and ordered tests. ”)”. 
However, Girolami-Rose may not explicitly teach the remaining limitations.
Hurdugaci teaches enforcing a developer to execute identified tests such that teaches determining, by one or more processors, whether the user has implemented the testing regime in the ([Pg. 14 statement] “Statement With a test impact tool, one should be able to decide what tests to run after changing the code. In other words, the tool will provide a list of tests that are relevant for the change. Such a tool will inform the developer about the tests that cover the code she/he changed. Furthermore, upon check-in (commit) to the version control system, the tool will prevent this action if tests corresponding to the changed code were not executed and, optionally, updated”)”.
It would have been obvious to one of ordinary skill in the art at the time of the invention was made to apply the teachings of Hurdugaci with the teachings of Girolami-Rose in order to provide a system that teaches test execution enforcement. The motivation for applying Hurdugaci’s teaching with Girolami-Rose teaching is to provide a system that allows for ensuring test cases are executed based upon identifying risky developers. Furthermore, Stackoverflow Earlz teaches that developers who commit without test have privileges removed “Disciplinary measures being temporary no-direct-commit access. This is what the OpenBSD open source project does. Before a release all developers with commit access must spend a while testing everything. If they don't then they usually get rejected commit access and thus everything they want to do must be checked in by someone else. If this doesn't work after a while, then I would say a firing is in order.” Girolami-Rose and Hurdugaci are analogous art directed towards software development. Together Girolami-Rose, Hurdugaci, Earlz teach every limitation of the claimed invention. Since the teachings were analogous art known at the time of invention, one of ordinary skill could have applied the teachings of Hurdugaci with the teachings of Girolami-Rose by known methods and gained expected results. 
However, the combination may not explicitly teach a countermeasure of preventing the user from any further access to the development system.
Jackson teaches “preventing, by one or more processors, the user from further access to the development system ([0046] At 404, the monitored interaction involving the computing system is determined to be suspicious. In some cases, the monitored interaction determined to be suspicious may be interaction that occurred in a single monitored interval. In other cases, the monitored interaction determined to be suspicious may be interaction that occurred across multiple different monitored intervals. Then, at 406, as a consequence of having determined that the monitored interaction involving the computing system is suspicious, a security mechanism (e.g., any one or combination of the different security mechanisms described above) is invoked in connection with the computing system. The security mechanism invoked may be relatively rigorous and come as a surprise to a hacker or malicious program attempting to attack the computing system so that it may be difficult for the hacker or malicious program to circumvent the invoked security mechanism. For example, the invoked security mechanism may deny all access to the computing system for some predetermined period of time).”
It would have been obvious to one of ordinary skill in the art at the time of the invention was made to apply the teachings of Jackson with the teachings of Girolami-Rose, Hurdugaci, Stackoverflow in order to provide a system that teaches further counter measures. The motivation for applying Jackson teaching with Girolami-Rose, Hurdugaci, Stackoverflow teaching is to provide a system that allows for total protection of a system. Girolami-Rose, Hurdugaci, Stackoverflow, Jackson are analogous art directed towards protecting development systems. Together Girolami-Rose, Hurdugaci, Stackoverflow, Jackson teach every limitation of the claimed invention. Since the teachings were analogous art known at the time of invention, one of ordinary skill could have applied the teachings of Jackson with the teachings of Girolami-Rose, Hurdugaci, Stackoverflow by known methods and gained expected results. 
Claim 4, the combination teaches the limitations of the claim, wherein Girolami-Rose teaches “the method of claim 1, wherein the information relating to previous activities of the user further comprises information representing at least one of: a system access pattern of the user; prior usage of the development system by the user; a number of times the user has accessed the development system; system errors caused by the user; areas of the development system accessed by the user ([Col. 2, Lines 58-67] For instance, a risky area may have: 1. large number of defects/changes for that area 2. large number of high severity defects for that area 3. a large number of coders/authors for that same area 4. an area that has not been tested for a period of time 5. the first version of a requirement 6. inexperienced coder/author 7. developer with a track record of poor quality fixes 8. test usually fails (or conversely test always passes) 9. a very new piece of code); and a previously calculated risk factor for the user.
Claim 5, the combination teaches the limitations of the claim, wherein Girolami-Rose teaches “the method of claim 1, wherein said determining the testing regime comprises selecting one or more program code tests based on the calculated risk factor of the user ([Col. 1, Line 64-Col. 2, Line 67] “In software development, risks can be quantified and defined by certain attributes. For instance, a risky area will have: large number of defects/changes for that area, large number of high severity defects for that area, or large number of coders/authors for that same area. All the above metrics are already captured in UCM, version control tool (such as ClearCase.RTM.), and bug tracking tool (such as ClearQuest.RTM.). By taking the appropriate data and associating with certain triggers and thresholds, an embodiment of the invention automatically identify which test cases to run for regression.)”.
The rational for claim 1 is applied here.	
Claim 6, the combination teaches the limitations of the claim, wherein Girolami-Rose teaches “the method of claim 1, wherein the development system is a multi-user system adapted to enable collaborative creation of program code by different users ([Col. 2, Lines 58-67] For instance, a risky area may have: 1. large number of defects/changes for that area 2. large number of high severity defects for that area 3. a large number of coders/authors for that same area 4. an area that has not been tested for a period of time 5. the first version of a requirement 6. inexperienced coder/author 7. developer with a track record of poor quality fixes 8. test usually fails (or conversely test always passes) 9. a very new piece of code)”.
Claim 7, the combination teaches the limitations of the claim, wherein Girolami-Rose teaches “the method of claim 1, further comprising: testing, by one or more processors, program code created in the development system by running the testing regime on the program code ([Col. 3, Lines 53-63] “Referring to FIG. 1, in one embodiment, for a given operation, the test plans identify test cases (114), which represent the ways in which users are likely to use the product. Test scripts are written to meet the requirements (110) for the test cases. The results returned when the test scripts run are evaluated to determine project status, in particular, the progress toward completing the work represented by the next milestone in the project. Typical test management tools (e.g., CQTM) hold test artifacts that associate Use Cases, User Scenarios (108), Requirements (110) and other coded components (112), to individual test cases (114).”)”. 
The rational for claim 1 is applied here.	
Claim 8, “a computer program product for determining a testing regime for program code created in a development system in order to protect the development system, the computer program product comprising a computer readable storage device, wherein the computer readable storage device is hardware having program code embodied therewith, the program code readable and executable by a processor to perform a method comprising: calculating a risk factor of a user of the development system based on information relating to previous activities of the user, wherein the risk factor describes a likelihood of the user damaging the development system; determining a testing regime for testing program code based on the calculated risk factor of the user; determining whether the user has implemented the testing regime in the development system; and in response to determining that the user has not implemented the testing regime in the development system, preventing the user from further accessing the development system in order to prevent damage to the development system by the user” is similar to claim 1 and therefore rejected with the same citations and references.
Claim 11, 12, 18 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Girolami-Rose in view of Hurdugaci in view of Stackoverflow in view of Jackson in further view of Shochat.
Claim 11, the combination may not explicitly teach the claim.
Shochat teaches “the method of claim 1, wherein the information relating to previous activities of the user with the development system is a number of times the user has previously accessed the system ([0028] “The following are non limiting examples of software bug patterns and problems that may be detected by system 100. Copy-paste bug: this bug is caused by copying a code portion without re-editing and amending it into its new location. It also refers to copying an erroneous code portion to other location in the code. By analyzing the edit actions in software development environment 110, copy-paste portion may be easily detected and presented in view of specific programmer's actions. High editing activity is also a well known indication of software bugs. Statistically, having many changes in the code is related to having a higher risk of bugs in this code. Analyzing the edit actions carried out over software development environment 110 will make it easy to find code segments with high editing activity in a relatively short period of time. It should be noted that these highly edited segments are bug-prone even if the final code is not much different from the original code. Optionally, the programmer may receive a quantitative indicator for the amount of editing that has been applied to a specified portion of code.”)”. 
Rational to claim 2 is applied here.
Claim 12, the combination may not explicitly teach the claim.
Shochat teaches “the method of claim 1, wherein the information relating to previous activities of the user with the development system is a previously calculated risk factor for the user that describes a likelihood of the user damaging the development system ([0036] “FIG. 3 is a high level flowchart diagram illustrating a method 300 according to some embodiments of the invention. The method may start with monitoring over time, actions carried out by at least one programmer over a software development environment to yield development patterns 310. After the monitored actions are accumulated into development patterns, method 300 may go on to compare the development patterns to best practice rules to yield comparison results indicating deviations of the development patterns from the best practice rules 320. Method 300 then proceeds to analyzing the comparison results 330 based at least partially on a likelihood of each action deviated from the respective best practice rule to result in a software bug, to yield an analysis of potential software bug prone code sections. The analysis may be for example in a probability table form indicating which sections of the code are likely to have bugs in it (and optionally, at which probability).”)”.
Rational to claim 2 is applied here.
Claim 18, the combination may not explicitly teach the claim.
([0028] The following are non limiting examples of software bug patterns and problems that may be detected by system 100. Copy-paste bug: this bug is caused by copying a code portion without re-editing and amending it into its new location. It also refers to copying an erroneous code portion to other location in the code. By analyzing the edit actions in software development environment 110, copy-paste portion may be easily detected and presented in view of specific programmer's actions. High editing activity is also a well known indication of software bugs. Statistically, having many changes in the code is related to having a higher risk of bugs in this code. Analyzing the edit actions carried out over software development environment 110 will make it easy to find code segments with high editing activity in a relatively short period of time. It should be noted that these highly edited segments are bug-prone even if the final code is not much different from the original code. Optionally, the programmer may receive a quantitative indicator for the amount of editing that has been applied to a specified portion of code. [0029] Other monitored actions may include outdated documentation. Outdated documentation may lead to code misunderstanding by other programmer on the team which may cause further problems throughout the software development lifecycle. By analyzing the edit and file history carried out by the programmers over software development environment 110, situations in which the documentation has been written a long time after writing the code or when changing the code without updating the documentation may be indicated to the programmer.)”.
Rational to claim 2 is applied here.
Claims 10  is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over of Girolami-Rose in view of Hurdugaci in view of Stackoverflow in view of Jackson in further view of Shihab.
Claim 10, the combination may not explicitly teach the limitations.
([Table 1] certain times a developer access a system contributes to risk).”
It would have been obvious to one of ordinary skill in the art at the time of the invention was made to apply the teachings of Shihab with the teachings of Girolami-Rose, Hurdugaci, Stackoverflow, Jackson in order to provide a system that teaches additional attributes that contribute to risk. The motivation for applying Shihab teaching with Girolami-Rose, Hurdugaci, Stackoverflow, Jackson teaching is to provide a system that allows for other attributes in calculating which test cases to execute. Girolami-Rose, Hurdugaci, Stackoverflow, Jackson, Shihab  are analogous art directed towards software development. Together Girolami-Rose, Hurdugaci, Stackoverflow, Jackson, Shihab teach every limitation of the claimed invention. Since the teachings were analogous art known at the time of invention, one of ordinary skill could have applied the teachings of Shihab with the teachings of Girolami-Rose, Hurdugaci, Stackoverflow, Jackson by known methods and gained expected results. 
Claim 13 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over of Girolami-Rose in view of Hurdugaci in view of Stackoverflow in view of Jackson in further view of White.
Claim 13, the combination may not explicitly teach the limitations.
White teaches “the method of claim 1, wherein the information relating to previous activities of the user with the development system is a time elapsed since the user last accessed the system before said calculating the risk factor occurs ([Col. 17, Lines 33-45] As yet another example, when a predetermined period of time has elapsed since a user previously attempted to conduct a transaction accessing any of the data stored in the server 12, the level of risk adjustment 74 requires increasing the level of risk 64 by one level of risk. Such predetermined periods of time include, but are not limited to, one day, one week, two weeks, one month and three months. Moreover, it should be appreciated that the predetermined periods of time may be determined by the nature of the business entity. Although the level of risk adjustments 74 described herein involve increasing or decreasing an appropriate level of risk 64 by a single level of risk, it should be appreciated that in other embodiments the level of risk adjustments 74 may be greater than a single level of risk 64.)”.
It would have been obvious to one of ordinary skill in the art at the time of the invention was made to apply the teachings of White with the teachings of Girolami-Rose, Hurdugaci, Stackoverflow, Jackson in order to provide a system that teaches additional attributes that contribute to risk. The motivation for applying White teaching with Girolami-Rose, Hurdugaci, Stackoverflow, Jackson teaching is to provide a system that allows for other attributes in calculating which test cases to execute. Girolami-Rose, Hurdugaci, Stackoverflow, Jackson, White are analogous art directed towards software development. Together Girolami-Rose, Hurdugaci, Stackoverflow, Jackson, White teach every limitation of the claimed invention. Since the teachings were analogous art known at the time of invention, one of ordinary skill could have applied the teachings of White with the teachings of Girolami-Rose, Hurdugaci, Stackoverflow, Jackson by known methods and gained expected results. 
Claims 14, 15 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Girolami-Rose in view of Hurdugaci in view of Stackoverflow in view of Jackson in further view of Park (Pub. No. US 2012/0030654).
Claim 14, the combination teaches the limitations of the claim, wherein Girolami-Rose teaches “The method of claim 1, wherein the information relating to previous activities of the user with the development system describes types of operations that have been performed by the user ([Col. 2, Lines 58-67] For instance, a risky area may have: 1. large number of defects/changes for that area 2. large number of high severity defects for that area 3. a large number of coders/authors for that same area 4. an area that has not been tested for a period of time 5. the first version of a requirement 6. inexperienced coder/author 7. developer with a track record of poor quality fixes 8. test usually fails (or conversely test always passes) 9. a very new piece of code).
However, combination may not explicitly teach details regarding changes such that teaches “wherein the types of operations are from a group consisting of updating an existing file and creating a new file”.
“wherein the types of operations are from a group consisting of updating an existing file and creating a new file ([0029] “The change event processor 102 may interoperate with the monitoring apparatus 120 configured to monitor the source code storage unit 130 and the test project storage unit 140. Accordingly, the change event processor 102 may recognize a change in files that are stored in the source code storage unit 130 and the test project storage unit 140. For example, the change event processor 102 may detect whether the stored files are created, changed or deleted, based on a change event input from the monitoring apparatus 120. Also, the change event processor 102 may request the test solution processor 103 to initiate an operation depending on whether a change in a file stored in the source code storage unit 130 is detected.”)”
It would have been obvious to one of ordinary skill in the art at the time of the invention was made to apply the teachings of Park with the teachings of Girolami-Rose, Hurdugaci, Stackoverflow, Jackson in order to provide as evidence that file changes as taught by Girolami-Rose includes creating new files as evidenced by Park. Together Girolami-Rose, Hurdugaci, Stackoverflow, Jackson, Park teach every limitation of the claimed invention. Since the teachings were analogous art known at the time of invention, one of ordinary skill could have applied the teachings of Park with the teachings of Girolami-Rose, Hurdugaci, Stackoverflow, Jackson by known methods and gained expected results. 
Claim 15, the combination teaches the limitation, wherein  Girolami-Rose teaches “the method of claim 1, wherein the information relating to previous activities of the user with the development system describes types of operations that have been performed by the user ([Col. 2, Lines 58-67] For instance, a risky area may have: 1. large number of defects/changes for that area 2. large number of high severity defects for that area 3. a large number of coders/authors for that same area 4. an area that has not been tested for a period of time 5. the first version of a requirement 6. inexperienced coder/author 7. developer with a track record of poor quality fixes 8. test usually fails (or conversely test always passes) 9. a very new piece of code)”.

Park teaches “wherein the types of operations are those that delete a file ([0029] “The change event processor 102 may interoperate with the monitoring apparatus 120 configured to monitor the source code storage unit 130 and the test project storage unit 140. Accordingly, the change event processor 102 may recognize a change in files that are stored in the source code storage unit 130 and the test project storage unit 140. For example, the change event processor 102 may detect whether the stored files are created, changed or deleted, based on a change event input from the monitoring apparatus 120. Also, the change event processor 102 may request the test solution processor 103 to initiate an operation depending on whether a change in a file stored in the source code storage unit 130 is detected.”)”
Rational to claim 14 is applied here.
Claim 17 is rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Girolami-Rose in view of Hurdugaci in view of Stackoverflow in view of Jackson in view of Shihab in further view of Laxman (Pub. No. US 2010/0299305).
Claim 17, the combination teaches the limitations of the claim, wherein Shihab teaches “The method of claim 1, wherein the information relating to previous activities of the user with the development system is a size of accessed data by the user during past activities, wherein the size of the accessed data describes a number of lines of code changed and a number of files that have been accessed by the user during the past activities ([Table 1] lines changed and files changed).”)”, and wherein Girolami-Rose teaches “a low number of lines of code being changed and a low number of files being accessed by the user indicate a high risk factor for the user ([Col. 3, Lines 23-35] “In one embodiment, risks from the Risk Definition file are quantified and the thresholds set. These are defined by the users and then iterated over by the quality management system to assign risk failure scores to the tests. For example: Code area changes>1, +10 Code not changed in 1 month, -10 Defect fixed, +10 Test passed last time, -10 Test not run in month, +10 1st version of source, +100 Developer x made change, +50 Developer y made change, +10 Test failed last time, +10 Test failed last 2 times, +50 Risk Policy and scoring”)”..
. 
Claims 1, 8 are rejected under pre-AIA  35 U.S.C. 103(a) as being unpatentable over Shihab (NPL, 11/11/12, “An Industrial Study on the Risk of Software Changes”) in view of Neumann (US. Pub. No. 2006/0200803) in view of Stackoverflow (NPL, 2010 “What do you do with a developer who does not test his code”) in further view of Jackson.
Claim 1, Shihab teaches “a method comprising: calculating, by one or more processors, a risk factor of a user of a development system (Table 4: Performance of Developer-Level Change Risk Classification [4.2 Logistic Regression Models] The output of our logistic regression model is a probability (between 0 and 1) of the likelihood that a change is risky. Then, it is up to the user of the output of the logistic regression model to determine a threshold at which she/he will consider a change as being risky. Generally speaking, a threshold of 0.5 is used. For example, if a change has a likelihood of 0.5 or higher, then it is considered risky, otherwise it is not.) based on information relating to previous activities of the user with the development system (Table 1: Factors Used to Study Risky Changes), wherein the risk factor describes a likelihood of the user damaging the development system ([1. Introduction] Another study showed that, industry-wide, only 16.2% of software projects are on time and on budget. Of the rest, 52.7% are delivered with reduced functionality and 31.1% are cancelled before completion. The main reason for this large amount of late projects is the lack of proper software risk management (i.e., activities used to manage the possibility of harm or loss) [6, 10].); determining, by one or more processors, a testing regime for testing program code based on the calculated risk factor of the user ([3.2 Change Data] The general rule communicated to all developers regarding risky changes is that a change is considered risky if additional attention like careful code reviewing and possibly more testing is deemed necessary. On the other hand, a non-risky change is one where the change does not need any special treatment in terms of code review or testing. The change can be safely integrated into the code without having any (expected) negative impact.)”.
However, Shihab may not explicitly teach elapse time.
Girolami-Rose “ wherein the information relating to previous activities of the user includes time elapsed since the user last accessed the development system ([Col. 2, Lines 55-67] attributes contributing to scores include “… 4. an area that has not been tested for a period of time 6. Inexperienced coder/author 7. developer with a track record of poor quality fixes 8.”)”
It would have been obvious to one of ordinary skill in the art at the time of the invention was made to apply the teachings of Girolami-Rose with the teachings of Shihab in order to provide a method that teaches calculating probability includes elapse time. The motivation for applying the teachings of Girolami-Rose with teachings of Shihab is to provide additional factors of user attributes. Shihab, Girolami-Rose are analogous art directed towards risk and testing within a software development environment. Together Shihab, Girolami-Rose teach every limitation of the claimed invention. Since the teachings were analogous art known at the time of invention, one of ordinary skill 
However, the combination may not explicitly teach the remaining limitations.
Neumann teaches “determining, by one or more processors, whether the user has implemented the testing regime in the development system; and in response to determining that the user has not implemented the testing regime in the development system, preventing, by one or more processors, the user from further accessing the development system in order to prevent damage to the development system by the user ([0073] The policy failure user interface may allow a user to select a policy failure to view more information. A selection event may invoke a method on the policy plugin (e.g., 124 or 126) associated with the selected policy. This method may be used to invoke the details for the failed policy so the user can get more information. Alternatively, the method may invoke a help system that provides an explanation of the failure and a description of how to fix it. Finally, the method may choose to initiate an activity that will resolve the policy failure. For example, if the policy failure is due to non-compliance with a static analysis and/or unit tests policy requirement, the activity that will resolve the policy failure would comprise running static analysis and/or unit tests. [Fig. 7b] indicating tests were not run [0089] When the source code being submitted is not compliant with one or more policies, process 1000 proceeds to act 1070, where a policy override option may be provided to allow for any policy failures to be overridden and the source code checked in. Act 1070 may be performed automatically …. When the override option is not selected, the process 1000 terminates. In addition, the display may again show the list of policy failures (e.g., as in act 1040).)”.
It would have been obvious to one of ordinary skill in the art at the time of the invention was made to apply the teachings of Neumann with the teachings of Shihab, Girolami-Rose in order to provide a system that teaches test execution enforcement. The motivation for applying Neumann teaching with Shihab, Girolami-Rose teaching is to provide a system that allows for ensuring test cases are executed based upon identifying missing tests. Furthermore, Stackoverflow Earlz teaches that developers who commit without test have privileges removed “Disciplinary measures being 
However, the combination may not explicitly teach a countermeasure of preventing the user from any further access to the development system.
Jackson teaches “preventing, by one or more processors, the user from further access to the development system ([0046] At 404, the monitored interaction involving the computing system is determined to be suspicious. In some cases, the monitored interaction determined to be suspicious may be interaction that occurred in a single monitored interval. In other cases, the monitored interaction determined to be suspicious may be interaction that occurred across multiple different monitored intervals. Then, at 406, as a consequence of having determined that the monitored interaction involving the computing system is suspicious, a security mechanism (e.g., any one or combination of the different security mechanisms described above) is invoked in connection with the computing system. The security mechanism invoked may be relatively rigorous and come as a surprise to a hacker or malicious program attempting to attack the computing system so that it may be difficult for the hacker or malicious program to circumvent the invoked security mechanism. For example, the invoked security mechanism may deny all access to the computing system for some predetermined period of time).”
It would have been obvious to one of ordinary skill in the art at the time of the invention was made to apply the teachings of Jackson with the teachings of Girolami-Rose, Hurdugaci, Stackoverflow in order to provide a system that teaches further counter measures. The motivation for 
Dependent claims 4-7, 10 are rejected under Shihab, Girolami-Rose, Stackoverflow Earlz, Jackson, Neumann as provided above.
Dependent claims 11, 12, 18 are rejected under Shihab, Girolami-Rose, Stackoverflow Earlz, Jackson, Neumann in further view of Shochat as provided above.
Dependent claim 13 is rejected under Shihab, Girolami-Rose, Stackoverflow Earlz, Jackson, Neumann in further view of White as provided above.
Dependent claims 14, 15 are rejected under Shihab, Girolami-Rose, Stackoverflow Earlz, Jackson, Neumann in further view of Park as provided above.
Dependent claims 17 are rejected under Shihab, Girolami-Rose, Stackoverflow Earlz, Jackson, Neumann in further view of Laxman as provided above.

Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to WYNUEL S AQUINO whose telephone number is (571)272-7478. The examiner can normally be reached 9AM-5PM EST M-F.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lewis Bullock can be reached on 571-272-3759. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/WYNUEL S AQUINO/Primary Examiner, Art Unit 2199