Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

	DETAILED ACTION
This action is in response to an application filed March 2, 2021. Claims 1-20 are pending in this application.

Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –

(a)(2) the claimed invention was described in a patent issued under section 151, or in an application for patent published or deemed published under section 122(b), in which the patent or application, as the case may be, names another inventor and was effectively filed before the effective filing date of the claimed invention.

Claim(s) 1-20 is/are rejected under 35 U.S.C. 102(a)(2) as being anticipated by Sexton et al. (US 2020/0366706 A1).

With respect to claim 1, Sexton discloses a cloud computing system ([0032], suitable cloud infrastructure) comprising: 
one or more data centers ([0030], off-site server environment or another remote network); 
a client instance hosted by the one or more data centers ([0030], cloud instances hosted on an off-site server or remote network); 
a communication network accessible by the client instance ([0030] and [Figure 1, network 100); 
one or more client devices configured to access the client instance ([0032], local access to assets in network); and 
one or more client networks configured to enable communication with the client instance by the one or more client devices via the communication network ([0033], client-side software actively running or supported on network devices), wherein the one or more client devices and one or more client networks comprise one or more configuration items ([0025], electronic object information stored on a record imported from a configuration management database), wherein the client instance is configured to: 
receive an indication of a vulnerability from a third party ([0036]-[0037], active scanners perform audits to identify potential vulnerabilities); 
determine one or more software applications installed on the one or more configuration items ([0025] and [0033], client-side software actively running or supported on the network devices); 
predict that the one or more configuration items have the vulnerability based on determining that one or more software applications installed on the one or more configuration items are susceptible to the vulnerability ([0032]-[0033], determining whether a network has a vulnerability based on an active scan on the network’s assets); and 
scan the one or more configuration items to confirm whether the one or more configuration items have the vulnerability ([0033], passive scanners observe network traffic to identify vulnerabilities).
With respect to claim 2, Sexton discloses the cloud computing system of claim 1, wherein the client instance is configured to receive the vulnerability from a known vulnerabilities database via the communication network ([0028], CVE identifier from a national database of known vulnerabilities).
With respect to claim 3, Sexton discloses the cloud computing system of claim 2, wherein the known vulnerabilities database is maintained by the third party ([0028]). 
With respect to claim 4, Sexton discloses the cloud computing system of claim 3, wherein the known vulnerabilities database is part of the Common Vulnerabilities and Exposures system ([0028]).
With respect to claim 5, Sexton discloses the cloud computing system of claim 1, wherein the client instance comprises a configuration management database configured to store the one or more configuration items ([0025], configuration management database). 
With respect to claim 6, Sexton discloses the cloud computing system of claim 5, wherein the client instance is configured to receive the one or more configuration items from the configuration management database ([0025], record from the configuration management database).
	With respect to claim(s) 7-14, the non-transitory media and method of claim(s) 7-14 does/do not limit or further define over the computing system of claim(s) 1-6. The limitations of claim(s) 7-14 is/are essentially similar to the limitations of claim(s) 1-6. Therefore, claim(s) 7-14 is/are rejected for the same reasons as claim(s) 1-6. Please see rejection above.	
With respect to claim 15, Sexton discloses the method of claim 12, wherein scanning, via the one or more processors, the one or more configuration items to confirm that the one or more configuration items have the vulnerability occurs on a periodic basis ([0033], passive scanners may observe network traffic at periodic intervals).
With respect to claim 16, Sexton discloses the method of claim 15, comprising generating, via the one or more processors, one or more vulnerable items corresponding to the one or more configuration items that have the vulnerability ([0036], generate a comprehensive model associated with vulnerabilities, assets, and etc.).
With respect to claim 17, Sexton discloses the method of claim 16, comprising storing, via the one or more processors, the one or more vulnerable items in a vulnerable items database ([0032], report collected vulnerability to vulnerability management system 150).
With respect to claim 18, Sexton discloses the method of claim 16, comprising generating or receiving, via the one or more processors, one or more solutions for the one or more vulnerable items (Abstract, [0042]-[0043], solution set that mitigates security issues).
With respect to claim 19, Sexton discloses the method of claim 18, wherein the one or more solutions for the one or more vulnerable items are received from third-party software vendors ([0068], third party patch data feed that provides updated data and can enable new solutions to be provided).
With respect to claim 20, Sexton discloses the method of claim 18, comprising determining a risk or impact of implementing the one or more solutions on the client instance ([0064]). 

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to ESTHER B. HENDERSON whose telephone number is (571)270-3807. The examiner can normally be reached Monday-Friday 6a-2p ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kevin T. Bates can be reached on 571-272-3980. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/ESTHER B. HENDERSON/Primary Examiner, Art Unit 2458                                                                                                                                                                                                        September 8, 2022