WO2021027328A1 - 漏洞处理跟踪方法、装置、计算机系统及可读存储介质 - Google Patents
漏洞处理跟踪方法、装置、计算机系统及可读存储介质 Download PDFInfo
- Publication number
- WO2021027328A1 WO2021027328A1 PCT/CN2020/087427 CN2020087427W WO2021027328A1 WO 2021027328 A1 WO2021027328 A1 WO 2021027328A1 CN 2020087427 W CN2020087427 W CN 2020087427W WO 2021027328 A1 WO2021027328 A1 WO 2021027328A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- vulnerability
- information
- development
- time
- category
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Definitions
- This application relates to the field of communication technology, and in particular to a vulnerability processing and tracking method, device, computer system, and readable storage medium.
- the vulnerability data When the current tester discovers a vulnerability, the vulnerability data will be sent to the relevant developer. If the developer has no free time, the processing progress of the vulnerability data will often be queued back. As a result, once the development When personnel are under heavy workload or fatigue, it is easy to forget to deal with the vulnerability data;
- testers constantly urge developers to deal with vulnerability data.
- the inventor found that not only the work efficiency of testers is reduced, but it is also easy for developers to forget to deal with a certain vulnerability due to the excessive amount of vulnerability data.
- the occurrence of one or several vulnerability data results in a low completion rate of vulnerability processing and poor timeliness; this situation is fatal for projects with a short online period and a large workload.
- the purpose of this application is to provide a vulnerability processing and tracking method, device, computer system and readable storage medium, which are suitable for the field of artificial intelligence and used to solve the above-mentioned problems in the prior art.
- this application provides a vulnerability processing and tracking method, including the following steps: S1: receiving vulnerability data output by a test client, and recording the entry time of receiving the vulnerability data, and obtaining a test identity based on the vulnerability data Information and development identity information; package the entry time, the vulnerability data, the test identity information, and the development identity information to obtain vulnerability packaging information; S2: determine the vulnerability level of the vulnerability packaging information according to the vulnerability rules; S3: Store the vulnerability packaging information in the vulnerability database according to the vulnerability level; S4: Use processing rules for vulnerability packaging information and generate reminder information based on the vulnerability packaging information, and output the reminder information to the corresponding development identity information Development client.
- the step S1 includes the following steps: S101: receiving the vulnerability data output by the test client, and recording the entry time when the vulnerability data is received; S102: sending the vulnerability data to the test client according to the vulnerability data Output test identity request; S103: Receive test identity information and development identity information output by the test client according to the test identity request; S104: Package the entry time, vulnerability data, test identity information and development identity information to obtain Vulnerability packaging information.
- this application also provides a vulnerability processing and tracking device, including: a vulnerability packaging information generation module, which is used to receive vulnerability data output by the test client, and record the entry time of receiving the vulnerability data, according to the Vulnerability data obtains test identity information and development identity information; package the entry time, the vulnerability data, the test identity information, and the development identity information to obtain vulnerability packaging information; the vulnerability level evaluation module is used to determine the location based on the vulnerability rules The vulnerability level of the vulnerability packaging information; the vulnerability packaging information storage module is used to store the vulnerability packaging information in the vulnerability database according to the vulnerability level; the reminder information generation module is used to use the vulnerability packaging information utilization processing rules and according to the The vulnerability packaging information generates reminder information, and outputs the reminder information to the development client corresponding to the development identity information.
- a vulnerability packaging information generation module which is used to receive vulnerability data output by the test client, and record the entry time of receiving the vulnerability data, according to the Vulnerability data obtains test identity information and development identity information; package the entry time, the vulnerability data, the test identity information, and the development
- the present application also provides a computer system, which includes a plurality of computer devices, each computer device includes a memory, a processor, and a computer program stored in the memory and running on the processor, the multiple computers
- the processor of the device executes a vulnerability processing and tracking method, wherein the vulnerability processing and tracking method includes the following steps: S1: receiving vulnerability data output by the test client, and recording the entry time of receiving the vulnerability data, according to the Vulnerability data obtains test identity information and development identity information; package the entry time, the vulnerability data, the test identity information, and the development identity information to obtain vulnerability packaging information; S2: judge the vulnerability packaging information according to the vulnerability rules Vulnerability level; S3: Store the vulnerability packaging information in the vulnerability database according to the vulnerability level; S4: Use processing rules for vulnerability packaging information and generate reminder information based on the vulnerability packaging information, and output the reminder information to all
- the development client corresponding to the development identity information is described.
- the step S1 includes the following steps: S101: receiving the vulnerability data output by the test client, and recording the entry time when the vulnerability data is received; S102: sending the vulnerability data to the test client according to the vulnerability data Output test identity request; S103: Receive test identity information and development identity information output by the test client according to the test identity request; S104: Package the entry time, vulnerability data, test identity information and development identity information to obtain Vulnerability packaging information.
- the present application also provides a computer-readable storage medium with a computer program stored on the computer-readable storage medium, and when the computer program is executed by a processor, a vulnerability processing and tracking method is implemented, wherein the The vulnerability processing and tracking method includes the following steps: S1: receiving vulnerability data output by the test client, and recording the entry time of receiving the vulnerability data, obtaining test identity information and development identity information according to the vulnerability data; packaging the entry time , The vulnerability data, the test identity information, and the development identity information to obtain vulnerability packaging information; S2: determine the vulnerability level of the vulnerability packaging information according to the vulnerability rules; S3: package the vulnerability information according to the vulnerability level Stored in the vulnerability database; S4: Utilize processing rules for vulnerability packaging information and generate reminder information according to the vulnerability packaging information, and output the reminder information to the development client corresponding to the development identity information.
- the step S1 includes the following steps: S101: receiving the vulnerability data output by the test client, and recording the entry time when the vulnerability data is received; S102: sending the vulnerability data to the test client according to the vulnerability data Output test identity request; S103: Receive test identity information and development identity information output by the test client according to the test identity request; S104: Package the entry time, vulnerability data, test identity information and development identity information to obtain Vulnerability packaging information.
- the vulnerability processing and tracking method, device, computer system, and readable storage medium realize timely reminding of the development client to avoid the situation that programmers forget to deal with previous vulnerabilities because of busyness, and improve the reminder of testers It is efficient and guarantees the developer’s vulnerability processing completion rate; at the same time, it also ensures that the vulnerability data can be processed within a certain time threshold and the processing is completed on the same day at the latest, ensuring the timeliness of the vulnerability processing work; thus ensuring the online Projects with short deadlines and heavy workloads can go online smoothly.
- FIG. 1 is a flowchart of Embodiment 1 of the vulnerability processing and tracking method of this application;
- FIG. 2 is a flowchart of the work between the vulnerability processing and tracking device, the test client and the development client in the first embodiment of the vulnerability processing and tracking method of this application;
- FIG. 3 is a schematic diagram of program modules of Embodiment 2 of the vulnerability processing and tracking device of this application;
- FIG. 4 is a schematic diagram of the hardware structure of the computer equipment in the third embodiment of the computer system of this application.
- the vulnerability processing and tracking method, device, computer system, and readable storage medium relate to the field of artificial intelligence communication technology.
- a vulnerability processing and tracking method of this embodiment, using the vulnerability processing and tracking device 1, includes the following steps:
- S1 Receive the vulnerability data output by the test client 2 and record the entry time of receiving the vulnerability data, obtain test identity information and development identity information according to the vulnerability data; package the entry time, the vulnerability data, and Said test identity information and said development identity information to obtain vulnerability packaging information;
- S2 Determine the vulnerability level of the vulnerability packaging information according to the vulnerability rules
- S3 Store the vulnerability packaging information in the vulnerability database according to the vulnerability level
- S4 Utilize the vulnerability packaging information processing rules and generate reminder information according to the vulnerability packaging information, and output the reminder information to the development client 3 corresponding to the development identity information.
- step S1 includes the following steps:
- S101 Receive the vulnerability data output by the test client 2, and record the input time when the vulnerability data is received;
- test identity information includes the tester’s avatar and identification code
- development identity information includes The tester’s avatar and identification code
- S104 Package the input time, vulnerability data, test identity information and development identity information to obtain vulnerability packaging information.
- the vulnerability rules in step S2 include vulnerability categories, and the vulnerability categories are respectively set with vulnerability levels.
- the step S2 includes using a space vector model to identify the vulnerability category to which the vulnerability data belongs, and obtaining the vulnerability level of the vulnerability category according to the vulnerability rule.
- the vulnerability categories include:
- Functional categories such as repeated functions, redundant functions, function implementations that do not meet design requirements, and insufficient functional usability, convenience, and ease of use;
- Interface category such as the interface is not beautiful, the control arrangement and format are not uniform, and the focus control is unreasonable or incomplete;
- Suggestions such as functional suggestions, operation suggestions, verification suggestions, and explanation suggestions
- Performance categories such as concurrency, data volume, compression rate, response time;
- Security category such as security loopholes, system loopholes
- the vulnerability rule is to set the function category, data category, process category, and information category to the vulnerability level of level A respectively;
- the vulnerability data is vulnerability packaging information written and submitted by the test engineer in accordance with the bug (vulnerability) submission specification; therefore, the vulnerability data has a vulnerability description item used to describe a bug phenomenon;
- the vulnerability description item has text content in which the test engineer describes the bug phenomenon through text.
- step S2 includes the following steps:
- test vocabulary includes a category vocabulary set classified according to vulnerability categories; the category vocabulary set includes a functional vocabulary set, an interface vocabulary set, a data vocabulary set, a process vocabulary set, and an information vocabulary Collection, suggested vocabulary, performance vocabulary, safety vocabulary, common sense vocabulary and special vocabulary.
- S22 Use the jieba word segmentation component to segment the text content of the vulnerability description item in the vulnerability data, and obtain the word segmentation result;
- the jieba word segmentation is a Chinese word segmentation component developed by Chinese programmers using Python;
- the word segmentation result and functional vocabulary set obtained the functional total vocabulary set, interface total vocabulary set, data total vocabulary set, process vocabulary set, information vocabulary set, suggested vocabulary set, performance vocabulary set, safe vocabulary set, common sense vocabulary set and Special vocabulary set, and obtain the functional total vocabulary set, interface total vocabulary set, data total vocabulary set, process total vocabulary set, information total vocabulary set, recommended total vocabulary set, performance total vocabulary set, safety total vocabulary set, General vocabulary set and special general vocabulary set;
- the total functional vocabulary set after the combination of the word segmentation result and the functional vocabulary set is: [repeat, redundant, function, realization, design, requirements, usability, convenience, ease of use, exit].
- S24 Calculate the word segmentation result and the word frequency of the category vocabulary set according to the category total vocabulary set, and obtain the word segmentation vector and the category vector respectively;
- the word frequency of the word segmentation result is: repeat 1, extra 0, function 1, realization 0, design 0, requirement 0, usability 0, convenience 0, usability 0, exit 1
- the word frequency of the functional vocabulary set is: repeat 1, redundant 1, function 1, realization 1, design 1, requirement 1, usability 1, convenience 1, ease of use 1, exit 0
- the word segmentation vector obtained is: (1,0,1,0,0,0,0,0,0,0,1);
- the function class vector is: (1,1,1,1,1,1,1,1,0).
- S25 Use the space vector model cosine algorithm to calculate the category cosine value of the word segmentation vector and the category vector; compare the cosine values of each category, and use the category vocabulary set corresponding to the category cosine value with the largest value as the target vocabulary set; State the level of the vulnerability category corresponding to the target vocabulary set as the vulnerability level;
- the word segmentation vector a is: (1,0,1,0,0,0,0,0,0,0,1),
- the function class vector b is: (1,1,1,1,1,1,1,1,1,0);
- the obtained functional vocabulary set is the target vocabulary set; and because in the vulnerability rules, the functional category, data category, process category, and information category are classified as level A, therefore, the vulnerability level corresponding to the vulnerability packaging information is set as "Level A".
- the step S3 includes creating a vulnerability database, and storing the vulnerability packaging information in a vulnerability database matching the vulnerability level according to the vulnerability level.
- the vulnerability database includes A database and B database;
- the A database is used to store the vulnerability packaging information of the vulnerability level A;
- the B database is used to store the vulnerability packaging information of the vulnerability level B.
- step S4 includes the following steps:
- processing rules include reverse processing rules and forward processing rules
- the determination time threshold may be four hours.
- S40 includes using reverse processing rules and generating reminder information based on the vulnerability packaging information, and then outputting the reminder information to the development client 3;
- the reminder information generated by the reverse processing rules includes reverse primary reminder information and reverse intermediate reminder Information and reverse advanced reminder information; the S40 includes the following steps:
- step S402 If the real-time reverse time interval is greater than the first reverse threshold, go to step S403;
- step S404 is entered;
- step S405 If the real-time reverse time interval is less than or equal to the second reverse threshold, go to step S405;
- the reverse first threshold is two hours, and the reverse second threshold is one hour;
- the reverse first threshold is four hours
- the reverse second threshold is two hours
- the development client corresponding to the development identity information in the vulnerability package information is sent 3 Output reverse primary reminder information;
- the development client corresponding to the development identity information in the vulnerability package information is sent to the development client 3 Output reverse intermediate reminder information;
- S405 If the real-time reverse time interval receives the processing completion signal output by the development client 3 before reaching zero, eliminate the vulnerability packaging information and generate vulnerability processing completion information;
- the reverse is output to the development client 3 corresponding to the development identity information in the vulnerability packaging information Advanced reminder information.
- S41 includes using forward processing rules to generate reminder information based on the vulnerability packaging information, and then outputting the reminder information to the development client 3;
- the reminder information generated by the forward processing rules includes forward primary reminder information, Positive intermediate reminder information and positive advanced reminder information; the S41 includes the following steps:
- S412 If the real-time forward time interval receives the processing completion signal output by the development client 3 before reaching the first forward threshold, eliminate the vulnerability packaging information and generate vulnerability processing completion information;
- the real-time forward time interval reaches the forward first threshold, and the processing completion signal output by the development client 3 has not been received, the development corresponding to the development identity information in the vulnerability package information is sent The client terminal 3 outputs positive primary reminder information;
- the forward advanced reminder information is output to the development client 3.
- the positive first threshold is two hours
- the positive second threshold is three hours
- the positive third threshold is four hours
- the positive first threshold is four hours
- the positive second threshold is five hours
- the positive third threshold is six hours.
- step S42 Also includes step S42;
- the step S42 includes extracting the development identity information in the vulnerability packaging information, and obtaining a development client 3 that matches the development identity information; according to the development identity information, obtaining the development identity information from the employee database
- the management identity information of the leader is obtained through the management identity information of the management client (not shown in the figure);
- the reminder information is reverse primary reminder information or forward advanced reminder information, output reverse primary reminder information or forward primary reminder information to the development client 3;
- the reminder information is reverse intermediate reminder information or forward intermediate reminder information, output reverse intermediate reminder information or forward intermediate reminder information to the development client 3;
- the reminder information is reverse advanced reminder information or forward advanced reminder information
- the reminder information can be sent to the development client and management client by means of e-mail, SMS, etc.
- the development identity information includes the avatar and the identity identification code of the developer;
- the management identity information includes the avatar and the identity identification code of the manager.
- step S5 evaluating the development identity information corresponding to the development client 3 according to the reminder information and the vulnerability processing completion information;
- the development identity information corresponding to the development client 3 Generate secondary evaluation
- the development identity information corresponding to the development client 3 Generate a three-level evaluation
- the development identity information corresponding to the development client 3 Generate four-level evaluation
- the development client 3 If the vulnerability processing completion information output by the development client 3 is not received, and the reverse advanced reminder information or the forward advanced reminder information is output to the development client 3, the development identity corresponding to the development client 3 The information generates a five-level evaluation.
- the work efficiency and work effect of the developers are evaluated and displayed, and the management efficiency is improved.
- a vulnerability processing and tracking device 1 of this embodiment includes the following steps:
- the vulnerability packaging information generating module 11 is used to receive the vulnerability data output by the test client 2 and record the entry time of receiving the vulnerability data, obtain test identity information and development identity information according to the vulnerability data; package the entry time , The vulnerability data, the test identity information, and the development identity information obtain vulnerability packaging information;
- the vulnerability level evaluation module 12 is used to determine the vulnerability level of the vulnerability packaging information according to the vulnerability rules
- the vulnerability packaging information storage module 13 is used to store the vulnerability packaging information in the vulnerability database according to the vulnerability level;
- the reminder information generating module 14 is configured to utilize processing rules for vulnerability packaging information and generate reminder information according to the vulnerability packaging information, and output the reminder information to the development client 3 corresponding to the development identity information.
- it further includes a development evaluation module 15 for evaluating the development identity information corresponding to the development client 3 based on the reminder information and the vulnerability processing completion information.
- This technical solution is based on the field of artificial intelligence and uses a word segmentation model to segment the text content of the vulnerability description item in the vulnerability data and obtain the word segmentation result to realize the semantic analysis of the text content; combine the word segmentation result and the category vocabulary to obtain the category total Vocabulary set; calculate the word segmentation result and the word frequency of the category vocabulary set according to the category total vocabulary set, and obtain the word segmentation vector and category vector respectively; use the space vector model cosine algorithm to calculate the category cosine value of the word segmentation vector and the category vector; compare the cosine values of each category , The category vocabulary set corresponding to the category cosine value with the largest value is taken as the target vocabulary set; according to the vulnerability rules, the level of the vulnerability category corresponding to the target vocabulary set is determined as the vulnerability level.
- this application also provides a computer system, which includes a plurality of computer equipment 4, the component parts of the vulnerability processing tracking device 1 of the second embodiment can be dispersed in different computer equipment, and the computer equipment can be executed Program smart phones, tablet computers, notebook computers, desktop computers, rack servers, blade servers, tower servers or cabinet servers (including independent servers, or server clusters composed of multiple servers), etc.
- the computer device in this embodiment at least includes but is not limited to: a memory 41 and a processor 42 that can be communicatively connected to each other through a system bus, as shown in FIG. 4. It should be pointed out that FIG. 4 only shows a computer device with components, but it should be understood that it is not required to implement all the illustrated components, and more or fewer components may be implemented instead.
- the memory 41 (ie, readable storage medium) includes flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory, etc.), random access memory (RAM), static random access memory (SRAM), Read only memory (ROM), electrically erasable programmable read only memory (EEPROM), programmable read only memory (PROM), magnetic memory, magnetic disk, optical disk, etc.
- the memory 41 may be an internal storage unit of a computer device, such as a hard disk or memory of the computer device.
- the memory 41 may also be an external storage device of the computer device, such as a plug-in hard disk, a smart media card (SMC), or a secure digital (SD) equipped on the computer device.
- the memory 41 may also include both the internal storage unit of the computer device and its external storage device.
- the memory 41 is generally used to store an operating system and various application software installed in a computer device, such as the program code of the vulnerability processing and tracking device in the first embodiment, etc.
- the memory 41 can also be used to temporarily store various types of data that have been output or will be output.
- the processor 42 may be a central processing unit (Central Processing Unit, CPU), a controller, a microcontroller, a microprocessor, or other data processing chips in some embodiments.
- the processor 42 is generally used to control the overall operation of the computer equipment.
- the processor 42 is used to run the program code or processing data stored in the memory 41, for example, to run a vulnerability processing and tracking device, so as to implement the vulnerability processing and tracking method of the first embodiment.
- this application also provides a computer-readable storage medium, which is a volatile storage medium or a non-volatile storage medium, which includes multiple storage media such as flash memory, hard disk, multimedia card, Card type memory (for example, SD or DX memory, etc.), random access memory (RAM), static random access memory (SRAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable Read-only memory (PROM), magnetic memory, magnetic disks, optical disks, servers, App application malls, etc., have computer programs stored thereon, and corresponding functions are realized when the programs are executed by the processor 42.
- a computer-readable storage medium which is a volatile storage medium or a non-volatile storage medium, which includes multiple storage media such as flash memory, hard disk, multimedia card, Card type memory (for example, SD or DX memory, etc.), random access memory (RAM), static random access memory (SRAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programm
- the computer-readable storage medium of this embodiment is used to store the vulnerability processing and tracking device, and when executed by the processor 42 to implement the vulnerability processing and tracking method of the first embodiment: S1: receiving vulnerability data output by the test client, and recording the received Vulnerability data entry time, obtain test identity information and development identity information according to the vulnerability data; package the entry time, the vulnerability data, the test identity information, and the development identity information to obtain vulnerability packaging information; S2: Vulnerability rules determine the vulnerability level of the vulnerability packaging information; S3: store the vulnerability packaging information in the vulnerability database according to the vulnerability level; S4: use the vulnerability packaging information client side processing rules and generate it according to the vulnerability packaging information Reminder information, outputting the reminder information to the development client corresponding to the development identity information.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
Claims (20)
- 一种漏洞处理跟踪方法,其中,包括以下步骤:S1:接收由测试客户端输出的漏洞数据,并记录接收所述漏洞数据的录入时间,根据所述漏洞数据获得测试身份信息和开发身份信息;打包所述录入时间、所述漏洞数据、所述测试身份信息和所述开发身份信息获得漏洞打包信息;S2:根据漏洞规则判断所述漏洞打包信息的漏洞等级;S3:根据所述漏洞等级将所述漏洞打包信息储存在漏洞数据库中;S4:将漏洞打包信息客户端利用处理规则并根据所述漏洞打包信息生成提醒信息,将所述提醒信息输出至所述开发身份信息对应的开发客户端。
- 根据权利要求1所述的漏洞处理跟踪方法,其中,所述步骤S1包括以下步骤:S101:接收由测试客户端输出的漏洞数据,并记录接收到所述漏洞数据时的录入时间;S102:根据所述漏洞数据向所述测试客户端输出测试身份请求;S103:接收由所述测试客户端根据所述测试身份请求输出的测试身份信息,以及开发身份信息;S104:打包所述录入时间、漏洞数据、测试身份信息和开发身份信息获得漏洞打包信息。
- 根据权利要求1所述的漏洞处理跟踪方法,其中,所述步骤S2中的漏洞规则包括漏洞类别,所述漏洞类别分别设定有漏洞等级;所述步骤S2包括利用空间向量模型识别出所述漏洞数据所属的漏洞类别,并根据所述漏洞规则获得所述漏洞类别的漏洞等级。
- 根据权利要求3所述的漏洞处理跟踪方法,其中,所述步骤S2包括以下步骤:S21:创设测试词库,所述测试词库包括按照漏洞类别进行分类的类别词汇集;所述类别词汇集包括功能类词汇集、界面类词汇集、数据类词汇集、流程词汇集、信息词汇集、建议词汇集、性能词汇集、安全词汇集、常识词汇集及特殊词汇集;S22:采用结巴分词组件对所述漏洞数据中漏洞描述项的文本内容进行分词,并获得分词结果;S23:结合所述分词结果和类别词汇集获得类别总词汇集;S24:根据类别总词汇集分别计算分词结果和类别词汇集的词频,并分别获得分词向量以及类别向量;S25:利用空间向量模型余弦算法计算分词向量和类别向量的类别余弦值;对比各类别余弦值,将值最大的类别余弦值所对应类别词汇集作为目标词汇集;根据所述漏 洞规则,将所述目标词汇集所对应的漏洞类别的等级,定为漏洞等级。
- 根据权利要求1所述的漏洞处理跟踪方法,其中,所述步骤S4包括以下步骤:提取漏洞数据库中的漏洞打包信息中的开发身份信息,将漏洞数据库中的漏洞打包信息输出至所述开发身份信息所对应的开发客户端;接收所述开发客户端在接收到所述漏洞打包信息时所输出的确认信息;根据所述确认信息获取漏洞数据库中漏洞打包信息的录入时间,将当日24时与所述录入时间相减获得判定时间间隔;其中,处理规则包括逆向处理规则和正向处理规则;若所述判定时间间隔小于或等于判定时间阈值,则进入S40;若所述判定时间间隔大于判定时间阈值,则进入S41;所述S40包括利用逆向处理规则并根据漏洞打包信息生成提醒信息,再将所述提醒信息输出至开发客户端;所述S41包括利用正向处理规则并根据漏洞打包信息生成提醒信息,再将所述提醒信息输出至开发客户端。
- 根据权利要求5所述的漏洞处理跟踪方法,其中,所述S40包括以下步骤:S401:实时将当日24时与当前时间相减获得实时逆向时间间隔;S402:若所述实时逆向时间间隔大于逆向第一阈值,则进入步骤S403;所述实时逆向时间间隔小于或等于逆向第一阈值,且大于逆向第二阈值,则进入步骤S404;若所述实时逆向时间间隔小于或等于逆向第二阈值,则进入步骤S405;S403:若所述实时逆向时间间隔在到达逆向第一阈值前,接收到了所述开发客户端所输出的处理完成信号,则消除所述漏洞打包信息并生成漏洞处理完成信息;若所述实时逆向时间间隔到达了逆向第一阈值,且仍未接收到所述开发客户端所输出的处理完成信号,则向所述漏洞打包信息中的开发身份信息所对应的开发客户端输出逆向初级提醒信息;S404:若所述实时逆向时间间隔在到达逆向第二阈值前,接收到了所述开发客户端所输出的处理完成信号,则消除所述漏洞打包信息并生成漏洞处理完成信息;若所述实时逆向时间间隔到达了逆向第二阈值,且仍未接收到所述开发客户端所输出的处理完成信号,则向所述漏洞打包信息中的开发身份信息所对应的开发客户端输出逆向中级提醒信息;S405:若所述实时逆向时间间隔在到达零之前,接收到了所述开发客户端所输出的处理完成信号,则消除所述漏洞打包信息并生成漏洞处理完成信息;若所述实时逆向时间间隔已为零,且仍未接收到所述开发客户端所输出的处理完成信号,则向所述漏洞打包信息中的开发身份信息所对应的开发客户端输出逆向高级提醒信息。
- 根据权利要求5所述的漏洞处理跟踪方法,其中,所述S41包括以下步骤:S411:实时将当前时间与录入时间相减,获得实时正向时间间隔;S412:若所述实时正向时间间隔在到达正向第一阈值前,接收到了所述开发客户端所输出的处理完成信号,则消除所述漏洞打包信息并生成漏洞处理完成信息;若所述实时正向时间间隔到达了正向第一阈值时,仍未接收到由所述开发客户端输出的处理完成信号,则向所述漏洞打包信息中的开发身份信息所对应的开发客户端输出正向初级提醒信息;S413:若所述实时正向时间间隔在到达正向第二阈值前,接收到所述开发客户端所输出的处理完成信号,则消除所述漏洞打包信息并生成漏洞处理完成信息;若所述实时正向时间间隔在到达正向第二阈值时,仍未接收到由所述开发客户端所输出的处理完成信号,则向所述开发客户端输出正向中级提醒信息;S414:若所述实时正向时间间隔在到达正向第三阈值前,接收到苏搜开发客户端所输出的处理完成信号,则消除所述漏洞打包信息并生成漏洞处理完成信息;若所述实时正向时间间隔在到达正向第三阈值时,仍未接收到由所述开发客户端所输出的处理完成信号,则向所述开发客户端输出正向高级提醒信息。
- 一种漏洞处理跟踪装置,其中,包括:漏洞打包信息生成模块,用于接收由测试客户端输出的漏洞数据,并记录接收所述漏洞数据的录入时间,根据所述漏洞数据获得测试身份信息和开发身份信息;打包所述录入时间、所述漏洞数据、所述测试身份信息和所述开发身份信息获得漏洞打包信息漏洞等级评价模块,用于根据漏洞规则判断所述漏洞打包信息的漏洞等级;漏洞打包信息储存模块,用于根据所述漏洞等级将所述漏洞打包信息储存在漏洞数据库中;提醒信息生成模块,用于将漏洞打包信息利用处理规则并根据所述漏洞打包信息生成提醒信息,将所述提醒信息输出至所述开发身份信息对应的开发客户端。
- 一种计算机系统,其中,其包括多个计算机设备,各计算机设备包括存储器.处理器以及存储在存储器上并可在处理器上运行的计算机程序,所述多个计算机设备的处理器执行一种漏洞处理跟踪方法;其中,所述漏洞处理跟踪方法包括以下步骤:S1:接收由测试客户端输出的漏洞数据,并记录接收所述漏洞数据的录入时间, 根据所述漏洞数据获得测试身份信息和开发身份信息;打包所述录入时间、所述漏洞数据、所述测试身份信息和所述开发身份信息获得漏洞打包信息;S2:根据漏洞规则判断所述漏洞打包信息的漏洞等级;S3:根据所述漏洞等级将所述漏洞打包信息储存在漏洞数据库中;S4:将漏洞打包信息客户端利用处理规则并根据所述漏洞打包信息生成提醒信息,将所述提醒信息输出至所述开发身份信息对应的开发客户端。
- 根据权利要求9所述的计算机系统,其中,所述步骤S1包括以下步骤:S101:接收由测试客户端输出的漏洞数据,并记录接收到所述漏洞数据时的录入时间;S102:根据所述漏洞数据向所述测试客户端输出测试身份请求;S103:接收由所述测试客户端根据所述测试身份请求输出的测试身份信息,以及开发身份信息;S104:打包所述录入时间、漏洞数据、测试身份信息和开发身份信息获得漏洞打包信息。
- 根据权利要求9所述的计算机系统,其中,所述步骤S2中的漏洞规则包括漏洞类别,所述漏洞类别分别设定有漏洞等级;所述步骤S2包括利用空间向量模型识别出所述漏洞数据所属的漏洞类别,并根据所述漏洞规则获得所述漏洞类别的漏洞等级。
- 根据权利要求11所述的计算机系统,其中,所述步骤S2包括以下步骤:S21:创设测试词库,所述测试词库包括按照漏洞类别进行分类的类别词汇集;所述类别词汇集包括功能类词汇集、界面类词汇集、数据类词汇集、流程词汇集、信息词汇集、建议词汇集、性能词汇集、安全词汇集、常识词汇集及特殊词汇集;S22:采用结巴分词组件对所述漏洞数据中漏洞描述项的文本内容进行分词,并获得分词结果;S23:结合所述分词结果和类别词汇集获得类别总词汇集;S24:根据类别总词汇集分别计算分词结果和类别词汇集的词频,并分别获得分词向量以及类别向量;S25:利用空间向量模型余弦算法计算分词向量和类别向量的类别余弦值;对比各类别余弦值,将值最大的类别余弦值所对应类别词汇集作为目标词汇集;根据所述漏洞规则,将所述目标词汇集所对应的漏洞类别的等级,定为漏洞等级。
- 根据权利要求9所述的计算机系统,其中,所述步骤S4包括以下步骤:提取漏洞数据库中的漏洞打包信息中的开发身份信息,将漏洞数据库中的漏洞打 包信息输出至所述开发身份信息所对应的开发客户端;接收所述开发客户端在接收到所述漏洞打包信息时所输出的确认信息;根据所述确认信息获取漏洞数据库中漏洞打包信息的录入时间,将当日24时与所述录入时间相减获得判定时间间隔;其中,处理规则包括逆向处理规则和正向处理规则;若所述判定时间间隔小于或等于判定时间阈值,则进入S40;若所述判定时间间隔大于判定时间阈值,则进入S41;所述S40包括利用逆向处理规则并根据漏洞打包信息生成提醒信息,再将所述提醒信息输出至开发客户端;所述S41包括利用正向处理规则并根据漏洞打包信息生成提醒信息,再将所述提醒信息输出至开发客户端。
- 根据权利要求13所述的计算机系统,其中,所述S40包括以下步骤:S401:实时将当日24时与当前时间相减获得实时逆向时间间隔;S402:若所述实时逆向时间间隔大于逆向第一阈值,则进入步骤S403;所述实时逆向时间间隔小于或等于逆向第一阈值,且大于逆向第二阈值,则进入步骤S404;若所述实时逆向时间间隔小于或等于逆向第二阈值,则进入步骤S405;S403:若所述实时逆向时间间隔在到达逆向第一阈值前,接收到了所述开发客户端所输出的处理完成信号,则消除所述漏洞打包信息并生成漏洞处理完成信息;若所述实时逆向时间间隔到达了逆向第一阈值,且仍未接收到所述开发客户端所输出的处理完成信号,则向所述漏洞打包信息中的开发身份信息所对应的开发客户端输出逆向初级提醒信息;S404:若所述实时逆向时间间隔在到达逆向第二阈值前,接收到了所述开发客户端所输出的处理完成信号,则消除所述漏洞打包信息并生成漏洞处理完成信息;若所述实时逆向时间间隔到达了逆向第二阈值,且仍未接收到所述开发客户端所输出的处理完成信号,则向所述漏洞打包信息中的开发身份信息所对应的开发客户端输出逆向中级提醒信息;S405:若所述实时逆向时间间隔在到达零之前,接收到了所述开发客户端所输出的处理完成信号,则消除所述漏洞打包信息并生成漏洞处理完成信息;若所述实时逆向时间间隔已为零,且仍未接收到所述开发客户端所输出的处理完成信号,则向所述漏洞打包信息中的开发身份信息所对应的开发客户端输出逆向高级提醒信息。
- 根据权利要求13任一项所述的计算机系统,其中,所述S41包括以下步骤:S411:实时将当前时间与录入时间相减,获得实时正向时间间隔;S412:若所述实时正向时间间隔在到达正向第一阈值前,接收到了所述开发客户端所输出的处理完成信号,则消除所述漏洞打包信息并生成漏洞处理完成信息;若所述实时正向时间间隔到达了正向第一阈值时,仍未接收到由所述开发客户端输出的处理完成信号,则向所述漏洞打包信息中的开发身份信息所对应的开发客户端输出正向初级提醒信息;S413:若所述实时正向时间间隔在到达正向第二阈值前,接收到所述开发客户端所输出的处理完成信号,则消除所述漏洞打包信息并生成漏洞处理完成信息;若所述实时正向时间间隔在到达正向第二阈值时,仍未接收到由所述开发客户端所输出的处理完成信号,则向所述开发客户端输出正向中级提醒信息;S414:若所述实时正向时间间隔在到达正向第三阈值前,接收到苏搜开发客户端所输出的处理完成信号,则消除所述漏洞打包信息并生成漏洞处理完成信息;若所述实时正向时间间隔在到达正向第三阈值时,仍未接收到由所述开发客户端所输出的处理完成信号,则向所述开发客户端输出正向高级提醒信息。
- 一种计算机可读存储介质,其中,所述计算机可读存储介质上存储有计算机程序,该计算机程序被处理器执行时实现一种漏洞处理跟踪方法;其中,所述漏洞处理跟踪方法包括以下步骤:S1:接收由测试客户端输出的漏洞数据,并记录接收所述漏洞数据的录入时间,根据所述漏洞数据获得测试身份信息和开发身份信息;打包所述录入时间、所述漏洞数据、所述测试身份信息和所述开发身份信息获得漏洞打包信息;S2:根据漏洞规则判断所述漏洞打包信息的漏洞等级;S3:根据所述漏洞等级将所述漏洞打包信息储存在漏洞数据库中;S4:将漏洞打包信息客户端利用处理规则并根据所述漏洞打包信息生成提醒信息,将所述提醒信息输出至所述开发身份信息对应的开发客户端。
- 根据权利要求16所述的计算机可读存储介质,其中,所述步骤S1包括以下步骤:S101:接收由测试客户端输出的漏洞数据,并记录接收到所述漏洞数据时的录入时间;S102:根据所述漏洞数据向所述测试客户端输出测试身份请求;S103:接收由所述测试客户端根据所述测试身份请求输出的测试身份信息,以及开发身份信息;S104:打包所述录入时间、漏洞数据、测试身份信息和开发身份信息获得漏洞打包信息。
- 根据权利要求16所述的计算机可读存储介质,其中,所述步骤S2中的漏洞规则包括漏洞类别,所述漏洞类别分别设定有漏洞等级;所述步骤S2包括利用空间向量模型识别出所述漏洞数据所属的漏洞类别,并根据所述漏洞规则获得所述漏洞类别的漏洞等级。
- 根据权利要求18所述的计算机可读存储介质,其中,所述步骤S2包括以下步骤:S21:创设测试词库,所述测试词库包括按照漏洞类别进行分类的类别词汇集;所述类别词汇集包括功能类词汇集、界面类词汇集、数据类词汇集、流程词汇集、信息词汇集、建议词汇集、性能词汇集、安全词汇集、常识词汇集及特殊词汇集;S22:采用结巴分词组件对所述漏洞数据中漏洞描述项的文本内容进行分词,并获得分词结果;S23:结合所述分词结果和类别词汇集获得类别总词汇集;S24:根据类别总词汇集分别计算分词结果和类别词汇集的词频,并分别获得分词向量以及类别向量;S25:利用空间向量模型余弦算法计算分词向量和类别向量的类别余弦值;对比各类别余弦值,将值最大的类别余弦值所对应类别词汇集作为目标词汇集;根据所述漏洞规则,将所述目标词汇集所对应的漏洞类别的等级,定为漏洞等级。
- 根据权利要求16所述的计算机可读存储介质,其中,所述步骤S4包括以下步骤:提取漏洞数据库中的漏洞打包信息中的开发身份信息,将漏洞数据库中的漏洞打包信息输出至所述开发身份信息所对应的开发客户端;接收所述开发客户端在接收到所述漏洞打包信息时所输出的确认信息;根据所述确认信息获取漏洞数据库中漏洞打包信息的录入时间,将当日24时与所述录入时间相减获得判定时间间隔;其中,处理规则包括逆向处理规则和正向处理规则;若所述判定时间间隔小于或等于判定时间阈值,则进入S40;若所述判定时间间隔大于判定时间阈值,则进入S41;所述S40包括利用逆向处理规则并根据漏洞打包信息生成提醒信息,再将所述提醒信息输出至开发客户端;所述S41包括利用正向处理规则并根据漏洞打包信息生成提醒信息,再将所述提 醒信息输出至开发客户端。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910754314.3A CN110659501A (zh) | 2019-08-15 | 2019-08-15 | 漏洞处理跟踪方法、装置、计算机系统及可读存储介质 |
CN201910754314.3 | 2019-08-15 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021027328A1 true WO2021027328A1 (zh) | 2021-02-18 |
Family
ID=69036866
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2020/087427 WO2021027328A1 (zh) | 2019-08-15 | 2020-04-28 | 漏洞处理跟踪方法、装置、计算机系统及可读存储介质 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110659501A (zh) |
WO (1) | WO2021027328A1 (zh) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110659501A (zh) * | 2019-08-15 | 2020-01-07 | 深圳壹账通智能科技有限公司 | 漏洞处理跟踪方法、装置、计算机系统及可读存储介质 |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120084758A1 (en) * | 2010-10-05 | 2012-04-05 | International Business Machines Corporation | Collaborative Software Debugging In A Distributed System With Client-Specific Variable Evaluation |
CN104346571A (zh) * | 2013-07-23 | 2015-02-11 | 深圳市腾讯计算机系统有限公司 | 安全漏洞管理方法、系统及设备 |
CN104615533A (zh) * | 2015-01-15 | 2015-05-13 | 南京大学 | 一种基于移动即时通讯软件的软件缺陷智能跟踪管理方法 |
CN107463501A (zh) * | 2017-08-11 | 2017-12-12 | 四川长虹电器股份有限公司 | 一种缺陷管理提醒系统及提醒方法 |
CN109274526A (zh) * | 2018-08-31 | 2019-01-25 | 平安科技(深圳)有限公司 | 测试缺陷自动预警方法、装置、计算机设备及存储介质 |
CN109510873A (zh) * | 2018-11-29 | 2019-03-22 | 江苏徐工信息技术股份有限公司 | 一种bug实时监控沟通系统及方法 |
CN109886020A (zh) * | 2019-01-24 | 2019-06-14 | 燕山大学 | 基于深度神经网络的软件漏洞自动分类方法 |
CN110659501A (zh) * | 2019-08-15 | 2020-01-07 | 深圳壹账通智能科技有限公司 | 漏洞处理跟踪方法、装置、计算机系统及可读存储介质 |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5093990B2 (ja) * | 2005-03-28 | 2012-12-12 | Necエンジニアリング株式会社 | バグ管理システム |
JP5121381B2 (ja) * | 2007-10-11 | 2013-01-16 | 株式会社日立システムズ | 保守・管理サービス支援システムにおける品質評価システム |
CN104508677A (zh) * | 2012-07-31 | 2015-04-08 | 惠普发展公司,有限责任合伙企业 | 结合弱点标识符 |
CN109948911B (zh) * | 2019-02-27 | 2021-03-19 | 北京邮电大学 | 一种计算网络产品信息安全风险的评估方法 |
-
2019
- 2019-08-15 CN CN201910754314.3A patent/CN110659501A/zh active Pending
-
2020
- 2020-04-28 WO PCT/CN2020/087427 patent/WO2021027328A1/zh active Application Filing
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120084758A1 (en) * | 2010-10-05 | 2012-04-05 | International Business Machines Corporation | Collaborative Software Debugging In A Distributed System With Client-Specific Variable Evaluation |
CN104346571A (zh) * | 2013-07-23 | 2015-02-11 | 深圳市腾讯计算机系统有限公司 | 安全漏洞管理方法、系统及设备 |
CN104615533A (zh) * | 2015-01-15 | 2015-05-13 | 南京大学 | 一种基于移动即时通讯软件的软件缺陷智能跟踪管理方法 |
CN107463501A (zh) * | 2017-08-11 | 2017-12-12 | 四川长虹电器股份有限公司 | 一种缺陷管理提醒系统及提醒方法 |
CN109274526A (zh) * | 2018-08-31 | 2019-01-25 | 平安科技(深圳)有限公司 | 测试缺陷自动预警方法、装置、计算机设备及存储介质 |
CN109510873A (zh) * | 2018-11-29 | 2019-03-22 | 江苏徐工信息技术股份有限公司 | 一种bug实时监控沟通系统及方法 |
CN109886020A (zh) * | 2019-01-24 | 2019-06-14 | 燕山大学 | 基于深度神经网络的软件漏洞自动分类方法 |
CN110659501A (zh) * | 2019-08-15 | 2020-01-07 | 深圳壹账通智能科技有限公司 | 漏洞处理跟踪方法、装置、计算机系统及可读存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN110659501A (zh) | 2020-01-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108764674B (zh) | 一种基于规则引擎的风险控制方法和装置 | |
Mirakhorli et al. | Detecting, tracing, and monitoring architectural tactics in code | |
Woodcock | First steps in the verified software grand challenge | |
US10310852B2 (en) | Timing estimations for application lifecycle management work items determined through machine learning | |
US7721034B2 (en) | System and method for managing system management interrupts in a multiprocessor computer system | |
US11410448B2 (en) | Predictive analysis systems and methods using machine learning | |
US9183528B2 (en) | Generating a compliance data model for IT control | |
CN113227971A (zh) | 实时应用错误识别和缓解 | |
CN110968437A (zh) | 一种基于Java智能合约的单个合约并行执行的方法、装置、设备及介质 | |
CN110688111A (zh) | 业务流程的配置方法、装置、服务器和存储介质 | |
CN111475494A (zh) | 一种海量数据处理方法、系统、终端及存储介质 | |
US10929108B2 (en) | Methods and systems for verifying a software program | |
CN112634017A (zh) | 远程开卡激活方法、装置、电子设备及计算机存储介质 | |
WO2021027328A1 (zh) | 漏洞处理跟踪方法、装置、计算机系统及可读存储介质 | |
US10540155B1 (en) | Platform-agnostic predictive models based on database management system instructions | |
US20210165907A1 (en) | Systems and methods for intelligent and quick masking | |
WO2016091068A1 (zh) | 一种特殊指令的执行方法及装置 | |
CN110046172A (zh) | 在线计算数据处理方法及系统 | |
US11574150B1 (en) | Data interpretation analysis | |
CN113094414A (zh) | 流转图谱生成方法及装置 | |
CN111489101A (zh) | 基于大数据的订单审核方法、装置、设备和介质 | |
US11748354B2 (en) | Data shape confidence | |
CN111461873A (zh) | 资金计划的校验方法、装置、服务器和存储介质 | |
US20180129486A1 (en) | System and method for estimating programming capability | |
US20230060245A1 (en) | System and method for automated account profile scoring on customer relationship management platforms |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20851595 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20851595 Country of ref document: EP Kind code of ref document: A1 |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 050822) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20851595 Country of ref document: EP Kind code of ref document: A1 |