CN112988447B - Method, system and readable storage medium for automatically correcting vulnerability information - Google Patents
Method, system and readable storage medium for automatically correcting vulnerability information Download PDFInfo
- Publication number
- CN112988447B CN112988447B CN202110549324.0A CN202110549324A CN112988447B CN 112988447 B CN112988447 B CN 112988447B CN 202110549324 A CN202110549324 A CN 202110549324A CN 112988447 B CN112988447 B CN 112988447B
- Authority
- CN
- China
- Prior art keywords
- information
- vulnerability
- group
- time
- vulnerability information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0793—Remedial or corrective actions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3684—Test management for test design, e.g. generating new test cases
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
- G06F11/3688—Test management for test execution, e.g. scheduling of test suites
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
- G06Q10/103—Workflow collaboration or project management
Abstract
The invention discloses a method, a system and a readable storage medium for automatically correcting vulnerability information, wherein the method comprises the following steps: acquiring vulnerability group corresponding table information; acquiring vulnerability information change data according to a preset time interval; comparing the vulnerability information change data with background group information; and if the vulnerability group corresponding table information is inconsistent, changing the vulnerability group corresponding table information and displaying the vulnerability group corresponding table information. The vulnerability classification method can automatically classify groups of vulnerabilities, can adjust the corresponding relation between the vulnerabilities and the groups in time when the groups are changed, can also distribute vulnerability information in a self-adaptive mode through a neural network model, and can also automatically analyze and solve the vulnerability conditions through similar vulnerabilities. The method can avoid manual one-to-one check, ensure accurate data, facilitate macroscopically grasping the project condition and promote the project progress in time.
Description
Technical Field
The invention belongs to the field of program processing and classification, and particularly relates to a method, a system and a readable storage medium for automatically correcting vulnerability information.
Background
At present, aiming at bugs in software or programs, namely bugs, the processing flow is as follows: when a tester finds a product Bug, a record is inserted into the management and control table and is allocated to a corresponding development group and a specific Bug sponsor, for example, a developer of a video group receives the Bug firstly, and finds that the problem is not a problem of the developer and belongs to upper-layer application after investigation, the developer directly allocates the Bug to the application group for development, but the group to which the Bug belongs often forgets to modify, so that data is inaccurate and is not beneficial to management and control of the Bug when the situation of each group Bug is finally counted. When project management and control are performed by a project management layer and team personnel, accurate data are often expected to be obtained, project conditions are macroscopically grasped, and project progress is timely promoted. However, because the data is inaccurate, an available report cannot be obtained, and a tester can only manually check whether the receivers of the bugs are matched with the corresponding groups, which is not only inefficient, but also takes a long time.
Therefore, the prior art has the defects and needs to be improved urgently.
Disclosure of Invention
In order to solve at least one technical problem, the invention provides a method, a system and a readable storage medium for automatically correcting vulnerability information, which can automatically classify groups of vulnerabilities, can adjust the corresponding relation between the vulnerabilities and the groups in time when the groups are changed, can also adaptively distribute vulnerability information through a neural network model, and can also automatically analyze and solve the vulnerability information. The method can avoid manual one-to-one check, ensure accurate data, facilitate macroscopically grasping the project condition and promote the project progress in time.
The first aspect of the invention discloses a method for automatically correcting vulnerability information, which comprises the following steps:
acquiring vulnerability group corresponding table information;
acquiring vulnerability information change data according to a preset time interval;
comparing the vulnerability information change data with background group information;
and if the vulnerability group corresponding table information is inconsistent, changing the vulnerability group corresponding table information and displaying the vulnerability group corresponding table information.
In this scheme, still include:
detecting whether the background group information has changes;
and if the change exists, updating the vulnerability group corresponding table information according to the changed background group information.
In this scheme, still include:
acquiring vulnerability information;
sending the vulnerability information to a vulnerability neural network model to obtain adaptive group information;
and recording the adaptive group information and the vulnerability information into vulnerability group corresponding table information.
In this scheme, still include:
sending the vulnerability information to a vulnerability neural network model to obtain solution method information;
and sending the solution to an adaptive group terminal.
In this scheme, still include:
acquiring the importance level of the vulnerability information;
determining the time for solving the vulnerability information according to the importance level, and generating time information;
determining the priority order of project development progress according to the importance level;
if the importance level is greater than or equal to a preset level threshold value, adjusting the priority order of the project development progress to generate project priority information;
and sending the time information and the project development priority information to an adaptive group terminal.
In this scheme, the generating time information specifically includes:
acquiring an influence factor;
if the influence factor is larger than or equal to a preset first threshold value, multiplying the reference time by a first coefficient to obtain time information; if the influence factor is smaller than a preset first threshold and larger than a preset second threshold, multiplying the reference time by a second coefficient to obtain time information; and if the influence factor is smaller than a preset second threshold value, multiplying the reference time by a third coefficient to obtain time information.
In this scheme, still include:
analyzing whether the vulnerability information relates to a plurality of adaptation groups;
if a plurality of adaptation groups are involved, respectively corresponding the vulnerability information to each adaptation group and recording the vulnerability information in vulnerability group corresponding table information;
detecting whether the state of the vulnerability information changes;
and if the change exists, updating the vulnerability group corresponding table information.
The second aspect of the present invention discloses a system for automatically correcting vulnerability information, which includes: the memory comprises a method program for automatically correcting the vulnerability information, and when the method program for automatically correcting the vulnerability information is executed by the processor, the following steps are realized:
acquiring vulnerability group corresponding table information;
acquiring vulnerability information change data according to a preset time interval;
comparing the vulnerability information change data with background group information;
and if the vulnerability group corresponding table information is inconsistent, changing the vulnerability group corresponding table information and displaying the vulnerability group corresponding table information.
In this scheme, still include:
detecting whether the background group information has changes;
and if the change exists, updating the vulnerability group corresponding table information according to the changed background group information.
In this scheme, still include:
acquiring vulnerability information;
sending the vulnerability information to a vulnerability neural network model to obtain adaptive group information;
and recording the adaptive group information and the vulnerability information into vulnerability group corresponding table information.
In this scheme, still include:
sending the vulnerability information to a vulnerability neural network model to obtain solution method information;
and sending the solution to an adaptive group terminal.
In this scheme, still include:
acquiring the importance level of the vulnerability information;
determining the time for solving the vulnerability information according to the importance level, and generating time information;
determining the priority order of project development progress according to the importance level;
if the importance level is greater than or equal to a preset level threshold value, adjusting the priority order of the project development progress to generate project priority information;
and sending the time information and the project development priority information to an adaptive group terminal.
In this scheme, the generating time information specifically includes:
acquiring an influence factor;
if the influence factor is larger than or equal to a preset first threshold value, multiplying the reference time by a first coefficient to obtain time information; if the influence factor is smaller than a preset first threshold and larger than a preset second threshold, multiplying the reference time by a second coefficient to obtain time information; and if the influence factor is smaller than a preset second threshold value, multiplying the reference time by a third coefficient to obtain time information.
In this scheme, still include:
analyzing whether the vulnerability information relates to a plurality of adaptation groups;
if a plurality of adaptation groups are involved, respectively corresponding the vulnerability information to each adaptation group and recording the vulnerability information in vulnerability group corresponding table information;
detecting whether the state of the vulnerability information changes;
and if the change exists, updating the vulnerability group corresponding table information.
A third aspect of the present invention discloses a computer-readable storage medium, where the computer-readable storage medium includes a program for automatically correcting vulnerability information, and when the program for automatically correcting vulnerability information is executed by a processor, the method for automatically correcting vulnerability information implements any one of the steps of the method for automatically correcting vulnerability information described above.
The method, the system and the readable storage medium for automatically correcting the vulnerability information can automatically classify the groups of the vulnerability, can adjust the corresponding relation between the vulnerability and the groups in time when the groups are changed, can also distribute the vulnerability information in a self-adaptive manner through a neural network model, and can also automatically analyze and solve the problem through similar vulnerability conditions. The method can avoid manual one-to-one check, ensure accurate data, facilitate macroscopically grasping the project condition and promote the project progress in time.
Drawings
FIG. 1 is a flow chart illustrating a method of automatically correcting vulnerability information in accordance with the present invention;
fig. 2 is a block diagram of a system for automatically correcting vulnerability information according to the present invention.
Detailed Description
In order that the above objects, features and advantages of the present invention can be more clearly understood, a more particular description of the invention will be rendered by reference to the appended drawings. It should be noted that the embodiments and features of the embodiments of the present application may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention, however, the present invention may be practiced in other ways than those specifically described herein, and therefore the scope of the present invention is not limited by the specific embodiments disclosed below.
FIG. 1 is a flow chart illustrating a method of automatically correcting vulnerability information in accordance with the present invention;
as shown in fig. 1, the present invention discloses a method for automatically correcting vulnerability information, which includes:
s101, acquiring vulnerability group corresponding table information;
s102, acquiring vulnerability information change data according to a preset time interval;
s103, comparing the vulnerability information change data with background group information;
and S104, if the vulnerability group mapping tables are not consistent, changing the vulnerability group mapping table information and displaying the vulnerability group mapping table information.
It should be noted that the BUG group mapping table is a mapping table of the BUG information and the background group information, and indicates BUG information that each group needs to process, for example, a BUG that the video group needs to process video chudun, and also indicates a state of BUG processing, for example, closed, solved, online, verified, not a problem, allocated, and repeated problems. The information can be counted through the vulnerability group corresponding table information, for example, the number of vulnerability information in different states below each group is counted. The vulnerability information change data can be obtained at a preset time interval, and the preset time interval can be fixed, set by a person skilled in the art according to actual needs and can also be dynamically changed. And then comparing the vulnerability information change data with the background group information, wherein if the vulnerability information change data changes with the background group information, the change may be the change of the state or circulation of the vulnerability information, and also may be the change of the background group information. For example, the vulnerability information is originally processed by the video group, but after the video group receives the vulnerability information, the video group finds that the vulnerability information is a problem of the protocol group, and then the video group transfers the vulnerability information stream to the protocol group, and if the change of the transfer occurs, the vulnerability group corresponding table information needs to be changed. After the vulnerability group corresponding table information is changed, the changed table information needs to be displayed to each group end and the corresponding member end in the group.
According to the embodiment of the invention, the method further comprises the following steps:
detecting whether the background group information has changes;
and if the change exists, updating the vulnerability group corresponding table information according to the changed background group information.
It should be noted that the background group information is group information recorded by the background or the server, and in actual work, the group may be frequently changed or merged, which may cause a change in the group information, and it is necessary to detect whether the background group information has a change in real time, and if the background group information has a change, update the vulnerability group correspondence table information according to the changed background group information.
According to the embodiment of the invention, the method further comprises the following steps:
acquiring vulnerability information;
sending the vulnerability information to a vulnerability neural network model to obtain adaptive group information;
and recording the adaptive group information and the vulnerability information into vulnerability group corresponding table information.
It should be noted that after the worker finds the BUG, the worker often does not know what group to give to process, and the method and the device can automatically judge the group corresponding to the BUG information by using the neural network model. Firstly, acquiring vulnerability information, then preprocessing the vulnerability information, sending the vulnerability information to a vulnerability neural network model to obtain adaptation group information, and finally recording the adaptation group information and the vulnerability information into vulnerability group corresponding table information so as to facilitate the examination of personnel in a group. The neural network model is trained in advance and is formed by training more historical data.
According to the embodiment of the invention, the method further comprises the following steps:
sending the vulnerability information to a vulnerability neural network model to obtain solution method information;
and sending the solution to an adaptive group terminal.
It should be noted that the present invention can analyze not only group analysis by the neural network model, but also a solution to a vulnerability. The solving method information obtained through the neural network can enable the corresponding group members to refer to the solving method information for BUG processing, and the using experience of the user is improved.
According to the embodiment of the invention, the method further comprises the following steps:
acquiring the state of the vulnerability information to obtain state information;
and updating the state information to the vulnerability group corresponding table information.
It should be noted that the vulnerability status may change frequently over time, and the vulnerability status may be closed, resolved, online, verified, not a problem, allocated, duplicate, etc. After the state changes, the state information of the vulnerability group can be updated to the vulnerability group corresponding table information, so that the vulnerability group corresponding table information is convenient for workers to count.
According to the embodiment of the invention, the method further comprises the following steps:
comparing the characteristic value of the vulnerability information with the historical vulnerability information;
and if the difference value of the characteristic value of the historical vulnerability information and the characteristic value of the historical vulnerability information is smaller than a preset characteristic value threshold value, acquiring a solution corresponding to the historical vulnerability information, and sending the solution to an adaptive group terminal.
It should be noted that, the present invention can also refer to the solved historical vulnerability information to obtain a corresponding solution, and send the solution to the corresponding group member for reference. Comparing the characteristic values of the historical vulnerability information, if the characteristic values are solved, indicating that the current vulnerability information is identical or similar to the previous vulnerability information, obtaining a similar solution of the historical vulnerability information, and sending the solution to a corresponding group.
According to the embodiment of the invention, the method further comprises the following steps:
analyzing whether the vulnerability information relates to a plurality of adaptation groups;
if a plurality of adaptation groups are involved, respectively corresponding the vulnerability information to each adaptation group and recording the vulnerability information in vulnerability group corresponding table information;
detecting whether the state of the vulnerability information changes;
and if the change exists, updating the vulnerability group corresponding table information.
It should be noted that, in the processing of some vulnerabilities, multiple groups are often needed to be solved together, for example, the BUG processing of video card may require the video group and the protocol group to be processed together. When a plurality of groups need to be processed cooperatively, a plurality of groups need to be marked in the vulnerability group mapping table information. And then detecting whether the state of the vulnerability information changes, and if so, updating the vulnerability group corresponding table information.
According to the embodiment of the invention, the method further comprises the following steps:
acquiring the importance level of the vulnerability information;
determining the time for solving the vulnerability information according to the importance level, and generating time information;
determining the priority order of project development progress according to the importance level;
if the importance level is greater than or equal to a preset level threshold value, adjusting the priority order of the project development progress to generate project priority information;
and sending the time information and the project development priority information to an adaptive group terminal.
It should be noted that after the product is released to the market, there are some bugs many times, and some bugs may seriously affect the use experience of the user, for example, the user cannot log in an account, and the screen is severely stuck. Therefore, different important levels can be obtained for different vulnerabilities, the levels can be divided into important, general and lower, and the higher level indicates that the user experience is more important, so that project members or development members need to preferentially solve the vulnerability problem. Firstly, obtaining the importance level of the vulnerability information, then determining the time for solving the vulnerability information according to the importance level, and generating time information. The time information here is the time required for solving the bug problem, and generally, the higher the importance level of the bug is, the lower the time to be solved is. And then determining the priority order of the project development progress according to the importance level, and if the importance level is greater than or equal to a preset level threshold, adjusting the priority order of the project development progress to generate project priority information. The higher the vulnerability level is, the better the developer needs to process, and the higher the vulnerability level is, the higher the vulnerability level needs to be in the front of the project development schedule. And then sending the time information and the project development priority information to an adaptive group terminal.
According to the embodiment of the present invention, the determining time for solving the vulnerability information according to the importance level and generating the time information specifically include:
acquiring an influence factor;
if the influence factor is larger than or equal to a preset first threshold value, multiplying the reference time by a first coefficient to obtain time information; if the influence factor is smaller than a preset first threshold and larger than a preset second threshold, multiplying the reference time by a second coefficient to obtain time information; and if the influence factor is smaller than a preset second threshold value, multiplying the reference time by a third coefficient to obtain time information.
It should be noted that the influence factor is a parameter indicating influence on the user experience and the number of users, and a higher influence factor indicates that the user experience is worse and the influence range is wider. Therefore, the time for solving the bug needs to be determined according to the influence factors, the bug is solved as early as possible, and the influence is eliminated. Firstly, an influence factor is obtained, and then the size of the influence factor is judged. The vulnerability solving time is preset with reference time, and the reference time is set by a person skilled in the art according to actual needs and experience and can also be set according to the difficulty of the vulnerability, for example, the vulnerability with high difficulty is set to be solved in 30 working hours; as another example, a common hole is set to be solved for 10 work hours. And comparing the influence factor with a preset first threshold, and if the influence factor is larger than or equal to the preset first threshold, indicating that the range of influence is large and the product has serious defects, multiplying the reference time by a first coefficient to obtain time information. And if the influence factor is smaller than a preset first threshold and larger than a preset second threshold, multiplying the reference time by a second coefficient to obtain time information. And if the influence factor is smaller than a preset second threshold value, multiplying the reference time by a third coefficient to obtain time information. Wherein the first threshold > the second threshold > the third threshold, the first coefficient < the second coefficient < the third coefficient. That is, the first coefficient is the minimum, for example, the first coefficient is 0.4, the second coefficient is 0.6, and the third coefficient is 1, so that when the influence factor is large and exceeds the preset first threshold, the reference time 30 hours is multiplied by 0.4, and when the influence factor is 12 hours, the time information is 12 hours.
According to the embodiment of the present invention, the calculation of the influence factor specifically includes:
acquiring user influence range data and vulnerability experience degree information;
calculating the characteristic values of the user influence range data and the vulnerability experience degree information;
acquiring historical user influence range data and vulnerability experience degree information as historical data, and calculating a characteristic value;
comparing the current user influence range data and vulnerability experience degree information with the characteristic values of historical data;
if the difference value of the characteristic values is within a preset range, taking the historical data as a proximity data set;
and acquiring a plurality of influence factors close to the data set, and calculating to obtain the influence factors.
It should be noted that the influence factor of the current vulnerability can be obtained through comparison of previous historical data, and if a similar influence range or vulnerability experience degree exists in the past, reference can be directly taken. Firstly, user influence range data and vulnerability experience degree information are obtained, namely the information of the current vulnerability influence is obtained. And then calculating the characteristic values of the user influence range data and the vulnerability experience degree information to obtain characteristic value information. And then obtaining historical user influence range data and vulnerability experience degree information as historical data, and calculating a characteristic value. And comparing the current user influence range data and vulnerability experience degree information with the characteristic values of the historical data. And if the characteristic value difference is within a preset range, namely the characteristic values are relatively close and the vulnerability conditions are also close, taking the historical data as a close data group. And then acquiring a plurality of influence factors close to the data set, and calculating to obtain the influence factors. Wherein the calculation may be a weighted average calculation, that is, an average value of a plurality of influence factors is obtained; the eigenvalues in the historical data can also be arranged according to the similarity of the eigenvalues, the weight with the highest similarity is the highest, the weight with the lowest similarity is the lowest, the sum of a plurality of weights is 1, each weight is arranged according to the arithmetic progression rule, then the sum of the weights is obtained after weighting, and then the sum is divided by the number of data in the approximate data group. If there are only 2 data, the weight can be 0.6 and 0.4, and the weight with the highest similarity is 0.6.
According to the embodiment of the invention, the method further comprises the following steps:
acquiring the important level of the vulnerability information and the current environment information;
determining first time interval information according to the importance level of the vulnerability information and the current environment information;
and taking the first time interval information as a preset time interval.
It should be noted that, the preset time interval information may also be obtained according to the importance level of the vulnerability information and the current environment information, and the environment information may be information such as current time information, frequency of use in current unit time, current number of users, and number of online developers. By judging the current environment, the influence degree of the vulnerability can be determined, for example, the vulnerability is found in the early morning, the user usage is less, the number of developers is less, the time interval can be increased at the moment, the refreshing is not required to be frequent, and the resource and load consumption is reduced. Firstly, the importance level of the vulnerability information and the current environment information are obtained. Then, determining first time interval information according to the importance level of the vulnerability information and the current environment information, wherein the importance level is not high, and when the influence of use is not large according to the environment information, the value of the first time interval can be increased slightly; if the ranking is high and the range and impact of the usage is too great, the first time interval is reduced.
According to the embodiment of the invention, the method further comprises the following steps:
determining the repetition times according to the loophole information;
if the repeated times exceed a preset time threshold, sending the repeated times to a server;
the server side analyzes the vulnerability information in a cloud computing mode to obtain error positioning information;
and sending the error positioning information and the vulnerability information to a preset personnel end.
It should be noted that when certain vulnerability information always appears or repeatedly appears, the vulnerability may be affected by a corresponding worker or other links, so that the reason of the vulnerability and the location of the error point need to be calculated and analyzed in a cloud computing manner at this time, and the information is sent to a preset person, where the preset person may be an engineer or a developer with more experience, so that the current vulnerability can be solved by the developer with more experience.
According to the embodiment of the invention, the method further comprises the following steps:
determining the time and the influence factor of the existence of the vulnerability according to the vulnerability group corresponding table information;
determining the work performance of the corresponding group according to the time of the existence of the vulnerability and the influence factor;
and sending the work performance to a preset personnel end for display.
It should be noted that the vulnerability group mapping table can also be linked with the work performance, and after some vulnerabilities are solved quickly or important vulnerabilities are solved quickly, the vulnerability group mapping table can be adapted to increase the work performance scores of corresponding groups or corresponding developers, so that the incentives are automatically performed, and the experience of the developers is improved.
Fig. 2 is a block diagram of a system for automatically correcting vulnerability information according to the present invention.
As shown in fig. 2, a second aspect of the present invention discloses a system 2 for automatically correcting vulnerability information, which includes: a memory 21 and a processor 22, wherein the memory includes a method program for automatically correcting vulnerability information, and when executed by the processor, the method program for automatically correcting vulnerability information implements the following steps:
acquiring vulnerability group corresponding table information;
acquiring vulnerability information change data according to a preset time interval;
comparing the vulnerability information change data with background group information;
and if the vulnerability group corresponding table information is inconsistent, changing the vulnerability group corresponding table information and displaying the vulnerability group corresponding table information.
It should be noted that the BUG group mapping table is a mapping table of the BUG information and the background group information, and indicates BUG information that each group needs to process, for example, a BUG that the video group needs to process video chudun, and also indicates a state of BUG processing, for example, closed, solved, online, verified, not a problem, allocated, and repeated problems. The information can be counted through the vulnerability group corresponding table information, for example, the number of vulnerability information in different states below each group is counted. The vulnerability information change data can be obtained at a preset time interval, and the preset time interval can be fixed, set by a person skilled in the art according to actual needs and can also be dynamically changed. And then comparing the vulnerability information change data with the background group information, wherein if the vulnerability information change data changes with the background group information, the change may be the change of the state or circulation of the vulnerability information, and also may be the change of the background group information. For example, the vulnerability information is originally processed by the video group, but after the video group receives the vulnerability information, the video group finds that the vulnerability information is a problem of the protocol group, and then the video group transfers the vulnerability information stream to the protocol group, and if the change of the transfer occurs, the vulnerability group corresponding table information needs to be changed. After the vulnerability group corresponding table information is changed, the changed table information needs to be displayed to each group end and the corresponding member end in the group.
According to the embodiment of the invention, the method further comprises the following steps:
detecting whether the background group information has changes;
and if the change exists, updating the vulnerability group corresponding table information according to the changed background group information.
It should be noted that the background group information is group information recorded by the background or the server, and in actual work, the group may be frequently changed or merged, which may cause a change in the group information, and it is necessary to detect whether the background group information has a change in real time, and if the background group information has a change, update the vulnerability group correspondence table information according to the changed background group information.
According to the embodiment of the invention, the method further comprises the following steps:
acquiring vulnerability information;
sending the vulnerability information to a vulnerability neural network model to obtain adaptive group information;
and recording the adaptive group information and the vulnerability information into vulnerability group corresponding table information.
It should be noted that after the worker finds the BUG, the worker often does not know what group to give to process, and the method and the device can automatically judge the group corresponding to the BUG information by using the neural network model. Firstly, acquiring vulnerability information, then preprocessing the vulnerability information, sending the vulnerability information to a vulnerability neural network model to obtain adaptation group information, and finally recording the adaptation group information and the vulnerability information into vulnerability group corresponding table information so as to facilitate the examination of personnel in a group. The neural network model is trained in advance and is formed by training more historical data.
According to the embodiment of the invention, the method further comprises the following steps:
sending the vulnerability information to a vulnerability neural network model to obtain solution method information;
and sending the solution to an adaptive group terminal.
It should be noted that the present invention can analyze not only group analysis by the neural network model, but also a solution to a vulnerability. The solving method information obtained through the neural network can enable the corresponding group members to refer to the solving method information for BUG processing, and the using experience of the user is improved.
According to the embodiment of the invention, the method further comprises the following steps:
acquiring the state of the vulnerability information to obtain state information;
and updating the state information to the vulnerability group corresponding table information.
It should be noted that the vulnerability status may change frequently over time, and the vulnerability status may be closed, resolved, online, verified, not a problem, allocated, duplicate, etc. After the state changes, the state information of the vulnerability group can be updated to the vulnerability group corresponding table information, so that the vulnerability group corresponding table information is convenient for workers to count.
According to the embodiment of the invention, the method further comprises the following steps:
comparing the characteristic value of the vulnerability information with the historical vulnerability information;
and if the difference value of the characteristic value of the historical vulnerability information and the characteristic value of the historical vulnerability information is smaller than a preset characteristic value threshold value, acquiring a solution corresponding to the historical vulnerability information, and sending the solution to an adaptive group terminal.
It should be noted that, the present invention can also refer to the solved historical vulnerability information to obtain a corresponding solution, and send the solution to the corresponding group member for reference. Comparing the characteristic values of the historical vulnerability information, if the characteristic values are solved, indicating that the current vulnerability information is identical or similar to the previous vulnerability information, obtaining a similar solution of the historical vulnerability information, and sending the solution to a corresponding group.
According to the embodiment of the invention, the method further comprises the following steps:
analyzing whether the vulnerability information relates to a plurality of adaptation groups;
if a plurality of adaptation groups are involved, respectively corresponding the vulnerability information to each adaptation group and recording the vulnerability information in vulnerability group corresponding table information;
detecting whether the state of the vulnerability information changes;
and if the change exists, updating the vulnerability group corresponding table information.
It should be noted that, in the processing of some vulnerabilities, multiple groups are often needed to be solved together, for example, the BUG processing of video card may require the video group and the protocol group to be processed together. When a plurality of groups need to be processed cooperatively, a plurality of groups need to be marked in the vulnerability group mapping table information. And then detecting whether the state of the vulnerability information changes, and if so, updating the vulnerability group corresponding table information.
According to the embodiment of the invention, the method further comprises the following steps:
acquiring the importance level of the vulnerability information;
determining the time for solving the vulnerability information according to the importance level, and generating time information;
determining the priority order of project development progress according to the importance level;
if the importance level is greater than or equal to a preset level threshold value, adjusting the priority order of the project development progress to generate project priority information;
and sending the time information and the project development priority information to an adaptive group terminal.
It should be noted that after the product is released to the market, there are some bugs many times, and some bugs may seriously affect the use experience of the user, for example, the user cannot log in an account, and the screen is severely stuck. Therefore, different important levels can be obtained for different vulnerabilities, the levels can be divided into important, general and lower, and the higher level indicates that the user experience is more important, so that project members or development members need to preferentially solve the vulnerability problem. Firstly, obtaining the importance level of the vulnerability information, then determining the time for solving the vulnerability information according to the importance level, and generating time information. The time information here is the time required for solving the bug problem, and generally, the higher the importance level of the bug is, the lower the time to be solved is. And then determining the priority order of the project development progress according to the importance level, and if the importance level is greater than or equal to a preset level threshold, adjusting the priority order of the project development progress to generate project priority information. The higher the vulnerability level is, the better the developer needs to process, and the higher the vulnerability level is, the higher the vulnerability level needs to be in the front of the project development schedule. And then sending the time information and the project development priority information to an adaptive group terminal.
According to the embodiment of the present invention, the determining time for solving the vulnerability information according to the importance level and generating the time information specifically include:
acquiring an influence factor;
if the influence factor is larger than or equal to a preset first threshold value, multiplying the reference time by a first coefficient to obtain time information; if the influence factor is smaller than a preset first threshold and larger than a preset second threshold, multiplying the reference time by a second coefficient to obtain time information; and if the influence factor is smaller than a preset second threshold value, multiplying the reference time by a third coefficient to obtain time information.
It should be noted that the influence factor is a parameter indicating influence on the user experience and the number of users, and a higher influence factor indicates that the user experience is worse and the influence range is wider. Therefore, the time for solving the bug needs to be determined according to the influence factors, the bug is solved as early as possible, and the influence is eliminated. Firstly, an influence factor is obtained, and then the size of the influence factor is judged. The vulnerability solving time is preset with reference time, and the reference time is set by a person skilled in the art according to actual needs and experience and can also be set according to the difficulty of the vulnerability, for example, the vulnerability with high difficulty is set to be solved in 30 working hours; as another example, a common hole is set to be solved for 10 work hours. And comparing the influence factor with a preset first threshold, and if the influence factor is larger than or equal to the preset first threshold, indicating that the range of influence is large and the product has serious defects, multiplying the reference time by a first coefficient to obtain time information. And if the influence factor is smaller than a preset first threshold and larger than a preset second threshold, multiplying the reference time by a second coefficient to obtain time information. And if the influence factor is smaller than a preset second threshold value, multiplying the reference time by a third coefficient to obtain time information. Wherein the first threshold > the second threshold > the third threshold, the first coefficient < the second coefficient < the third coefficient. That is, the first coefficient is the minimum, for example, the first coefficient is 0.4, the second coefficient is 0.6, and the third coefficient is 1, so that when the influence factor is large and exceeds the preset first threshold, the reference time 30 hours is multiplied by 0.4, and when the influence factor is 12 hours, the time information is 12 hours.
According to the embodiment of the present invention, the calculation of the influence factor specifically includes:
acquiring user influence range data and vulnerability experience degree information;
calculating the characteristic values of the user influence range data and the vulnerability experience degree information;
acquiring historical user influence range data and vulnerability experience degree information as historical data, and calculating a characteristic value;
comparing the current user influence range data and vulnerability experience degree information with the characteristic values of historical data;
if the difference value of the characteristic values is within a preset range, taking the historical data as a proximity data set;
and acquiring a plurality of influence factors close to the data set, and calculating to obtain the influence factors.
It should be noted that the influence factor of the current vulnerability can be obtained through comparison of previous historical data, and if a similar influence range or vulnerability experience degree exists in the past, reference can be directly taken. Firstly, user influence range data and vulnerability experience degree information are obtained, namely the information of the current vulnerability influence is obtained. And then calculating the characteristic values of the user influence range data and the vulnerability experience degree information to obtain characteristic value information. And then obtaining historical user influence range data and vulnerability experience degree information as historical data, and calculating a characteristic value. And comparing the current user influence range data and vulnerability experience degree information with the characteristic values of the historical data. And if the characteristic value difference is within a preset range, namely the characteristic values are relatively close and the vulnerability conditions are also close, taking the historical data as a close data group. And then acquiring a plurality of influence factors close to the data set, and calculating to obtain the influence factors. Wherein the calculation may be a weighted average calculation, that is, an average value of a plurality of influence factors is obtained; the eigenvalues in the historical data can also be arranged according to the similarity of the eigenvalues, the weight with the highest similarity is the highest, the weight with the lowest similarity is the lowest, the sum of a plurality of weights is 1, each weight is arranged according to the arithmetic progression rule, then the sum of the weights is obtained after weighting, and then the sum is divided by the number of data in the approximate data group. If there are only 2 data, the weight can be 0.6 and 0.4, and the weight with the highest similarity is 0.6.
According to the embodiment of the invention, the method further comprises the following steps:
acquiring the important level of the vulnerability information and the current environment information;
determining first time interval information according to the importance level of the vulnerability information and the current environment information;
and taking the first time interval information as a preset time interval.
It should be noted that, the preset time interval information may also be obtained according to the importance level of the vulnerability information and the current environment information, and the environment information may be information such as current time information, frequency of use in current unit time, current number of users, and number of online developers. By judging the current environment, the influence degree of the vulnerability can be determined, for example, the vulnerability is found in the early morning, the user usage is less, the number of developers is less, the time interval can be increased at the moment, the refreshing is not required to be frequent, and the resource and load consumption is reduced. Firstly, the importance level of the vulnerability information and the current environment information are obtained. Then, determining first time interval information according to the importance level of the vulnerability information and the current environment information, wherein the importance level is not high, and when the influence of use is not large according to the environment information, the value of the first time interval can be increased slightly; if the ranking is high and the range and impact of the usage is too great, the first time interval is reduced.
According to the embodiment of the invention, the method further comprises the following steps:
determining the repetition times according to the loophole information;
if the repeated times exceed a preset time threshold, sending the repeated times to a server;
the server side analyzes the vulnerability information in a cloud computing mode to obtain error positioning information;
and sending the error positioning information and the vulnerability information to a preset personnel end.
It should be noted that when certain vulnerability information always appears or repeatedly appears, the vulnerability may be affected by a corresponding worker or other links, so that the reason of the vulnerability and the location of the error point need to be calculated and analyzed in a cloud computing manner at this time, and the information is sent to a preset person, where the preset person may be an engineer or a developer with more experience, so that the current vulnerability can be solved by the developer with more experience.
According to the embodiment of the invention, the method further comprises the following steps:
determining the time and the influence factor of the existence of the vulnerability according to the vulnerability group corresponding table information;
determining the work performance of the corresponding group according to the time of the existence of the vulnerability and the influence factor;
and sending the work performance to a preset personnel end for display.
It should be noted that the vulnerability group mapping table can also be linked with the work performance, and after some vulnerabilities are solved quickly or important vulnerabilities are solved quickly, the vulnerability group mapping table can be adapted to increase the work performance scores of corresponding groups or corresponding developers, so that the incentives are automatically performed, and the experience of the developers is improved.
A third aspect of the present invention discloses a computer-readable storage medium, where the computer-readable storage medium includes a program for automatically correcting vulnerability information, and when the program for automatically correcting vulnerability information is executed by a processor, the method for automatically correcting vulnerability information implements any one of the steps of the method for automatically correcting vulnerability information described above.
The method, the system and the readable storage medium for automatically correcting the vulnerability information can automatically classify the groups of the vulnerability, can adjust the corresponding relation between the vulnerability and the groups in time when the groups are changed, can also distribute the vulnerability information in a self-adaptive manner through a neural network model, and can also automatically analyze and solve the problem through similar vulnerability conditions. The method can avoid manual one-to-one check, ensure accurate data, facilitate macroscopically grasping the project condition and promote the project progress in time.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only a logical functional division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units; can be located in one place or distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all the functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Alternatively, the integrated unit of the present invention may be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as a separate product. Based on such understanding, the technical solutions of the embodiments of the present invention may be essentially implemented or a part contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, a ROM, a RAM, a magnetic or optical disk, or various other media that can store program code.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (10)
1. A method for automatically correcting vulnerability information, comprising:
acquiring vulnerability group corresponding table information;
acquiring vulnerability information change data according to a preset time interval;
comparing the vulnerability information change data with background group information;
if not, changing the information of the vulnerability group corresponding table and displaying;
the background group information is group information recorded by a background or a server.
2. The method for automatically correcting the vulnerability information according to claim 1, further comprising: detecting whether the background group information has changes;
and if the change exists, updating the vulnerability group corresponding table information according to the changed background group information.
3. The method for automatically correcting the vulnerability information according to claim 1, further comprising: acquiring vulnerability information;
sending the vulnerability information to a vulnerability neural network model to obtain adaptive group information;
and recording the adaptive group information and the vulnerability information into vulnerability group corresponding table information.
4. The method of claim 3, further comprising: sending the vulnerability information to a vulnerability neural network model to obtain solution method information;
and sending the solution to an adaptive group terminal.
5. The method for automatically correcting the vulnerability information according to claim 1, further comprising: acquiring the importance level of the vulnerability information;
determining the time for solving the vulnerability information according to the importance level, and generating time information;
determining the priority order of project development progress according to the importance level;
if the importance level is greater than or equal to a preset level threshold value, adjusting the priority order of the project development progress to generate project priority information;
and sending the time information and the project development priority information to an adaptive group terminal.
6. The method according to claim 5, wherein the generating time information specifically includes: acquiring an influence factor;
if the influence factor is larger than or equal to a preset first threshold value, multiplying the reference time by a first coefficient to obtain time information; if the influence factor is smaller than a preset first threshold and larger than a preset second threshold, multiplying the reference time by a second coefficient to obtain time information; and if the influence factor is smaller than a preset second threshold value, multiplying the reference time by a third coefficient to obtain time information.
7. The method for automatically correcting the vulnerability information according to claim 1, further comprising: analyzing whether the vulnerability information relates to a plurality of adaptation groups;
if a plurality of adaptation groups are involved, respectively corresponding the vulnerability information to each adaptation group and recording the vulnerability information in vulnerability group corresponding table information;
detecting whether the state of the vulnerability information changes;
and if the change exists, updating the vulnerability group corresponding table information.
8. A system for automatically correcting vulnerability information, the system comprising: the memory comprises a method program for automatically correcting the vulnerability information, and when the method program for automatically correcting the vulnerability information is executed by the processor, the following steps are realized:
acquiring vulnerability group corresponding table information;
acquiring vulnerability information change data according to a preset time interval;
comparing the vulnerability information change data with background group information;
if not, changing the information of the vulnerability group corresponding table and displaying;
the background group information is group information recorded by a background or a server.
9. The system for automatically correcting the vulnerability information according to claim 8, further comprising: acquiring the importance level of the vulnerability information;
determining the time for solving the vulnerability information according to the importance level, and generating time information;
determining the priority order of project development progress according to the importance level;
if the importance level is greater than or equal to a preset level threshold value, adjusting the priority order of the project development progress to generate project priority information;
and sending the time information and the project development priority information to an adaptive group terminal.
10. A computer-readable storage medium, wherein the computer-readable storage medium includes a method program for automatically correcting vulnerability information, and when the method program for automatically correcting vulnerability information is executed by a processor, the method program for automatically correcting vulnerability information implements the steps of a method for automatically correcting vulnerability information according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110549324.0A CN112988447B (en) | 2021-05-20 | 2021-05-20 | Method, system and readable storage medium for automatically correcting vulnerability information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110549324.0A CN112988447B (en) | 2021-05-20 | 2021-05-20 | Method, system and readable storage medium for automatically correcting vulnerability information |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112988447A CN112988447A (en) | 2021-06-18 |
| CN112988447B true CN112988447B (en) | 2021-08-20 |
Family
ID=76337067
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110549324.0A Active CN112988447B (en) | 2021-05-20 | 2021-05-20 | Method, system and readable storage medium for automatically correcting vulnerability information |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112988447B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107977579A (en) * | 2017-12-19 | 2018-05-01 | 福建中金在线信息科技有限公司 | A kind of method and device of administrative vulnerability information |
| CN109729068A (en) * | 2018-11-23 | 2019-05-07 | 北京丁牛科技有限公司 | Security breaches auditing system based on block chain technology |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107957941B (en) * | 2016-10-17 | 2021-03-16 | 腾讯科技(深圳)有限公司 | Method and device for processing memory leakage of mobile terminal |
| CN109784060A (en) * | 2018-12-12 | 2019-05-21 | 平安科技(深圳)有限公司 | Vulnerability Management report-generating method, device and storage medium, server |
| CN111338692B (en) * | 2018-12-18 | 2024-04-16 | 北京奇虎科技有限公司 | Vulnerability classification method and device based on vulnerability codes and electronic equipment |
| US10725846B1 (en) * | 2019-04-02 | 2020-07-28 | Sap Se | Reference debugging using associative registry |
| CN110826071B (en) * | 2019-09-24 | 2023-09-26 | 平安科技(深圳)有限公司 | Software vulnerability risk prediction method, device, equipment and storage medium |
-
2021
- 2021-05-20 CN CN202110549324.0A patent/CN112988447B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107977579A (en) * | 2017-12-19 | 2018-05-01 | 福建中金在线信息科技有限公司 | A kind of method and device of administrative vulnerability information |
| CN109729068A (en) * | 2018-11-23 | 2019-05-07 | 北京丁牛科技有限公司 | Security breaches auditing system based on block chain technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112988447A (en) | 2021-06-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7933934B2 (en) | Operator-specific quality management and quality improvement | |
| AU2016328959A1 (en) | Updating attribute data structures to indicate trends in attribute data provided to automated modeling systems | |
| CN107391692A (en) | The appraisal procedure and device of a kind of recommendation effect | |
| CN112016101B (en) | Software research and development safety capability dynamic evaluation and promotion method and system | |
| US7860700B2 (en) | Hardware verification batch computing farm simulator | |
| CN104915600A (en) | Android application security risk evaluating method and device | |
| CN113837596A (en) | Fault determination method and device, electronic equipment and storage medium | |
| CN109783385A (en) | A kind of product test method and apparatus | |
| CN114780233A (en) | Scheduling method and device based on microservice link analysis and reinforcement learning | |
| WO2020247286A1 (en) | System and method for improving performance in an enterprise computing environment | |
| CN112988447B (en) | Method, system and readable storage medium for automatically correcting vulnerability information | |
| CN111784173B (en) | AB experiment data processing method, device, server and medium | |
| CN113296992A (en) | Method, device, equipment and storage medium for determining abnormal reason | |
| CN113742069A (en) | Capacity prediction method and device based on artificial intelligence and storage medium | |
| WO2011149608A1 (en) | Identifying and using critical fields in quality management | |
| CN110287158A (en) | Monitor the method, apparatus and storage medium of distributed file system IO time delay | |
| CN107357703B (en) | Terminal application power consumption detection method and server | |
| CN113673811B (en) | On-line learning performance evaluation method and device based on session | |
| CN109636083A (en) | Blacklist analysis method, device, equipment and computer readable storage medium | |
| CN114282940A (en) | Method and apparatus for intention recognition, storage medium, and electronic device | |
| CN109783773B (en) | Method and device for determining abnormal flow of website interface | |
| CN110766544A (en) | Credit risk detection method and device, storage medium and electronic device | |
| CN111598390A (en) | Server high availability evaluation method, device, equipment and readable storage medium | |
| WO2023029065A1 (en) | Method and apparatus for evaluating data set quality, computer device, and storage medium | |
| US20230133110A1 (en) | Systems and methods for detection of cryptocurrency mining using processor metadata |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |