Mastercard Incorporated
Security vulnerability analytics engine

Abstract:

Vulnerability data is classified as described herein. A finding object is created based on vulnerability data associated with a vulnerability finding and that finding object is populated with property values based on the vulnerability data. Technical owner rules associated with a plurality of technical owners are evaluated based on the property values of the finding object and a technical owner is assigned to the finding object based on the evaluated technical owner rules. Once a technical owner is assigned, the finding object is provided to a governance, risk, and compliance (GRC) module for distribution of the vulnerability finding to the assigned technical owner for remediation. Classification of vulnerability data using the described property values and technical owner rules provides an efficient, accurate, and automated way of distributing vulnerability findings of large, complex code bases to teams for remediation.