Ex Parte Chen et alDownload PDFPatent Trial and Appeal BoardNov 14, 201713914355 (P.T.A.B. Nov. 14, 2017) Copy Citation United States Patent and Trademark Office UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O.Box 1450 Alexandria, Virginia 22313-1450 www.uspto.gov APPLICATION NO. FILING DATE FIRST NAMED INVENTOR ATTORNEY DOCKET NO. CONFIRMATION NO. 13/914,355 06/10/2013 Liqun CHEN 83200323 6595 56436 7590 11/16/2017 Hewlett Packard Enterprise 3404 E. Harmony Road Mail Stop 79 Fort Collins, CO 80528 EXAMINER ZHU, ZHIMEI ART UNIT PAPER NUMBER 2495 NOTIFICATION DATE DELIVERY MODE 11/16/2017 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address(es): hpe.ip.mail@hpe.com chris. mania @ hpe. com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte LIQUN CHEN and NIGEL EDWARDS Appeal 2016-007732 Application 13/914,355 Technology Center 2400 Before MICHAEL J. STRAUSS, AARON W. MOORE, and PHILLIP A. BENNETT, Administrative Patent Judges. STRAUSS, Administrative Patent Judge. DECISION ON APPEAL Appeal 2016-007732 Application 13/914,355 STATEMENT OF THE CASE Appellants appeal under 35 U.S.C. § 134(a) from a rejection of claims 1, 3—5, 7, and 9-19. Claims 2, 6, and 8 are canceled. We have jurisdiction under 35 U.S.C. § 6(b). We affirm. THE INVENTION The claims are directed to estimating a quantity of exploitable security vulnerabilities in a release of an application. Spec., Title. Claim 1, reproduced below, is representative of the claimed subject matter: 1. A system comprising: a source code engine to acquire, from a source code analysis system, a source code analysis result representing a number of source code issues identified by the source code analysis system in a target release of an application; an acquisition engine to acquire predictive information at least partially representing a predictive function relating a plurality of exploitable security vulnerability reporting rates for a plurality of historic releases of the application predating the target release, to a plurality of issue density values for the historic releases of the application, wherein the issue density value for a respective historic release of the historic releases is based on a number of issues for the respective historic release relative to a size of the respective historic release; and an estimate engine to determine an estimate of an exploitable security vulnerability reporting rate of the target release of the application based on the source code analysis result and the predictive information, wherein the source code engine, the acquisition engine, and the estimate engine comprise at least one hardware processor. 2 Appeal 2016-007732 Application 13/914,355 REFERENCES The prior art relied upon by the Examiner in rejecting the claims on appeal is: Hall US 2005/0283834 A1 Dec. 22,2005 Sharma US 2013/0311968 A1 Nov. 21,2013 Huang US 2014/0201573 A1 July 17, 2014 Nachiappan Nagappan, Thomas Ball, and Andreas Zeller, Mining Metrics to Predict Component Failures, in Proceedings of the 28th International Conference on Software Engineering (ICSE ’06) ACM, New York, NY, 452-461 (2006) (“Nagappan”). REJECTIONS The Examiner made the following rejections: Claims 1, 3—5, 7, 9, 10, and 16—18 stand rejected under 35 U.S.C. § 103 as being unpatentable over Sharma and Hall. Ans. 2—6. Claim 11 stands rejected under 35 U.S.C. § 103 as being unpatentable over Sharma, Hall, and Huang. Ans. 7—8. Claims 12—15 and 19 stand rejected under 35 U.S.C. § 103 as being unpatentable over Sharma, Hall, and Nagappan. Ans. 8—11. APPELLANTS’ CONTENTION Sharma’s code complexity, code chum, and process metrics fail to teach or suggest issue density values that are based on a number of issues for a respective historic release relative to a size of the respective historic release, as required by the independent claims. App. Br. 6—7. ANALYSIS Appellants’ arguments are unpersuasive of Examiner error. We adopt as our own (1) the findings and reasons set forth by the Examiner in the 3 Appeal 2016-007732 Application 13/914,355 action from which this appeal is taken (Ans. 2—11) and (2) the reasons set forth by the Examiner in the Examiner’s Answer in response to Appellants’ Appeal Brief (Ans. 11—18) and concur with the conclusions reached by the Examiner. We highlight the following for emphasis. The Examiner finds that, although Sharma discloses using “issue count values instead of issue density values,” because the reference further discloses that an increase in the number bugs in proportion to the size of the software project does not necessarily signal “any significant problem with the current software development,” the combination teaches or suggests the disputed issue density values. Final Act. 4—5. In particular, the Examiner explains: [I]t would have been obvious to one of ordinary skill in the art to convert the source code issue (e.g., global variable) count value taught by Sharma into a source code issue density value, wherein the issue density value for a respective historic release of the historic releases is based on a number of issues for the respective historic release relative to a size of the respective historic release, as alluded by Sharma to predictably improve the estimation accuracy by taking into account the “volume” or size of software code being analyzed. Final Act. 5. Appellants contend the disputed issue density values are neither disclosed (App. Br. 8—9) nor rendered obvious (App. Br. 9—11) by Sharma. Appellants argue “[i]n Sharma, the statistical model correlates code complexity, code chum, or process metrics (none of which constitutes issue density values based on a number of issues for a respective historic release relative to a size of the respective historic release) to reporting rates” and, therefore, these metrics fail to teach or suggest the recited issue density values. App. Br. 9. Appellants further argue the Examiner’s explanation for 4 Appeal 2016-007732 Application 13/914,355 why Sharma renders obvious the use of issue density values in place of issue count values is inadequate because Sharma’s disclosed model does not employ issue density values. App. Br. 10. Appellants conclude “a person of ordinary skill in the art would have been led by Sharma to implement a model that correlates code complexity, code chum, and process metrics (not issue density values) to observed software defect rates.” Id. The Examiner’s response substantially repeats the explanation provided in the Final Action as described supra. Ans. 11—14. The Examiner further disputes Appellants’ argument that, because Sharma’s model uses issue count values, “a person of ordinary skill in the art would not have been led to modify the model of Sharma [to instead use issue density values].” Ans. 14—15 (addressing Appellants’argument at App. Br. 10). The Examiner characterizes Appellants’ further argument as alleging a “teaching away” which, in the absence of criticism, discrediting, or discouragement to make the modification, is not persuasive. Ans. 15. The Examiner cites MPEP § 2123: “[t]he prior art’s mere disclosure of more than one alternative does not constitute a teaching away from any of these alternatives because such disclosure does not criticize, discredit, or otherwise discourage the solution claimed . . . .” Ans. 15, additionally citing In re Fulton, 391 F.3d 1195, 1201 (Fed. Cir. 2004). Appellants’ contentions are unpersuasive of Examiner error. We agree with the Examiner in finding Sharma’s global variables teach, or at least suggest, a code issue count value. Ans. 2—3. We further agree Sharma’s description of the relationship of the number of bugs being proportional to software project size without signaling a commensurate increase in problems (i.e., exploitable security vulnerabilities) teaches or suggests taking into 5 Appeal 2016-007732 Application 13/914,355 account the volume or size of a software application with respect to a code issue count value and, accordingly, use of a problem or issue density value (i.e., relative value) instead of an absolute count value regardless of project size. Ans. 4, 11—13. We still further agree with the Examiner in concluding it would have been obvious to use a code issue density value as taught by Sharma instead of a code issue count value, as used in Sharma’s model, “in order to achieve the benefit of taking into account the ‘volume’ or size of a software application desired.” Ans. 4. We are also unpersuaded by Appellants’ argument the combination is improper because the model disclosed by Sharma uses an absolute count value rather than a density metric (App. Br. 10), for the reasons set forth by the Examiner. See Ans. 14—15. Teaching an alternative method does not teach away from the use of a claimed method. See In re Dunn, 349 F.2d 433, 438 (CCPA 1965); see also Ex parte Shuping, No. 2008-0394, 2008 WL 336222, at *2 (BPAI 2008) (“[Tjeaching a way is not teaching away.”) (citation omitted). Appellants’ contentions of error in connection with the rejection of independent claim 12 (App. Br. 12—13) are repetitive of those presented in connection with independent claim 1 and are unpersuasive for similar reasons as those discussed supra. Appellants’ contention of error in connection with the rejection of claim 15 is based on the disputed issue density value limitation (App. Br. 13—14) and is also unpersuasive for the reasons discussed supra. Accordingly, we sustain the rejections of independent claims 1 and 12 and dependent claim 15 under 35 U.S.C. § 103, together with the rejections of independent claim 7 and dependent claims 3— 6 Appeal 2016-007732 Application 13/914,355 5, 9-11, 13, 14, and 16—19 which are not argued separately with particularity. DECISION We affirm the Examiner’s decision to reject claims 1, 3—5, 7, and 9-19 under 35 U.S.C. § 103(a). No time period for taking any subsequent action in connection with this appeal may be extended under 37 C.F.R. § 1.136(a)(l)(iv). See 37 C.F.R. § 41.50(f). AFFIRMED 7 Copy with citationCopy as parenthetical citation
