PATCH GENERATION FOR FLAWS IN SOFTWARE

§101 §112

Notice of Pre-AIA or AIA Status The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA . DETAILED ACTION An effective filing date of 05/16/2023 is acknowledged. Claims 1 – 20 are pending. Claims 1 – 20 will be allowed after they are amended to overcome 35 USC 112(b) and 35 USC 101 rejections. Claim Objections Claims 1 – 20 are objected to because of the following informalities: Claim 1 Line 2; change “comprised by” to --of--. After line 2, remove all occurrences of “comprised by the software application” because this phrase is redundant. Line 7; remove “the” in front of “version of the software”. Line 13; change “a similar” to --the--. Claim 2 The claim is dependent claim of claim 1; therefore, it inherits issues of claim 1. Claim 3 Line 4; remove “comprised by the software application”. Claim 4 Remove all occurrences of “comprised by the software application” Line 1; insert --the-- before “determining”. Claim 5 Remove all occurrences of “comprised by the software application” Line 2; insert --the-- before “determining”. Claim 6 Remove all occurrences of “comprised by the software application”. Line 2; insert --the-- before “determining”. Claim 7 Line 4; insert --the-- before “generating”. Line 5; remove “the” before “one”. Claim 8 Remove all occurrences of “comprised by the software application”. Line 1; insert --the-- before “identifying”. Claim 9 Remove all occurrences of “comprised by the software application”. Claim 10 The claim is dependent claim of claim 1; therefore, it inherits issues of claim 1. Claim 11 Remove all occurrences of “comprised by the software application” Line 1; insert --the-- before “identifying” Claim 12 Remove all occurrences of “comprised by the software application” Claim 13 Line 4; change “comprised by” to --of--. After line 4, remove all occurrences of “comprised by the software application” because this phrase is redundant. Line 9; remove “the” in front of “version of the software” Line 15; change “a similar” to --the--. Claim 14 Line 2; insert --the-- before “identifying”. Line 5; remove “comprised by the software application”. Claim 15 Remove all occurrences of “comprised by the software application”. Line 2; insert --the-- before “determining”. Claim 16 Remove all occurrences of “comprised by the software application”. Line 1; insert --the-- before “determining”. Claim 17 Remove all occurrences of “comprised by the software application”. Line 1; insert --the-- before “determining”. Claim 18 Line 5; insert --the-- before “generating”. Line 6; remove “the” before “one”. Claim 19 Remove all occurrences of “comprised by the software application”. Claim 20 Line 3; change “comprised by” to --of--. After line 3, remove all occurrences of “comprised by the software application” because this phrase is redundant. Line 8; remove “the” in front of “version of the software”. Line 14; change “a similar” to --the--. Appropriate correction is required. Claim Rejections - 35 USC § 112 The following is a quotation of 35 U.S.C. 112(b): (b) CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention. The following is a quotation of 35 U.S.C. 112 (pre-AIA ), second paragraph: The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the applicant regards as his invention. Claims 1 – 20 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA 35 U.S.C. 112, the applicant), regards as the invention. Claims 1, 13, and 20 Claims 1, 13, and 20 recite limitations “identifying a first set of versions of the software component that comprises the weakness, the first set of versions of the software component comprising the version of the software component comprised by the software application; determining a code difference between (a) an earliest release date of a second set of versions of the software component that is absent the weakness and (b) a latest release date of the first set of versions of the software component that comprises the weakness.” It is not clear “that” in “that comprises the weakness” (claim 1: line 6; claim 13: line 8; and claim 20: line 7) refers to “first set of versions” or “the software component.” It is not clear “that” in “that is absent the weakness” (claim 1: line 10; claim 13: line 12, and claim 20: line 11) refers to “a second set of versions” or “the software component.” It is not clear “that” in “that comprises the weakness” (claim 1: line 11; claim 13: line 13; and claim 20: line 12) refers to “first set of versions” or “the software component.” In other words, “that” in “that comprises the weakness” and “that is absent the weakness” is a term which renders claims 1, 13, and 20 indefinite. These limitations of claims 1, 13, and 20 are considered to read as: --identifying a first set of versions of the software component,wherein the first set of versions comprises the weakness, the first set of versions of the software component comprising the version of the software component determining a code difference between (a) an earliest release date of a second set of versions of the software component,wherein the second set of versions is absent the weakness and (b) a latest release date of the first set of versions of the software component,wherein the first set of versions comprises the weakness;-- Claims 2 – 12 and 14 – 19 Claims 2 – 12 and 14 – 19 are dependent claims of claims 1 and 13 respectively; therefore, they are also rejected under 35 U.S.C. 112(b). Claim Rejections - 35 USC § 101 35 U.S.C. 101 reads as follows: Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and requirements of this title. Claims 1 – 20 are rejected under 35 U.S.C. 101 because the claimed invention is directed to a judicial exception (i.e., a law of nature, a natural phenomenon, or an abstract idea) without significantly more. Claim 1 Step 1 The claim is statutory because it is directed to a method. Step 2A, prong 1 The claim recites limitations “identifying a weakness in a software component comprised by a software application, wherein the software component … is one version of a plurality of versions of the software component, and wherein each version of the plurality of versions of the software component has a corresponding release date; identifying a first set of versions of the software component,wherein the first set of versions comprises the weakness, the first set of versions of the software component comprising the version of the software component determining a code difference between (a) an earliest release date of a second set of versions of the software component,wherein the second set of versions is absent the weakness and (b) a latest release date of the first set of versions of the software component,wherein the first set of versions comprises the weakness; selecting a target software component having a similar weakness” These limitations directed to concept of collecting and analyzing data (Electric Power Group, LLC v. Alstom S.A., 830 F.3d 1350, 1354-55, 119 USPQ2d 1739, 1742 (Fed. Cir. 2016)). This concept can be reasonably performed mentally through human observation and evaluation. The steps of “identifying a weakness in a software component …; identifying a first set of versions of the software component …; determining a code difference …; and selecting a target software component having a similar weakness” collect versions of the software component, rely on human mental observation of the versions to identify weakness and the first set of versions of the software component, human recognitions of code differences between versions of the software component and human mentally selecting the target software. Thus, these limitations are directed to a mental process. Step 2A, prong 2 The claim further recites additional limitations “generating a fix from the code difference and patching the target software component with the fix.” The additional limitations simply generate code and update the software and are insignificant extra-solution activity within the overall process. Thus, the additional limitations are not indicative of an integration into a practical application. Steps 2B The claim as a whole is not amounted to significantly more than the judicial exception. Claim 1 is directed to an abstract idea. Therefore, claim 1 is not patent eligible. Analyses of claims 2 – 12 as follow: Claim 2 The claim recites “the fix comprises a plurality of fixes, each fix of the plurality of fixes comprises one or more of a code addition, code deletion, code reordering, or code alteration” The limitation defines the fix. Thus, the limitation is insignificant extra-solution activity, and it is not integrated into a practical application because they do not impose any meaningful limits on practicing the abstract idea. So, it does not include any additional element that is sufficient to amount to significantly more than the judicial exception. Claim 3 The claim recites “… accessing a weakness database and obtaining therefrom a set of weakness and a corresponding set of weak software components; and … matching entries in a build-list used to build the software application to the corresponding set of weak software components.” “accessing and obtaining” as mere data gathering constituting and Insignificant Extra-Solution Activity. “matching” relies on human observation and judgment; thus, it covers performance of the limitation in the mind. In other words, they are not integrated into a practical application because they do not impose any meaningful limits on practicing the abstract idea. So, they do not include any additional element that is sufficient to amount to significantly more than the judicial exception. Claim 4 The claim recites limitations “determining the code difference between a plurality of the second set of versions of the software component … and the first set of versions of the software component …” The limitations determine code difference. The limitations rely on human observation and judgment; thus, it covers performance of the limitation in the mind. In other words, they are not integrated into a practical application because they do not impose any meaningful limits on practicing the abstract idea. So, they do not include any additional element that is sufficient to amount to significantly more than the judicial exception. Claim 5 The claim recites limitations “determining a plurality of code differences between the plurality of the second set of versions … and the first set of versions of the software component …” The limitations determine code differences. The limitations rely on human observation and judgment; thus, it covers performance of the limitation in the mind. In other words, they are not integrated into a practical application because they do not impose any meaningful limits on practicing the abstract idea. So, they do not include any additional element that is sufficient to amount to significantly more than the judicial exception. Claim 6 The claim recites limitations “determining a plurality of code differences between the earliest release date of the second set of versions of the software component … and the latest release date of the first set of versions …” The limitations determine code differences. The limitations rely on human observation and judgment; thus, it covers performance of the limitation in the mind. In other words, they are not integrated into a practical application because they do not impose any meaningful limits on practicing the abstract idea. So, they do not include any additional element that is sufficient to amount to significantly more than the judicial exception. Claim 7 The claim recites limitations “analyzing each of the plurality of code differences to determine a probability of resolving the weakness; and … generating the fix utilizing the one of the plurality of code differences having the highest probability of resolving the weakness.” The limitations analyze code differences and generate the fix. The limitations rely on human observation and judgment of data, and human generating code by use of paper and pen. Thus, it covers performance of the limitation in the mind. In other words, they are not integrated into a practical application because they do not impose any meaningful limits on practicing the abstract idea. So, they do not include any additional element that is sufficient to amount to significantly more than the judicial exception. Claim 8 The claim recites limitations “performing static application security testing (SAST) on each version of the superset of versions of the software component … and obtaining a weakness presence indicator from the SAST.” The limitations scan and analyze version of software component to gather data. The limitations rely on human observation, evaluation, and judgment of data. Thus, it covers performance of the limitation in the mind. In other words, they are not integrated into a practical application because they do not impose any meaningful limits on practicing the abstract idea. So, they do not include any additional element that is sufficient to amount to significantly more than the judicial exception. Claim 9 The claim recites limitations “performing static application security testing (SAST) on each version of the superset of versions of the software component … and obtaining a weakness presence indicator from the SAST.” The limitations scan and analyze version of software component to gather data. The limitations rely on human observation, evaluation, and judgment of data. Thus, it covers performance of the limitation in the mind. In other words, they are not integrated into a practical application because they do not impose any meaningful limits on practicing the abstract idea. So, they do not include any additional element that is sufficient to amount to significantly more than the judicial exception. Claim 10 The claim recites limitations “upon generating the fix from the code difference, performing static application security testing (SAST) and obtaining a weakness resolution indicator from the SAST; and upon the weakness resolution indicator being above a previously determined threshold, patching the software component with the fix.” The limitations scan and analyze the fix to gather data. The limitations rely on human observation, evaluation, and judgment of data. Thus, it covers performance of the limitation in the mind. The limitations further patch the software component. This is just an insignificant extra-solution activity. In other words, they are not integrated into a practical application because they do not impose any meaningful limits on practicing the abstract idea. So, they do not include any additional element that is sufficient to amount to significantly more than the judicial exception. Claim 11 The claim recites limitations “identifying a comment associated therewith and indicating the weakness is present.” The limitations identify comment and recognize weakness. The limitations rely on human observation, evaluation, and judgment of data. Thus, it covers performance of the limitation in the mind. In other words, they are not integrated into a practical application because they do not impose any meaningful limits on practicing the abstract idea. So, they do not include any additional element that is sufficient to amount to significantly more than the judicial exception. Claim 11 The claim recites limitations “identifying a comment associated therewith and indicating the weakness is present.” The limitations identify comment and recognize weakness. The limitations rely on human observation, evaluation, and judgment of data. Thus, it covers performance of the limitation in the mind. In other words, they are not integrated into a practical application because they do not impose any meaningful limits on practicing the abstract idea. So, they do not include any additional element that is sufficient to amount to significantly more than the judicial exception. Claims 13 and 20 Claim 13 is statutory because it is directed to a device. Claim 20 is statutory because it is directed to a product. These claims recite limitations in the same manner as claim 1; therefore, they are rejected for the same reasons. Furthermore, they recite additional elements “a processor, a memory, and a non-transient computer readable medium.” These additional elements are recited as high level of generality and used as a tool to perform the limitations. Thus, the additional element is not indicative of an integration into a practical application. Claims 14 – 19 recite limitations in the same manner as claims 3 – 8 respectively; therefore, they are also rejected for the same reasons. Allowable Subject Matter Claims 1 – 20 will be allowed after they are amended to overcome 35 USC 112(b) and 35 USC 101 rejections. Claim 1 MU (CN 113010199 A) teaches “A computer-implemented method, comprising: identifying a weakness in a software component comprised by a software application, wherein the software component comprised by the software application is one version of a plurality of versions of the software component, identifying a first the software component ,wherein the first comprises the weakness, the first the software component comprising the version of the software component determining a code difference between (a) a second the software component ,wherein the second is absent the weakness and (b) the first the software component ,wherein the first comprises the weakness; generating a fix from the code difference; selecting a target software component having a similar weakness; and patching the target software component with the fix.” BAINVILLE et al. (Pub. No. US 2019/0155598 A1) teaches “A computer-implemented method, comprising: identifying a software component comprised by a software application, wherein the software component comprised by the software application is one version of a plurality of versions of the software component, ; identifying a first set of versions of the software component ,wherein the first set of versions , the first set of versions of the software component comprising the version of the software component comprised by the software application; determining a code difference between (a) a second the software component ,wherein the second is and (b) the first set of versions of the software component ,wherein the first set of versions ; generating a fix from the code difference; selecting a target software component having a similar weakness; and patching the target software component with the fix.” LIU et al. (Pub. No. US 2024/0111512 A1) teaches “each version of the plurality of versions of the software component has a corresponding release date; an release date of the software component ,wherein is absent the weakness; a release date of of the software component ,wherein comprises the weakness.” But MU, BAINVILLE, and LIU, either in combination or alone, do not teach limitations "identifying a first set of versions of the software component,wherein the first set of versions comprises the weakness, the first set of versions of the software component comprising the version of the software component determining a code difference between (a) an earliest release date of a second set of versions of the software component,wherein the second set of versions is absent the weakness and (b) a latest release date of the first set of versions of the software component,wherein the first set of versions comprises the weakness; generating a fix from the code difference." These claimed limitations are not present in the prior art of record and would not have been obvious; thus, claim 1 and its dependent claims are allowed. Claim 13 and 20 These claims recite limitations in the same manner as claim 1; therefore, they and their dependent claims are also allowed for the same reasons. Conclusion Any inquiry concerning this communication or earlier communications from the examiner should be directed to CUONG V LUU whose telephone number is (571)270-1733. The examiner can normally be reached 6:30 AM - 3:00 PM. Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice. If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Hyung S. Sough can be reached at (571) 272-6799. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300. Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. /CUONG V LUU/Examiner, Art Unit 2192 /S. Sough/SPE, Art Unit 2192