US Patent 10116681 Method of detecting shared vulnerable code

A method of detecting shared vulnerable code across a plurality of applications to efficiently facilitate remediation of such shared vulnerabilities by the appropriate development teams. The method includes the steps of creating a consolidated vulnerability database populated with vulnerability testing results of a plurality of applications; comparing each vulnerability testing result within the consolidated vulnerability database to match vulnerability locations and the number of data/control flow elements; assigning a confidence to each vulnerability within the consolidated vulnerability database based on vulnerability location matches and data/control flow element matches; assigning a severity to each vulnerability within the consolidated vulnerability database; assigning a criticality to each of the plurality of applications; and creating a database of risk-ranked, confidence-scored vulnerabilities based on the confidence assigned to each vulnerability, the severity of each vulnerability, and the criticality of each application.