Obviousness

The provided patent text for US11892897 does not include a dedicated "Prior Art" section that lists specific prior art documents (e.g., patent numbers, publication numbers, or academic papers) for analysis. While the "BACKGROUND" section discusses the general state of the art and "previous work," it does not cite specific references that could be combined to establish obviousness under 35 U.S.C. § 103.

Therefore, I cannot identify combinations of specific prior art references that would render the claims obvious or explain the motivation to combine them, as no such references are provided within the scope of the patent text given for this analysis.

However, based on the general discussion of the background art within US11892897, the patent acknowledges the following:

• An increasing number of software vulnerabilities are disclosed annually, leading to a need for prioritization for patching [cite: The present disclosure generally relates to assessing the likelihood of exploitation of software vulnerabilities, and in particular to systems and methods for predicting which software vulnerabilities will be exploited by malicious hackers and hence prioritized by patching., An increasing number of software vulnerabilities are discovered and publicly disclosed every year.].
• Standard risk assessment systems like Common Vulnerability Scoring System (CVSS), Microsoft Exploitability Index, and Adobe Priority Rating report many vulnerabilities as severe but are overly cautious, leading to many false positives and not effectively alleviating the prioritization problem [cite: Standard risk assessment systems such as Common Vulnerability Scoring System (CVSS), Microsoft Exploitability Index, Adobe Priority Rating report many vulnerabilities as severe and will be exploited to be on the side of caution. This does not alleviate the problem much since the majority of the flagged vulnerabilities will not be attacked.]. These systems are not effective predictors of actual exploitation [cite: Further, previous work has found that the CVSS score provided by NIST is not an effective predictor of vulnerabilities being exploited.].
• The concept of using "social media, darkweb markets and certain white-hat websites" for exploit prediction has been previously proposed as alternatives to traditional methods [cite: It has previously been proposed that other methods such as the use of social media, darkweb markets and certain white-hat websites would be suitable alternatives.].
• However, previous proposals for using these alternative data sources had limitations, such as "methodical concerns on the use of social media for exploit prediction," "data feeds for proactive exploit prediction were limited to single sites that provided a relatively small number of predictions," and "other work demonstrates the viability of data collection but does not quantify the results of prediction" [cite: However, this previous work has its limitations., For instance, methodical concerns on the use of social media for exploit prediction were recently raised; data feeds for proactive exploit prediction were limited to single sites that provided a relatively small number of predictions; and other work demonstrates the viability of data collection but does not quantify the results of prediction.].

Without specific prior art references that detail these previously proposed methods and their limitations, a concrete obviousness analysis under 35 U.S.C. § 103, including identified combinations and motivations, cannot be performed.