Computer system firmware can be extremely complex. For example, the source code for a firmware for a modern computing system can be in excess of a million lines of source code. At the same time, because computer system firmware is the root of trust for a computing system, it is imperative that the firmware be completely free from security vulnerabilities. A security vulnerability is an unintended flaw in a firmware that leaves the firmware open to the potential for exploitation in the form of unauthorized access or malicious behavior, such as viruses, worms, Trojan horses, or other forms of malware.
It is not uncommon today for security researchers or other types of users to identify security vulnerabilities within computer system firmware. Identified security vulnerabilities can be publicly reported or reported directly to the developer of the firmware. In response to receiving a report of a security vulnerability, the developer of the firmware can create a patch to the source code of the firmware that addresses the security vulnerability. Given the size and complexity of the source code for a firmware, the possibility of numerous versions and configurations of firmware, and the potentially large number of security vulnerabilities, it can, however, be difficult to identify the patches that have, and have not, been applied to a particular version of a computer system firmware.
It is with respect to these and other considerations that the disclosure made herein is presented.