Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Amendment
The Amendment filed on 06/29/2022 has been entered. Claims 1, 8, 12 and 14 have been amended. Claims 3, 10 and 16 have been cancelled. Claims 1-2, 4-9, 11-15 and 17-20 are pending in this application.

Response to Argument
Applicant's arguments for the amendment filed on 06/29/2022 with respect to independent claims 1, 8 and 14 rejection under 35 U.S.C 102 have been fully considered and persuasive. The rejection has been withdrawn.

Notes on Claim Interpretation
The following is a quotation of 35 U.S.C. 112(f):
(f) Element in Claim for a Combination. – An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof. 

The following is a quotation of pre-AIA  35 U.S.C. 112, sixth paragraph:
An element in a claim for a combination may be expressed as a means or step for performing a specified function without the recital of structure, material, or acts in support thereof, and such claim shall be construed to cover the corresponding structure, material, or acts described in the specification and equivalents thereof.

The claims in this application are given their broadest reasonable interpretation using the plain meaning of the claim language in light of the specification as it would be understood by one of ordinary skill in the art.  The broadest reasonable interpretation of a claim element (also commonly referred to as a claim limitation) is limited by the description in the specification when 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is invoked. 
As explained in MPEP § 2181, subsection I, claim limitations that meet the following three-prong test will be interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph:
(A)	the claim limitation uses the term “means” or “step” or a term used as a substitute for “means” that is a generic placeholder (also called a nonce term or a non-structural term having no specific structural meaning) for performing the claimed function; 
(B)	the term “means” or “step” or the generic placeholder is modified by functional language, typically, but not always linked by the transition word “for” (e.g., “means for”) or another linking word or phrase, such as “configured to” or “so that”; and 
(C)	the term “means” or “step” or the generic placeholder is not modified by sufficient structure, material, or acts for performing the claimed function. 
Use of the word “means” (or “step”) in a claim with functional language creates a rebuttable presumption that the claim limitation is to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites sufficient structure, material, or acts to entirely perform the recited function. 
Absence of the word “means” (or “step”) in a claim creates a rebuttable presumption that the claim limitation is not to be treated in accordance with 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph. The presumption that the claim limitation is not interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, is rebutted when the claim limitation recites function without reciting sufficient structure, material or acts to entirely perform the recited function. 

This application includes one or more claim limitations that do not use the word “means,” but are nonetheless being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, because the claim limitation(s) uses a generic placeholder that is coupled with functional language without reciting sufficient structure to perform the recited function and the generic placeholder is not preceded by a structural modifier.  Such claim limitations are, “wherein the vulnerability manager is coupled to the plurality of network elements and is configured to”, in claim 8 and “the instructions comprising functionality for”, in claim 14.  
Because this/these claim limitation(s) is/are being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, claims 8 and 14 are being interpreted to cover the corresponding structure described in the specification as performing the claimed function, and equivalents thereof.
The Structure and description of such a system is being illustrated by drawing FIG. 1 and at least description paragraphs [0018].
If applicant does not intend to have this/these limitation(s) interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph, applicant may: (1) amend the claim limitation(s) to avoid it/them being interpreted under 35 U.S.C. 112(f) or pre-AIA  35 U.S.C. 112, sixth paragraph (e.g., by reciting sufficient structure to perform the claimed function); or (2) present a sufficient showing that the claim limitation(s) recite(s) 


Allowable Subject Matter
Claims 1-2, 4-9, 11-15 and 17-20 are allowed.
The following is an examiner’s statement of reasons for allowance:

The closest prior arts made of records are, (U.S Pub No. 2020/0092319 A1, referred to as Spisak) and Yadav et al.  (U.S Pub No. 2020/0120144 A1, referred to as Yadav).

Spisak discloses a security vulnerability analysis mechanism that ingests content from a plurality of content source computing devices to identify instances of security vulnerability content in the ingested content. The mechanism performs a security trend analysis on the instances of security vulnerability content to identify a relative ranking of security vulnerabilities. The mechanism identifies computing resources of a specified computing infrastructure and a criticality of the computing resources to an operation of the computing infrastructure. The mechanism generates a prioritized listing of security vulnerabilities associated with the computing infrastructure based on the relative ranking of security vulnerabilities and the criticality of the computing resources in the computing infrastructure. The mechanism outputs a notification to a user via a user computing device, indicating the prioritized listing of security vulnerabilities.

Yadav discloses Methods and systems for dynamically adjusting a risk classification of a risk source based on classifications of one or more other risk sources. The risk engine may first classify a first risk source as a first risk type based on an initial analysis of the first risk source. Subsequent to classifying the first risk source as the first risk type, the risk engine may determine that a second risk source is associated with a second risk type. Based on the determination that the second risk source is associated with the second risk type, the risk engine may re-classify the first risk source as the second risk type. The risk engine may then use the reclassification of the first risk source to improve network security of an online service provider.

However, regarding claim 1, the prior art of Spisak and Yadav when taken in the context of the claim as a whole do not disclose nor suggest, ”transmitting, by the computer processor and based on the vulnerability priority, a remediation command to a network element comprising a security vulnerability among the plurality of security vulnerabilities, wherein the remediation command initiates a remediation procedure at the network element to address the security vulnerability, wherein the organization-specific criteria corresponds to a respective confidentiality level, a respective integrity level, and a respective availability level to a respective software application operating among the plurality of network elements, and wherein the vulnerability priority is determined based on a plurality of vulnerability scores for the plurality of security vulnerabilities based on a respective exploitability level, the respective confidentiality level, the respective integrity level, and the respective availability level.”.

Regarding claim 8, the prior art of Spisak and Yadav when taken in the context of the claim as a whole do not disclose nor suggest, ”transmit, based on the vulnerability priority, a remediation command to a network element among the plurality of network elements, wherein the network element comprises a security vulnerability among the plurality of security vulnerabilities, [[and]] wherein the remediation command initiates a remediation procedure at the one of the plurality of network elements to address the security vulnerability, wherein the organization-specific criteria corresponds to a respective confidentiality level, a respective integrity level, and a respective availability level to a respective software application operating among the plurality of network elements, and wherein the vulnerability priority is determined based on a plurality of vulnerability scores for the plurality of security vulnerabilities based on a respective exploitability level, the respective confidentiality level, the respective integrity level, and the respective availability level.”.

Regarding claim 14, the prior art of Spisak and Yadav when taken in the context of the claim as a whole do not disclose nor suggest, ”transmitting, based on the vulnerability priority, a remediation command to a network element comprising a security vulnerability among the plurality of security vulnerabilities, wherein the remediation command initiates a remediation procedure at the network element to address the security vulnerability, wherein the organization-specific criteria corresponds to a respective confidentiality level, a respective integrity level, and a respective availability level to a respective software application operating among the plurality of network elements, and 42787045Application No. 16/897,760Docket No.: 18733-126001 Amendment dated June 29, 2022 Reply to Office Action of March 29, 2022 wherein the vulnerability priority is determined based on a plurality of vulnerability scores for the plurality of security vulnerabilities based on a respective exploitability level, the respective confidentiality level, the respective integrity level, and the respective availability level.”.

Claims 2 and 4-7 depend on claim 1, claims 9 and 11-13 depend on claim 8 and claims 15 and 17-20 depend on claim 14, and are of consequence allowed.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:  See PTO-892.  

Any inquiry concerning this communication or earlier communications from the examiner should be directed to HASSAN SAADOUN whose telephone number is (571)272-8408. The examiner can normally be reached Mon-Fri 9:00-5:00.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Joseph Hirl can be reached on 571-272-3685. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/HASSAN SAADOUN/Examiner, Art Unit 2435 

/JOSEPH P HIRL/Supervisory Patent Examiner, Art Unit 2435