DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This communication is in response to the amendment filed on 05/23/2022.
Claims 1-20 are currently pending in this application. Claims 1, 2, 5, 6, 8, 9, 12, 13, 15, 16 and 19 have been amended. 
The applicant has filed a terminal disclaimer (TD) with patents US 10,404,734 and US 10,887,336 and the TD is approved on 05/27/2022.
No new IDS has been filed.

Response to Arguments
The previous objection to the abstract of the specification has been withdrawn in response to the applicants’ amendment to the abstract filed on 05/23/2022.
The previous 112(a) and 112(b) rejections to the claims 1-20 have been withdrawn in response to the applicants’ amendments/remarks.
The previous 102 rejections to the claims 1-20 have been withdrawn in response to the applicants’ amendments/remarks.

Allowable Subject Matter
Claims 1-20 are allowed.

Examiner’s Statement of Reasons for Allowance
The following is an examiner’s statement of reasons for allowance:
Regarding independent claims 1, 8 and 15,
Qureshi et al. (US 8001527 B1) teaches a system and method for managing a deployment of a software application including a root cause analysis module configured to identify problematic objects of the application model, and to use pattern recognition on the application model to find root cause candidates that may be a root cause of problems associated with the problematic objects. A managed application is provided in a distributed environment. The points of measurement specification of telemetry and actual collection are different. The meta-application is preferably able to show a level of confidence that it has in a matched logic rule or problem. In this non-fuzzy logic or probability approach, a predicate can only have a true or false value, and a confidence value attached to the predicate is a measure of the probability that the predicate is true – see fig. 1; abstract; columns 23, 49 and 50 of Qureshi.

Stolfo et al. (US 2010/0054278 A1) teaches a method, apparatus and medium for detecting anomalous payloads transmitted through a network. The server can store a plurality of model distributions (i.e., model payloads) that represents or corresponds to the statistical distributions of normal payloads received by the server. The model payload is selected based on the size of the current payload data received by the server. The length distribution created by the server corresponds to the distribution of lengths of individual payloads received by the server during a training period. The length distribution is partitioned to generate multiple model payloads that can be selectively compared to the received payload data. The server can check the date on payloads by determining if the date of a payload data is greater than, or older than, a predetermined threshold. The server identifies anomalous payloads as those payloads are sufficiently different from the model distribution based on predetermined user criteria - see fig. 2; abstract, paras. [0061], [0065], [0067], [0081] and [0090] of Stolfo.

Li et al. (US 2012/0005534 A1) teaches a method and apparatus for determining the probability that one or more problems have occurred within a complex multi-host system. System measure states may be determined based on an aggregation of system measurement values taken periodically. A rolling count aggregation function may be used. The system measure state may be also determined based on whether the rolling count exceeds a threshold associated with the system measure. A probabilistic model is used to represent interrelationships among components regarding how a failure in one component may affect another component, and a historical time window may be used to identify recently collected data points used as input to an aggregation function that produces data that better reflects the cumulative state of the data over recent history – see abstract; fig. 3; paras. [0029] and [0048] of Li.

However, the prior art of record does not teach or render obvious the limitations, specific and combination with other limitations:
in the claims 1, 8 and 15 of a method, non-transitory computer program product or system for, 
generating a probabilistic transition model; and iteratively performing a process until a threshold number of iterations for a candidate payload selected from a set of candidate payloads, wherein the candidate payload has not been employed in a prior iteration of the process:
in response to determining that a probability value assigned to the candidate payload exceeds a defined probability value indicative of causing occurrence of a vulnerability:
applying the candidate payload to an input point of a software under test, and
in response to determining that application of the candidate payload to the input point of the software under test does not result in causing the occurrence of the vulnerability, tokenizing, the candidate payload into one or more tokens.
Dependent claims 2-7, 9-14 and 16-20 are allowed as they depend from allowable independent claim 1, 8 or 15.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee. Such submissions should be clearly labeled "Comments on Statement of Reasons for Allowance".

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MAUNG T LWIN whose telephone number is (571)270-7845.  The examiner can normally be reached on Monday - Friday 10:00 am - 6:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Farid Homayounmehr can be reached on 571-272-3739.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/MAUNG T LWIN/Primary Examiner, Art Unit 2495