Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Reasons for Allowance
Claims 1-20 are allowed.  
The following is an examiner’s statement of reason for allowance:  
	With respect to claims 1-8, Gargiulo et al.( U.S. Pub. 2012/0116848 A1) discloses a vulnerability-solution resolution (VSR) system, comprising: a memory configured to store a vulnerabilities table, a solutions table (i.e., “provide a complete assessment using business drivers and specifications of a solution to identify areas for improvement of business operations”(0005) and table 1 (0038)), and a links table having a many-to-many relationship with both the vulnerabilities table and the solutions table (i.e., “At step 730, the assessment tool correlates the assessment results to the appropriate value drivers for the business. This correlation can be a "one-to-one", "one-to-many" or "many-to-one" relationship as discussed in more detail with reference to FIGS. 10a-10d” (0079) and “as shown in FIG. 10b, the relationships may be mapped as many-to-many. In the case of many to many relationships, multiple technical specifications of a solution can produce an impact on a business which is described by a driver of value as shown in FIG. 10b. Also, as shown in FIG. 10c, a single technical specification can impact multiple drivers of value, since a technical specification can have broad impacts across many different dimension” (0126)); a processor configured to execute instructions stored in the memory to cause the VSR system to perform actions comprising (i.e., “The assessment tool 100 can also provide technical specifications and value drivers for business solutions based on the complete client operational assessments. For example, the assessment tool 100, in the complete client operational assessment stage, can determine the client maturity and transition and transformation risk for specific areas such as, for example, servers, storage, mainframe, end user services, etc., where process maturity questions are mapped to associated drivers of value and technical specifications” (0043)): receiving solution data for a plurality of solutions, wherein each solution of the plurality of solutions includes a respective common vulnerabilities and exposures (CVE) identifier of the solution (i.e., “the client receives the solution and cost, and approves or rejects the solution”(0089) and “The initial assessment is used to determine the areas of high impact where capabilities can drive value for the client, helping to develop initial client and solution strategies that better address the client's business issues…  the complete client operational assessment provides a view of the potential risk of a client on transition and transformation of business processes” (0024));  but Gargiulo does not discloses in response to determining that the solution data is not already stored in the solutions table, storing the plurality of solutions in the solutions table; receiving vulnerability data for a vulnerability detected on a client network, wherein the vulnerability data includes a CVE identifier of the vulnerability; and in response to determining that the vulnerability data is not already stored in the vulnerabilities table: storing the vulnerability in the vulnerabilities table; identifying one or more solutions in the solutions table that are related to a CVE identifier that matches the CVE identifier of the vulnerability; and adding a new respective link to the links table that associates the vulnerability in the vulnerabilities table and each of the one or more solutions identified in the solutions table.  
With respect to claims 9-20, Gargiulo et al. discloses a method of operating a vulnerability-solution resolution (VSR) system that includes a vulnerabilities table, a solutions table, and a links table (i.e., “provide a complete assessment using business drivers and specifications of a solution to identify areas for improvement of business operations”(0005) and table 1 (0038), (i.e., “At step 730, the assessment tool correlates the assessment results to the appropriate value drivers for the business. This correlation can be a "one-to-one", "one-to-many" or "many-to-one" relationship as discussed in more detail with reference to FIGS. 10a-10d” (0079) and “as shown in FIG. 10b, the relationships may be mapped as many-to-many. In the case of many to many relationships, multiple technical specifications of a solution can produce an impact on a business which is described by a driver of value as shown in FIG. 10b. Also, as shown in FIG. 10c, a single technical specification can impact multiple drivers of value, since a technical specification can have broad impacts across many different dimension” (0126));  the method comprising: receiving solution data for a plurality of solutions, wherein each solution of the plurality of solutions includes a respective common vulnerabilities and exposures (CVE) identifier of the solution ((i.e., “the client receives the solution and cost, and approves or rejects the solution”(0089) and “The initial assessment is used to determine the areas of high impact where capabilities can drive value for the client, helping to develop initial client and solution strategies that better address the client's business issues…  the complete client operational assessment provides a view of the potential risk of a client on transition and transformation of business processes” (0024));   but Gargiulo does not discloses in response to determining that the solution data is not already stored in the solutions table, storing the plurality of solutions in the solutions table; receiving vulnerability data for a vulnerability detected on a client network, wherein the vulnerability data includes a CVE identifier of the vulnerability; and in response to determining that the vulnerability data is not already stored in the vulnerabilities table: storing the vulnerability in the vulnerabilities table; identifying one or more solutions in the solutions table having a respective CVE identifier that matches the CVE identifier of the vulnerability; and adding a new respective link to the links table that associates the vulnerability in the vulnerabilities table and each of the one or more solutions identified in the solutions table.  
Conclusion

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HUNG T VY whose telephone number is (571)272-1954. The examiner can normally be reached M-F 8-5.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tony Mahmoudi can be reached on (571)272-4078. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HUNG T VY/
Primary Examiner, Art Unit 2163                                                                                                                                                                                             June 2, 2022