DETAILED ACTION
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-20 have been submitted for examination and are pending further prosecution by the United States Patent & Trademark Office.

Claim Objections
The following claims are objected to because of informalities. It is suggested Applicants amend these claims as follows:
Claim 2
-- identifying a first subset of the plurality of modules that comprise a candidate watchpoint of the first modified subset; --
Claim 10
-- identify a first subset of the plurality of modules that comprise a candidate watchpoint of the first modified subset, --
Claim 16
-- receiving, from an instrumented application executing on a web server,[[:]] (i) a taint report comprising a source value and (ii) an execution trace comprising a plurality of candidate watchpoints that access taint-like values similar to the source value; --
Claim 17
-- identifying a first subset of the plurality of modules that comprise a candidate watchpoint of the first modified subset; --
Appropriate correction is required.

Claim Rejections - 35 USC § 101
35 U.S.C. 101 reads as follows:
Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title.


Claims 1-20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to an abstract idea without significantly more. 
Independent claim 1 recites a method for determining that a first modified subset of candidate watchpoints, derived from a taint report generated by an instrumented application, is an improvement over a first selected subset of candidate watchpoints. Under a broadest reasonable interpretation, such a method would fall under the categories of mental processes and mathematical concepts. For example, the step of "selecting a subset of the plurality of candidate watchpoints to obtain a first selected subset;" can be performed mentally by a user identifying various function calls (watchpoints) in a source code listing and designating the result as a first selected subset. The step of "modifying the first selected subset to obtain a first modified subset of the plurality of candidate watchpoints;" can be performed manually by the user removing one or more function calls from the first selected subset and designating the result as a first modified subset. The step of "determining, by applying an objective function to the first selected subset and the first modified subset, that the first modified subset is an improvement to the first selected subset" can be performed mentally by the user determining that the first modified subset of function calls represents an improvement, according to some criteria, over the first selected subset by solving an objective function equation using the quantity of respective function calls as inputs to the equation.
Claim 1 recites the additional element of "receiving, from an instrumented application executing on a web server: (i) a taint report comprising a source value and (ii) an execution trace comprising a plurality of candidate watchpoints that access taint-like values similar to the source value." However, this additional element does not integrate the abstract idea into a practical application as simply receiving a taint report comprising a source value and an execution trace can be considered a pre-solution activity to the abstract idea in the form of mere data gathering. The additional element also does not amount to significantly more than the judicial exception as this pre-solution activity is a well-understood, routine, conventional activity (see col. 5:59-61 in US 6308324 B1, and col. 6:30-37 in US 8127360 B1).
Claim 2 is also ineligible under 35 U.S.C. 101 as the limitations are also directed to an abstract idea. For example, the user can manually generate a taint report using pen and paper by analyzing the source code listing of the instrumented application's modules. The user can also mentally perform the identifying steps by analyzing the source code listing. In addition, the user can perform the instrumentation step by manually adding instrumentation instructions to the source code of the modules identified in the identifying steps. Claim 2 is not indicative of being integrated into a practical application because the claim lacks additional elements that impose a meaningful limit on the judicial exception. Similarly, the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception. 
Claim 3 is also ineligible under 35 U.S.C. 101 as the limitations are also directed to an abstract idea. For example, the user can perform the first determining step by mentally designating the first modified subset of function calls as a second selected subset. The user can perform the modifying step by removing one or more function calls from the second selected subset and designate the result as a second modified subset. The second determining step can be performed mentally by the user concluding that the second modified subset is not an improvement over the second selected subset by repeating the process of solving the objective function equation. The last limitation can be performed by the user using pen and paper by designating the function calls in the second selected subset as a taint flow trace. Claim 3 is not indicative of being integrated into a practical application because the claim lacks additional elements that impose a meaningful limit on the judicial exception. Similarly, the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception.
Claim 4 is also ineligible under 35 U.S.C. 101 as the limitations are also directed to an abstract idea. For example, the user can manually identify function call sequences in each subset. Furthermore, the limitations that recite applying the objective function, calculating maximum edit distances and calculating total edit distances amount to mathematical concepts and, therefore, are also ineligible. Claim 4 is not indicative of being integrated into a practical application because the claim lacks additional elements that impose a meaningful limit on the judicial exception. Similarly, the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception.
Claim 5 is also ineligible under 35 U.S.C. 101 as the limitations are also directed to an abstract idea. For example, the user can manually determine a function call chain by analyzing a trace of the source code. The user can also manually identify function call sequences in each subset. Finally, the user can manually count the number of function calls in each sequence represented by the call chain and apply this information to the objective function. Claim 5 is not indicative of being integrated into a practical application because the claim lacks additional elements that impose a meaningful limit on the judicial exception. Similarly, the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception.
Claim 6 is also ineligible under 35 U.S.C. 101 as the limitations are also directed to an abstract idea. For example, in order to arrive at the first modified subset, the user can manually remove one or more function calls from the first selected subset and designate the result as the first modified subset. Claim 6 is not indicative of being integrated into a practical application because the claim lacks additional elements that impose a meaningful limit on the judicial exception. Similarly, the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception.
Claim 7 is also ineligible under 35 U.S.C. 101 as the limitations are also directed to an abstract idea. For example, the user can mentally determine that a taint-like argument passed by a function call is within a threshold edit distance of a source value. Claim 7 is not indicative of being integrated into a practical application because the claim lacks additional elements that impose a meaningful limit on the judicial exception. Similarly, the claim does not include additional elements that are sufficient to amount to significantly more than the judicial exception.
Claim 8 is also ineligible under 35 U.S.C. 101 as the additional elements simply elaborate upon the pre-solution activity of mere data gathering recited by claim 1 and, therefore, do not integrate the abstract idea into a practical application. The additional elements also do not amount to significantly more than the judicial exception as this pre-solution activity is a well-understood, routine, conventional activity (see col. 5:59-61 in US 6308324 B1, and col. 6:30-37 in US 8127360 B1).
Independent claim 9 recites a system for performing the method recited by claim 1 using the additional elements of a computer processor, an instrumenter, a repository and a watchpoint engine. However, these additional elements do not integrate the judicial exception into a practical application or constitute significantly more than the judicial exception as the additional elements simply amount to using a computer as a tool to perform the abstract idea. Therefore, claim 9 is also ineligible.
Claims 10-15, which depend from claim 9, are rejected for the same reasons given for analogous claims 2-7 along with the reasons for rejecting the additional elements of claim 9.
Independent claim 16 recites a non-transitory computer readable medium and a computer processor for performing the method recited by claim 1. However, these additional elements do not integrate the judicial exception into a practical application or constitute significantly more than the judicial exception as the additional elements simply amount to using a computer as a tool to perform the abstract idea. Therefore, claim 16 is also ineligible.
Claims 17-20, which depend from claim 16, are rejected for the same reasons given for analogous claims 2-5 along with the reasons for rejecting the additional elements of claim 16.

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. For example,
US 20190129826 A1 is cited for teaching:

"A method for analyzing code may include generating, via a flow-insensitive points-to analysis, initial interest points each corresponding to a statement in the code, generating, via a flow-sensitive points-to analysis, flow tuples and refined interest points by removing a subset of the initial interest points, and constructing a flow graph using the refined interest points. The flow graph may include nodes each corresponding to a statement in the code, and edges corresponding to the flow tuples. The method may further include identifying a trace through the flow graph. The trace may include a node corresponding to an interest point of the refined interest points." (Abstract)

GB 2551972 A is cited for teaching:

"A malware detection program for an endpoint that: instruments the endpoint to monitor causal relationships among a number of computing objects at a plurality of logical locations 602; select a set from the plurality of logical locations 604; record a sequence of events causally relating the computing objects at the set of logical locations 606; create an event graph based on the sequence of events 608; evaluate a security state of the endpoint based on the event graph 610; adjust the set of logical locations by adding or removing a logical location, or changing a level of filtering at one of the set of logical locations according to the security state 612; and remediate the endpoint when the security state is compromised 614." (Abstract)

Any inquiry concerning this communication or earlier communications from the examiner should be directed to GEOFFREY R ST LEGER whose telephone number is (571)270-7720. The examiner can normally be reached M-F (IFP) ~9:00-5:00 pm.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hyung S Sough can be reached on 571-272-6799. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/GEOFFREY R ST LEGER/Primary Examiner, Art Unit 2192