Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

DETAILED ACTION
This is a reply to the application filed on 01/14/2020, in which, claim(s) 1-20 are pending.

When making claim amendments, the applicant is encouraged to consider the references in their entireties, including those portions that have not been cited by the examiner and their equivalents as they may most broadly and appropriately apply to any particular anticipated claim amendments.

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 03/09/2020, has been reviewed. The submission is in compliance with the provisions of 37 CFR 1.97. Accordingly, the examiner is considering the information disclosure statement.

Specification
The lengthy specification has not been checked to the extent necessary to determine the presence of all possible minor errors. Applicant’s cooperation is requested in correcting any errors of which applicant may become aware in the specification.

Drawings
The drawings filed on 01/14/2020 is/are accepted by The Examiner.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows: 
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.

Claim(s) 9-20 is/are rejected under 35 U.S.C. 101 because the claimed invention is directed to non-statutory subject matter.
Based upon consideration of all the relevant factors with respect to the claim as a whole, claim(s) 9-20 is/are held to claim software per se, and are therefore rejected as non-statutory subject matter under 35 U.S.C. 101. The rationale for this finding is explained below:
Claim(s) 9-20 is/are rejected under 35 U.S.C. 101 as directed to non-statutory subject matter of software, per se. The claims lack the necessary physical articles or objects to constitute a machine or manufacture within the meaning of 35 U.S.C. 101. In this case, applicant has claimed “an automated detection software tool / a software tool” in the preamble to the claim without reciting any hardware element in the body of the claim; this implies that Applicants are claiming a system of software, per se, lacking the hardware necessary to realize any of the underlying functionality. Therefore, claim(s) 9-20 is/are directed to non-statutory subject matter as computer programs, per se.

Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph:
The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention.

Claim recites the limitation “An automated detection software tool for quarantining source code vulnerable to a cybersecurity threat, the tool comprising computer executable instructions” (emphasis added).  There is insufficient antecedent basis for the term “the tool” (emphasis added) limitation in the claim.
Dependent claims 10-14 are rejected for at least in part for incorporating the deficiency of claim 9 as stated above, because claims 10-14 reciting “the software tool of claim 9”.

Claim 15 recites the limitation “A software tool for quarantining source code vulnerable to a cybersecurity threat, the tool comprising” (emphasis added).  There is insufficient antecedent basis for the term “the tool” (emphasis added) limitation in the claim.
Dependent claims 16-20 are rejected for at least in part for incorporating the deficiency of claim 15 as stated above, because claims 16-20 reciting “the software tool of claim 15”.

Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

The factual inquiries for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-12 and 15-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cornell et al. (Pub. No.: US 2016/0246965 A1; hereinafter Cornell) in view of Ramabhatta et al. (Pub. No.: US 2013/0145472 A1; hereinafter Ramabhatta).
Regarding claims 1, 9 and 15, Cornell discloses a method for automating detection of source code vulnerable to a cybersecurity threat, the method comprising:
importing a source code file (input of source file [Cornell; ¶28-35; fig. 4A-4B and associated text]);
determining a programming language of the source code file (determine the language such has Java or other flexible program language [Cornell; ¶28-35; fig. 4A-4B and associated text]);
iterating through each line of the source code file and extracting natural language artifacts embedded in the source code file (extract each artifacts [Cornell; ¶28-35; fig. 4A-4B and associated text]);
for each extracted artifact: locating source code associated with the artifact (fine the line number and location [Cornell; ¶28-35; fig. 4A-4B and associated text]); and 
determining whether the source code file includes code that is vulnerable to a cybersecurity threat based on: whether the artifact relates contextually to a cybersecurity threat; and a polarity of the artifact (determine if the file contains serious vulnerability by comparing the artifacts, path, etc., for matches [Cornell; ¶39-42; Figs. 6A-6B and associated texts]); and 
when the source code file includes a threshold quantity of vulnerable code (when the artifacts or elements in the source file contains serious vulnerabilities [Cornell; ¶39-42; Figs. 4A-4B, 6A-6B and associated texts]). Cornell discloses merging and correlating results from static application security testing (SAST) and dynamic application security testing (DAST) of web applications. This improves the ability of the application development team to identify vulnerabilities identified by both types of testing tools and prioritize the vulnerabilities to be addressed. In addition, the invention provides the ability to map the location of a dynamic vulnerability finding to a specific line of code with the Integrated Development Environment (IDE) used by the development team. Moreover, the invention provides the capability to “seed” a dynamic scanner with an exhaustive list of all URLs and parameters that should exist in an application. This allows the scanner to perform more exhaustive testing than if it was required to discover or guess the list of URLs and parameters based solely on a blind dynamic analysis of the application's attack surface.
Cornell does not explicilty discloses quarantining the source code file; however, in a related and analogous art, Ramabhatta teaches this feature.
In particular, Ramabhatta teaches processing sources file to detect malware within the source file and preventing it such as removing/quarantine [Ramabhatta; ¶28-35, 51-60; fig. 1, 3 and associate texts]. IT would have been obvious before the effective filing date of the claimed invention to modify Cornell in view of Ramabhatta with the motivation to prevent the source file from executing and infection.

Regarding claim 2, Cornell-Ramabhatta combination discloses the method of claim 1, wherein quarantining the source code file comprises preventing execution of a computer program that includes the source code file (removing/quarantine prevent the file from executing [Ramabhatta; ¶28-35, 51-60; fig. 1, 3 and associate texts]. The motivation to prevent the source file from executing and infection.

Regarding claim 3, Cornell-Ramabhatta combination discloses the method of claim 1, further comprising: 
determining an overall polarity of all the artifacts embedded in the source code file (file directory or URL form filename and the degree of matching, this to determine if it is a threat of false positives [Cornell; ¶11-12, 28-42; fig. 4A-4B, 6A-6B and associated text]); and 
based on the overall polarity, quarantining the source code file when source code file includes less than the threshold quantity of vulnerable code (removing/quarantine prevent the file from executing [Ramabhatta; ¶28-35, 51-60; fig. 1, 3 and associate texts]. The motivation to prevent the source file from executing and infection.

Regarding claim 4, Cornell-Ramabhatta combination discloses the method of claim 1, wherein the artifacts comprise one or more of: a comment; an error message; a variable identifier; and a file name referenced in the source code (file directory or URL form filename [Cornell; ¶28-35; fig. 4A-4B and associated text]).

Regarding claim 5, Cornell-Ramabhatta combination discloses the method of claim 1 further comprising determining the programming language based on syntax of the source code file (determine the language such has Java or other flexible program language [Cornell; ¶28-42; fig. 4A-4B, 6A-6B and associated text]).

Regarding claim 6, Cornell-Ramabhatta combination discloses the method of claim 1 further comprising: determining a cybersecurity sentiment by end users of a service provided by a product that includes the source code; and when the cybersecurity sentiment and the threshold number of instances of vulnerable source code collectively exceed a threshold negativity level, quarantining the source code file (determine the language such has Java or other flexible program language and the degree of matching, this to determine if it is a threat of false positives [Cornell; ¶11-12, 28-42; fig. 4A-4B, 6A-6B and associated text]).

Regarding claim 7, Cornell-Ramabhatta combination discloses the method of claim 1 further comprising locating the vulnerable source code associated with the artifact based on one or more of: a proximity of the artifact to the vulnerable source code; a textual pattern shared by the artifact and the vulnerable source code; and a functional relationship between the artifact and the vulnerable source code (determine the language such has Java or other flexible program language and the degree of matching, this to determine if it is a threat of false positives [Cornell; ¶11-12, 28-42; fig. 4A-4B, 6A-6B and associated text]).

Regarding claim 8, Cornell-Ramabhatta combination discloses the method of claim 1 further comprising: forecasting a likelihood the vulnerable source code will be compromised by a potential cybersecurity threat based on an overall: contextual relationship of the artifacts embedded in the source code file to the potential cybersecurity threat; and polarity of the artifacts embedded in the source code file; and when the likelihood is above a threshold level, quarantining the source code file  (using static and dynamic features to detects the threats in the source code and determining the degree of matching, this to determine if it is a threat of false positives [Cornell; ¶11-12, 28-42; fig. 4A-4B, 6A-6B and associated text]).

Regarding claim 10, Cornell-Ramabhatta combination discloses the software tool of claim 9 further comprising computer executable instructions, that when executed by the processor on the computer system: determines the cybersecurity sentiment for a first module of the source code file; and based on a functional relationship linking the first module in the source code file to a second module in the source code file, applies the cybersecurity sentiment of the first module to the second module; wherein: the second module does not include any natural language artifacts; and the combined cybersecurity sentiment and perceived cybersecurity sentiment comprises the cybersecurity sentiment of the first module and the cybersecurity sentiment of the second module (using static and dynamic features to detects the threats in the source code, determine the language such has Java or other flexible program language and the degree of matching, this to determine if it is a threat of false positives [Cornell; ¶11-12, 28-42; fig. 4A-4B, 6A-6B and associated text]).

Regarding claim 11, Cornell-Ramabhatta combination discloses the software tool of claim 9 further comprising computer executable instructions, that when executed by the processor on the computer system: determines the cybersecurity sentiment for a first module in the source code file; and increases the threshold negativity level of the first module to the cybersecurity threat based on a functional relationship linking the first module to a second module in the source code file; wherein the second module is associated with a known vulnerability to the cybersecurity threat (using static and dynamic features to detects the threats in the source code, determine the language such has Java or other flexible program language and the degree of matching, this to determine if it is a threat of false positives [Cornell; ¶11-12, 28-42; fig. 4A-4B, 6A-6B and associated text], removing/quarantine prevent the file from executing [Ramabhatta; ¶28-35, 51-60; fig. 1, 3 and associate texts]. The motivation to prevent the source file from executing and infection.

Regarding claim 12, Cornell-Ramabhatta combination discloses the software tool of claim 9 further comprising computer executable instructions, that when executed by the processor on the computer system determines the cybersecurity sentiment and the perceived cybersecurity sentiment using a set of rules, codified in a scripting language that, for each natural language artifact, determines: a cybersecurity topic associated with the artifact; and whether the artifact expresses a positive or negative attitude toward the cybersecurity topic  (using static and dynamic features to detects the threats in the source code, determine the language such has Java or other flexible program language and the degree of matching, this to determine if it is a threat of false positives [Cornell; ¶11-12, 28-42; fig. 4A-4B, 6A-6B and associated text]).

Regarding claim 16, Cornell-Ramabhatta combination discloses the software tool of claim 15, wherein the lexicon-based dictionary is created based on a list of words that are: extracted from a plurality of source code files; and coded to identify a cybersecurity topic and polarity expressed regarding the cybersecurity topic (analysis tools uses the dictionary, taxonomy and pattern mapping of previous insert [Cornell; ¶11-12, 26-42; fig. 4A-4B, 6A-6B and associated text]).

Regarding claim 17, Cornell-Ramabhatta combination discloses the software tool of claim 16, wherein the machine learning model is trained using the lexicon-based dictionary (the static and dynamic analysis tools uses the dictionary, taxonomy and pattern mapping of previous insert [Cornell; ¶11-12, 26-35; fig. 4A-4B, 6A-6B and associated text]).

Regarding claim 18, Cornell-Ramabhatta combination discloses the software tool of claim 15, further comprising computer executable instructions, that when executed by the processor on the computer system: determines a perceived cybersecurity sentiment of an end user of the source code file; and adjust the threshold level of negativity based on the perceived cybersecurity sentiment (using static and dynamic features to detects the threats in the source code and determining the degree of matching, this to determine if it is a threat of false positives [Cornell; ¶11-12, 28-42; fig. 4A-4B, 6A-6B and associated text]).

Regarding claim 19, Cornell-Ramabhatta combination discloses the software tool of claim 15, further comprising computer executable instructions, that when executed by the processor on the computer system, for each natural language artifact: determine whether the natural language artifact includes information that identifies a specific individual; and in response to determining that the artifact identifies the specific individual, does not extract the artifact  (using static and dynamic features to detects the threats in the source code and determining the degree of matching, this to determine if it is a threat of false positives [Cornell; ¶11-12, 28-42; fig. 4A-4B, 6A-6B and associated text]).

Regarding claim 20, Cornell-Ramabhatta combination discloses the software tool of claim 15, wherein the natural language artifacts comprise one or more of: a comment; text of an error message; a text string used as a variable identifier; and a file name referenced in the source code (file directory or URL form filename [Cornell; ¶28-35; fig. 4A-4B and associated text]).

Claims 13-14 is/are rejected under 35 U.S.C. 103 as being unpatentable over Cornell-Ramabhatta combination in view of Walters et al. (Pub. No.: US 2020/0012902 A1; hereinafter Walters).
Regarding claim 13, Cornell-Ramabhatta combination does not explicilty discloses the software tool of claim 9 further comprising computer executable instructions, that when executed by the processor on the computer system determines the cybersecurity sentiment and the perceived cybersecurity sentiment using a machine learning model that is configured to: discloses vectorize the natural language artifacts embedded in the source code file by associating each artifact with a cybersecurity topic and a segment of the natural language artifact indicating an attitude to the cybersecurity topic; and apply a neural network to the vectorized natural language artifacts to determine the cybersecurity sentiment for the source code file; however, in a related and analogous art, Walters teaches these features.
In particular, Walters teaches machine-learning models including vectorize data and applying a neural network to the data to create neural network data and other modelling optimizer [Walter; ¶54-90; Figs. 3-4 and associated texts]. It would have been obvious before the effective filing date of the claimed invention to modify Cornell-Ramabhatta combination in view of Walters with the motivation to use neural network in machine learning to improve the detection of threats in source code file.

Regarding claim 14, Cornell-Ramabhatta-Walters combination discloses the software tool of claim 13, wherein the machine learning model was trained using associations linking: a software functionality and a natural language text string; and the software functionality and the natural language text string to the cybersecurity threat [Walter; ¶54-90; Figs. 3-4 and associated texts]. The motivation to use neural network in machine learning to improve the detection of threats in source code file.

Internet Communications
Applicant is encouraged to submit a written authorization for Internet communications (PTO/SB/439, http:ljwww.uspto.gov/sites/default/files/documents/sb0439.pdf) in the instant patent application to authorize the examiner to communicate with the applicant via email. The authorization will allow the examiner to better practice compact prosecution. The written authorization can be submitted via one of the following methods only: (1) Central Fax which can be found in the Conclusion section of this Office action; (2) regular postal mail; (3) EFS WEB; or (4) the service window on the Alexandria campus. EFS web is the recommended way to submit the form since this allows the form to be entered into the file wrapper within the same day (system dependent). Written authorization submitted via other methods, such as direct fax to the examiner or email, will not be accepted. See MPEP § 502.03.

Conclusion
	
Any inquiry concerning this communication or earlier communications from the examiner should be directed to DAO Q HO whose telephone number is (571)270-5998.  The examiner can normally be reached on 7:00am - 5:00pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jeffrey Nickerson can be reached on (469) 295-9235.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.


/DAO Q HO/Primary Examiner, Art Unit 2432