A method, system, and computer program product for the automatic detection
and fixing of security vulnerabilities in both individual software
components and across complex, multi-component software solutions. The
architecture of the software solution to be monitored is analyzed prior
to its being monitored. Data derived from the analysis is used to
proactively identify possible ways to attack the software solution. The
software solution being monitored and the system on which it runs is
periodically scanned, and attacks on it are attempted. A list of possible
attacks is continuously updated, for example, in a manner similar to
virus signatures provided by virus security companies, and a log is
generated describing which attacks were successful and which ones failed.