DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

The amendment filed 08/02/2022 has been placed of record in the file.
Claims 3, 19 and 20 have been amended. Claims 1-20 are pending.

                       Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR
1.17(e), was filed in this application after final rejection. Since this application is eligible for continued
examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the
finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's
submission filed on 08/02/2022 has been entered.

                                        Response to Arguments
Applicant’s argument filed 08/02/2022 have been fully considered but they are not persuasive.
Regarding applicant’s arguments for the claims (see Remarks: Page 8), the applicant argues that Pistoia does not teach or suggest of the claim 1 elements “identifying a subset of the plurality of issues identified by the security scan for human auditing”. 
The applicant argues that “this feature is a distinction over Pistoia.” The examiner disagrees, however the reference Pistoia does not explicitly teach the claim elements “identifying a subset of the plurality of issues identified by the security scan for human auditing”, but the examiner is relying on Williams reference to teach the limitation. Moreover, in view of broadest interpretation of the term “a subset of the plurality of issues identified by a security scan”, the examiner maintains the rejection because the human auditing is made based on new data which is a subset of data separated and grouped by data manager. Fig. 12 a table diagram showing the sample results of a real-time scoring of website files being analyzed for malicious code, and one of the files ID presenting in the table diagram is presented to the Domain Expert for analyzing and retraining the classifier based on the Domain Expert result (Williams, Fig. 12, Para. 0090, Para. 0164, and Para. 0183).

On page 8 of Remarks, applicant argues that Polyakov does not teach or suggest of the claim 1 elements “storing audited issue data representing a result of human auditing for the subset of the plurality of issues identified by the security scan for human auditing”. 
Applicant argues that “there is nothing in Polyakov that teaches or suggests the temporarily stored potentially malicious files are the result of human auditing”. The examiner disagrees, however the reference Polyakov does not explicitly teach the claim elements, but the examiner is relying on Williams reference to teach the limitation. Moreover, in view of broadest interpretation of the term “storing audited issue a result of human auditing”, the examiner maintains the rejection because Williams discloses a malicious behavior of a monitored network will be notify by a security personnel, and the report information which corresponds to a human auditing may be stored in a data store, such as, a database or file system for use later (Williams, Para. 0107).

On page 9 of Remarks, applicant argues that Pistoia does not teach or suggest of the claim 1 elements “retraining the classifier based on the audited issue data”. 
Applicant argues that “Moreover, Pistoia merely teaches generating a classifier and not retraining the classifier”. The examiner disagrees; however, the reference Pistoia does not explicitly teach the claim elements, but the examiner is relying on Williams reference to teach the limitation. Moreover, in view of broadest interpretation of the term “storing audited issue a result of human auditing”, the examiner maintains the rejection because Williams discloses the domain expert’s decision which corresponds to the audited issue is used to add new training data to training Corpus and the model will be re-trained (Williams, Fig. 5, Para. 0208). Therefore, Williams discloses the features of this claim language.
On page 9 of Remarks, applicant argues that Williams does not teach or suggest of the claim 7 elements “based at least in part on a human audit of the classified issue data, generate additional issue data representing a priority correction for the issue”. 
Applicant argues that “since it is not classified issue data from which the additional issue data is being generated”. The examiner disagrees; however, the reference Williams teach the claim elements, but the examiner is relying on Williams reference to teach the limitation. Moreover, in view of broadest interpretation of the term “classified issue data”, the examiner maintains the rejection because Williams discloses the issue data that has been classifies as it shows in Fig. 12, the table diagram made up of rows 1202-1210, each representing a file that was processed through the system. Each row may be divided into the following columns: an identifier column 1212 containing an identifier for the file; a path column 1214 containing the location of the file; a prediction score column 1216 containing the probability that a file contains malicious code; a review status column 1218 containing a summary of the manual review the file has undergone; and a reason column 1220 indicating the detected threat… the file has been reviewed by a Domain Expert as being malicious, and a Base64 type of exploit was detected (Williams, Fig. 12, Para. 0164). In addition, Anomalous pages potentially include previously unknown types of malicious software, and Domain Experts may wish to be alerted to these more urgently than others, using high-priority or fast-delivery mechanisms. During Domain Expert Analysis 530, suspected malicious webpages are reviewed by Domain Experts, and if appropriate, supplied a class label for the type of malicious code detected. From time 1 to time, this data is included back into the Training Corpus 508 and revised versions of the Models 518 may be trained using the new data, based on Retraining Decision 119 (Williams, Para. 0183). Therefore, Williams discloses the features of this claim language. Lastly, the applicant argues that Pistoia fails to teach or suggest "retrain the machine classifier based on the additional issue data" as claimed. The examiner disagrees; however, the reference Pistoia does not explicitly teach the claim elements, but the examiner is relying on Williams reference to teach the limitation. Moreover, in view of broadest interpretation of the term “retrain the machine classifier based on the additional issue data”, the examiner maintains the rejection because Williams discloses based on the Domain Expert’s report on whether to remediate, the information is added to the Training Corpus 508. From time to time, Model(s) 518 are re-trained to incorporate new data provided by Domain Experts (Williams, Para. 0243).

Regarding the combination of Pistoia and Williams with respect to dependent claims 2 and 13, the applicant has provided no evidence to the contrary that would indicate why the cited prior arts do not teach “parsing the issue data, for at least one of the plurality of issues identified by the security scan, to determine a predetermined set of features for the at least one of the plurality of issues and generate an unclassified dataset based at least in part on the predetermined set of features, wherein identifying the subset of plurality of issues identified by the security scan for human auditing comprises processing the unclassified dataset”. It is obvious that dataset is unclassified prior to the human auditing. Therefore, the applicant’s argument is not persuasive and it’s conclusory. The examiner maintains the rejection.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1- 20 are rejected under 35 U.S.C. 103 as being unpatentable over Pistoia et al. (US 2014/0090069 A1), hereinafter Pistoia in view of Williams, JR. et al. (US 2015/0254555A1), hereinafter Williams.

In regards to claim 1, Pistoia discloses a method, comprising:
receiving issue data representing a plurality of issues identified by a security scan of an application (Pistoia, para. 0044, A static analysis module 506 performs security analyses on a codebase 508, generating a set of discovered vulnerabilities. A classifier 510 is used to prioritize and/or filter the vulnerabilities according to a feature set); and
processing the issue data in a processor-based machine to retrain a classifier (Pistoia, fig. 5, and para. 0044, a classifier training module 400 may be employed to provide online updates to classifier 510, such that particular features relating to the customer's codebase 308 may be discovered and adapted to), comprising:
and using the retrained classifier to classify at least one issue of the plurality of issues identified by the security scan other than the subset of the plurality of issues identified by the security scan (Pistoia, para.0041, Block 206 then tests the accuracy on the remaining applications to determine whether the trained classifier is accurate outside the bounds of the training subset. It should be noted that blocks 204 and 206 may be repeated using different subsets of the applications to find an optimal classifier).
Pistoia fails to disclose identifying a subset of the plurality of issues identified by the security scan for human auditing,
storing audited issue data representing a result of human auditing for the subset of the plurality of issues identified by the security scan for human auditing;
retraining the classifier based on the audited issue data;
However, Williams teaches identifying a subset of the plurality of issues identified by the security scan for human auditing (Williams, Fig. 5, Para. 0183, During Domain Expert Analysis 530, suspected malicious webpages are reviewed by Domain Experts, and if appropriate, supplied a class label for the type of malicious code detected),
storing audited issue data representing a result of human auditing for the subset of the plurality of issues identified by the security scan for human auditing (Williams, Fig. 5, Para. 0208, and Para. 107, if the classifier model identifies malicious behavior on a monitored network it may be arranged to notify the appropriate network security personnel. Further, in at least one of the various embodiments, the report information may be stored in a data store, such as, a database or file system for use later);
retraining the classifier based on the audited issue data (Williams, Fig. 5, Para. 0208, the Domain Expert's decision is used to add new training data to Training Corpus 508. From time to time, Model 518 may be re-trained 538 based on the accuracy of the model's determinations);
 Pistoia and Williams are both considered to be analogous to the claimed invention because they are in the same field of invention of retraining a classifier. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pistoia to incorporate the teaching of Williams to include identifying a subset of the plurality of  
issues identified by the security scan for human auditing (Williams, Fig. 5, Para. 0183),
storing audited issue data representing a result of human auditing for the subset of the plurality of issues identified by the security scan for human auditing (Williams, Fig. 5, Para. 0208);
retraining the classifier based on the audited issue data (Williams, Fig. 5, Para. 0208). Doing so would aid through repeated training processes, the system may be trained on an increasing number of samples of incorrectly predicted data elements with correct-classes applied (labeling conflicts), and the system eventually may acquire knowledge to deal with these previously-unknown data characteristics. Using this iterative refinement process, a system continuously improves its scoring predictions, and may ultimately reach the accuracy level of a human expert (Williams, Para. 0168).

In regards to claim 2, the combination of Pistoia and Williams teaches the method of claim 1, further comprising parsing the issue data, for at least one of the plurality of issues identified by the security scan (Pistoia, para. 0007, a known vulnerability distribution and an initial feature set; and a processor configured to run an initial security analysis on a training codebase to generate a set of vulnerabilities associated with the training codebase), to determine a predetermined set of features for the at least one of the plurality of issues and generate an unclassified dataset based at least in part on the predetermined set of features (Pistoia, para. 0013, to analyze the program with the feature set to limit a number of detected vulnerabilities to generate a limited set of vulnerabilities associated with the feature set), wherein identifying the subset of plurality of issues identified by the security scan for human auditing comprises processing the unclassified dataset (Williams, Fig. 5, Para. 0183, and Para. 0091, data that is not pre-classified may be considered “new” data that may be labeled as unknown). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pistoia to incorporate the teaching of Williams to include wherein identifying the subset of plurality of issues identified by the security scan for human auditing comprises processing the unclassified dataset (Williams, Fig. 5, Para. 0183, and Para. 0091). Doing so would aid through repeated training processes, the system may be trained on an increasing number of samples of incorrectly predicted data elements with correct-classes applied (labeling conflicts), and the system eventually may acquire knowledge to deal with these previously-unknown data characteristics. Using this iterative refinement process, a system continuously improves its scoring predictions, and may ultimately reach the accuracy level of a human expert (Williams, Para. 0168).

In regards to claim 3, the combination of Pistoia and Williams teaches the method of claim 2, wherein: storing the audited issue data comprises augmenting a portion of the unclassified dataset corresponding to the subset of the plurality of issues identified by the security scan with classifications by the human auditing to provide a classified dataset (Pistoia, para. 0014, The classifier training module includes a memory configured to store a known statistical representation of vulnerability prevalence and an initial feature set comprising vulnerability path length); and retraining the classifier based at least in part on the classified dataset (Pistoia, fig. 3 and para. 0042, Block 304 continues to train the classifier
using the customer's own code base, allowing it to be exposed to the peculiarities of the codebase and use those peculiarities as a basis for further refinement).

In regards to claim 4, the combination of Pistoia and Williams teaches the method of claim 1, further comprising, for at least one of the issues of the plurality of issues identified by the security scan (Williams, Fig. 5, Para. 0183, During Domain Expert Analysis 530, suspected malicious webpages are reviewed by Domain Experts, and if appropriate, supplied a class label for the type of malicious code detected), determine a predetermined set of features for source code associated with the at least one of the issues of the plurality of issues identified by the security scan and generate an unclassified dataset based at least in part on the predetermined set of features (Williams, Para. 0179, detect and, in some cases, automatically remediate malicious software code contained within the source code such as the HTML, PHP, and JavaScript components of a webpage), wherein identifying the subset of the plurality of issues identified by the security scan for human auditing comprises processing the unclassified dataset (Williams, Para. 0179, training and Testing Data is categorized as safe or malicious based on whether the data is known to be part of commonly used software source distributions that are considered safe, or have been evaluated as safe or malicious by a Domain Expert). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pistoia to incorporate the teaching of Williams to include further comprising, for at least one of the issues of the plurality of issues identified by the security scan (Williams, Fig. 5, Para. 0183), determine a predetermined set of features for source code associated with the at least one of the issues of the plurality of issues identified by the security scan and generate an unclassified dataset based at least in part on the predetermined set of features (Williams, Para. 0179), wherein identifying the subset of the plurality of issues identified by the security scan for human auditing comprises processing the unclassified dataset (Williams, Para. 0179). Doing so would aid through repeated training processes, the system may be trained on an increasing number of samples of incorrectly predicted data elements with correct-classes applied (labeling conflicts), and the system eventually may acquire knowledge to deal with these previously-unknown data characteristics. Using this iterative refinement process, a system continuously improves its scoring predictions, and may ultimately reach the accuracy level of a human expert (Williams, Para. 0168).

In regards to claim 5, the combination of Pistoia and Williams teaches the method of claim 4, wherein determining the predetermined set of features for the source codes comprises determining metrics for constructs of the source code (Pistoia, para. 0010, generate a set of vulnerabilities associated with the training codebase; analyzing the program with a feature set).

In regards to claim 6, the combination of Pistoia and Williams teaches the method of claim 1, wherein the result of human auditing identifies whether one or more issues of the subset of the plurality of issues identified by the security scan for human auditing are out of scope (Pistoia, para. 0041, cations to determine whether the trained classifier is accurate outside the bounds of the training subset).

In regards to claim 7, Pistoia discloses an article comprising a non-transitory computer readable storage medium to store instructions that when executed by a processor-based machine cause the processor-based machine to (Pistoia, para. 0034): receive issue data, the issue data representing an issue identified by a security scan of an application (Pistoia, para. 0009, comprising vulnerability path length, that limits a number of detected vulnerabilities to generate a limited set of vulnerabilities associated with the feature set), and the issue data representing attributes of the issue (Pistoia, para. 0040, This follows from the fact that security findings are highly structured with well-known attributes and clear semantics. These attributes include the issue type, its severity, its exploitability, the flow steps it includes, etc.); apply a machine classifier to the issue data to generate classified issue data in order to prioritize the issue (Pistoia, para. 0044, a classifier 510 is used to prioritize and/or filter the vulnerabilities according to a feature set); 
Pistoia fails to disclose based at least in part on a human audit of the classified issue data, generate additional issue data representing a priority correction for the issue; and retrain the machine classifier based on the additional issue data.
However, Williams teaches based at least in part on a human audit of the classified issue data (Williams, Para. 0164 and Para. 202, the file has been reviewed by a Domain Expert as being malicious, and a Base64 type of exploit was detected), generate additional issue data representing a priority correction for the issue (Williams, Para. 164, Para.0183, and Para. 0243, Domain Experts evaluate the newly scored data and make Decisions 536 on whether to remediate through steps including, but not limited to deletion, halting network activity, or communicating with the owners of the content to advise them of sensitivity and potential inappropriate usage or storage compliance. If a Domain Expert determines the score on new content to be incorrect, then that information is added to the Training Corpus 508. From time to time, Model(s) 518 are re-trained to incorporate new data provided by Domain Experts) and retrain the machine classifier based on the additional issue data (Williams, Para. 0243, From time to time, Model(s) 518 are re-trained to incorporate new data provided by Domain Experts). Pistoia and Williams, Jr. are both considered to be analogous to the claimed invention because they are in the same field of invention of retraining a classifier. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pistoia to incorporate the teaching of Williams, Jr. to include based at least in part on a human audit of the classified issue data (Williams, Para. 0164 and Para. 202, the file has been reviewed by a Domain Expert as being malicious, and a Base64 type of exploit was detected), generate additional issue data representing a priority correction for the issue (Williams, Para. 0164 and Para. 202) and retrain the machine classifier based on the additional issue data (Williams, Para. 0243). Doing so would aid through repeated training processes, the system may be trained on an increasing number of samples of incorrectly predicted data elements with correct-classes applied (labeling conflicts), and the system eventually may acquire knowledge to deal with these previously-unknown data characteristics. Using this iterative refinement process, a system continuously improves its scoring predictions, and may ultimately reach the accuracy level of a human expert (Williams, Para. 0168).

In regards to claim 8, the combination of Pistoia and Williams teaches the article of claim 7, wherein the attributes comprise attributes provided by the security scan (Pistoia, para. 0040, This follows from the fact that security findings are highly structured with well-known attributes and clear semantics).

In regards to claim 9, the combination of Pistoia and Williams teaches the article of claim 8, wherein the attributes comprise at least one of the following: a type associated with the issue, a confidence associated with the security scan, a severity associated with the issue, and a flow metric associated with the application (Pistoia, para. 0040, These attributes include the issue type, its severity, its exploitability, the flow steps it includes, etc.).

In regards to claim 10, the combination of Pistoia and Williams teaches the article of claim 7, wherein the attributes comprise attributes identified by the security scan and attributes of source code associated with the issue (Pistoia, fig 1, para. 0040, the fact that security findings are highly structured with well-known attributes and these attributes include the issue type).

In regards to claim 11, the combination of Pistoia and Williams teaches the article of claim 10, wherein the attributes of the source code associated with the issue comprise a number of exceptions (Pistoia, para. 0030, Similarly, a “real” vulnerability often has a locality feature, such that the vulnerability doesn't cross through the boundaries of many code modules), a number of input parameters (Pistoia, para. 0044, (by having a path length longer than a feature path length), a number of statements (Pistoia, para. 0039, portion of code, which comprises one or more executable instructions for implementing the specified logical function(s)), a presence of a throw statement (Pistoia, para. 0039, portion of code, which comprises one or more executable instructions for implementing the specified logical function(s)), a nesting depth (Pistoia, para. 0032, Once the loop halts at block 108, block 112 sets the feature configuration according to the feature set that produced the highest score), a number of exception branches (Pistoia, para. 0024, If both F1 and F2 are used, where F1 is set to value 11 and F2 forbids code location X, then static analysis converges on 0.105 XSS vulnerabilities per code location and
0.2005 SQLi vulnerabilities per code location) and an output type (Pistoia, para. 0009, running an initial security analysis on a training codebase to generate a set of vulnerabilities associated with the training codebase).

In regards to claim 12, Pistoia discloses a system comprising: one or more processors to provide a classified dataset, the one or more processor configured to (Pistoia, para. 0011), Jr., fig. 3, items, 302 and 312): receive data representing an output of an application security scan, the output identifying security issues (Pistoia, para. 0009, comprising vulnerability path length, that limits a number of detected vulnerabilities to generate a limited set of vulnerabilities associated with the feature set), generate an unclassified issue dataset identifying the identified security issues and for each identified security issue (Pistoia, para. 0013, generate a set of vulnerabilities associated with the training codebase, to analyze the program with the feature set to limit a number of detected vulnerabilities to generate a limited set of vulnerabilities associated with the feature set), an associated set of features for each of the identified security issues (Pistoia, para. 0013, a limited set of vulnerabilities associated with the feature set); identify a subset of the identified security issues for human auditing (Pistoia, fig 2, para. 0040 and para. 0041, a set of applications are manually reviewed by security experts to determine an actual number of vulnerabilities in each); retrain a classifier based at least in part on a result of the human auditing for the subset of the identified security issues for human auditing; (Pistoia, para.0041, Block 204 uses a subset of those vulnerabilities as described above in FIG. 1 to train a classifier that closely matches the actual vulnerability distribution); and use the retrained classifier to classify at least one identified security issue of the identified security issues other than the subset of the identified security issues for human auditing (Pistoia, para.0041, Block 206 then tests the accuracy on the remaining applications to determine whether the trained classifier is accurate outside the bounds of the training subset. It should be noted that blocks 204 and 206 may be repeated using different subsets of the applications to find an optimal classifier).
Pistoia does not teach parse the output according to the identified security issues. However, Williams, Jr. teaches parse the output according to the identified security issues (Williams, Jr., col. 28, lines 40-44, Training and Testing Data is categorized as safe or malicious based on whether the data is known to be part of commonly used software source distributions that are considered safe, or have been evaluated as safe or malicious by a Domain Expert).
Pistoia and Williams, Jr. are both considered to be analogous to the claimed invention because they are in the same field of invention of retraining a classifier. Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pistoia to incorporate the teaching of Williams, Jr. to include parse the output according to the identified security issues (Williams, Jr., col. 28, lines 40-44). Doing so would aid a user, such as a Domain Expert, to adjusts the predicted output of the DLNN, that data element may be submitted to the training process of the Fast Learning Model, quickly modifying and improving future output of the Fast Learning Model. Subsequent runtime scoring of the Fast Learning Model may have a higher accuracy and confidence (compared to the DLNN) for data similar to the type that have been submitted through Fast Learning Model training process (see Williams, Jr., col. 27, lines 56-64).

In regards to claim 13, the combination of Pistoia and Williams teaches the system of claim 12, wherein the one or more processors are further configured to provide a classified issue dataset based on the unclassified dataset (Pistoia, para. 0009, analyzing the program with a feature set that limits a number of detected vulnerabilities to generate a limited set of vulnerabilities associated with the feature set); and the subset of the identified security issues for human auditing (Pistoia, para. 0041, a set of applications are manually reviewed by security experts to determine an actual number of vulnerabilities in each. These manually generated statistics may be used to represent the known statistics of vulnerability prevalence. Block 204 uses a subset of those vulnerabilities as described above in FIG. 1 to train a classifier that closely matches the actual vulnerability distribution); and use the classified issue dataset to retrain the classifier (Pistoia, fig. 3 and para. 0042, Block 304 continues to train the classifier using the customer's own codebase, allowing it to be exposed to the peculiarities of the codebase and use those peculiarities as a basis for further refinement).

In regards to claim 14, the combination of Pistoia and Williams teaches the system of claim 13, wherein the one or more processors are further configured to apply a random or pseudo random function to select the subset of the identified security issues for human auditing (Pistoia, para. 0040, security findings can be encoded along multiple dimensions which can interpret as a random or pseudo random function).

In regards to claim 15, the combination of Pistoia and Williams teaches the system of claim 12, wherein the set of features associated with each identified security issue comprises features identified by the application security scan (Pistoia, fig 1, para. 0010, Block 102 performs an initial security analysis of a program. This analysis determines what types of potential security vulnerabilities are present within the program) and features associated with source code associated with the feature (Pistoia, para. 0009, to analyze the program with the feature set to limit a number of detected vulnerabilities to generate a limited set of vulnerabilities associated with the feature set).

In regards to claim 16, the combination of Pistoia and Williams teaches the method of claim 1, further comprising prioritizing each of the plurality of issues (Williams, Para. 0183, Anomalous pages potentially include previously unknown types of malicious software, and Domain Experts may wish to be alerted to these more urgently than others, using high-priority or fast-delivery mechanisms). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pistoia to incorporate the teaching of Williams to include further comprising prioritizing each of the plurality of issues (Williams, Para. 0183). Doing so would aid through repeated training processes, the system may be trained on an increasing number of samples of incorrectly predicted data elements with correct-classes applied (labeling conflicts), and the system eventually may acquire knowledge to deal with these previously-unknown data characteristics. Using this iterative refinement process, a system continuously improves its scoring predictions, and may ultimately reach the accuracy level of a human expert (Williams, Para. 0168).

In regards to claim 17, the combination of Pistoia and Williams teaches the system of claim 12, further comprising prioritizing the security issues(Williams, Para. 0183, Anomalous pages potentially include previously unknown types of malicious software, and Domain Experts may wish to be alerted to these more urgently than others, using high-priority or fast-delivery mechanisms). Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pistoia to incorporate the teaching of Williams to include further comprising prioritizing the security issues (Williams, Para. 0183). Doing so would aid through repeated training processes, the system may be trained on an increasing number of samples of incorrectly predicted data elements with correct-classes applied (labeling conflicts), and the system eventually may acquire knowledge to deal with these previously-unknown data characteristics. Using this iterative refinement process, a system continuously improves its scoring predictions, and may ultimately reach the accuracy level of a human expert (Williams, Para. 0168).

In regards to claim 18, the combination of Pistoia and Williams teaches the method of claim 1, further comprising storing the audited issue data in records for the subset of the plurality of issues identified by the security scan for human auditing (Williams, Fig. 5, Para. 0208, the Domain Expert's decisions may be captured using User Interface 532 or possibly by extracting data entered by the Domain Experts into medical records storage systems integrated with the system as part of Decision 536).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to have modified Pistoia to incorporate the teaching of Williams to include storing the audited issue data in records for the subset of the plurality of issues identified by the security scan for human auditing (Williams, Fig. 5, Para. 0208). Doing so would aid through repeated training processes, the system may be trained on an increasing number of samples of incorrectly predicted data elements with correct-classes applied (labeling conflicts), and the system eventually may acquire knowledge to deal with these previously-unknown data characteristics. Using this iterative refinement process, a system continuously improves its scoring predictions, and may ultimately reach the accuracy level of a human expert (Williams, Para. 0168).

In regards to claim 19, the combination of Pistoia and Williams teaches the system of claim 12, further comprising storing the result of the human auditing for the subset of the identified security issues for human auditing (Williams, Fig. 5, Para. 0183, During Domain Expert Analysis 530, suspected malicious webpages are reviewed by Domain Experts, and if appropriate, supplied a class label for the type of malicious code detected).

In regards to claim 20, the combination of Pistoia and Williams teaches the system of claim 19, wherein the result of the human auditing for the subset of the identified security issues for human auditing is stored in records (Williams, Fig. 5, Para. 0208, the Domain Expert's decisions may be captured using User Interface 532 or possibly by extracting data entered by the Domain Experts into medical records storage systems integrated with the system as part of Decision 536).

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant’s disclosure.
Borohovski et al. (US 2015/0172308A1) teaches methods of conducting security audits of Internet accessible Websites. 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to GITA FARAMARZI whose telephone number is (571) 272-0248. The examiner can normally be reached 9:30 AM- 6:30 PM EST.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Jorge L. Ortiz-Criado can be reached on (571) 272-7624. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from
Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.

/G.F./
Examiner, Art Unit 2496
/JORGE L ORTIZ CRIADO/             Supervisory Patent Examiner, Art Unit 2496