SWAMP: Improving software assurance activities

  • 31 July 2014
  • 2 replies
  • 486 views

Userlevel 6
Published 30 July 2014 Homeland Security News
 The Software Assurance Market Place, or SWAMP, is an online, open-source, collaborative research environment that allows software developers and researchers to test their software for security weaknesses, improve tools by testing against a wide range of software packages, and interact and exchange best practices to improve software assurance tools and techniques. The Software Assurance Market Place, or SWAMP, is an online, open-source, collaborative research environment that allows software developers and researchers to test their software for security weaknesses, improve tools by testing against a wide range of software packages, and interact and exchange best practices to improve software assurance tools and techniques. “The goal of the SWAMP is to aid in the development of a healthier and safer cyber environment, and that starts with creating better quality software,” said Kevin Greene, Department of Homeland Security Science and Technology Directorate (S&T), Cyber Security Division, SWAMP Program Manager. “We’re doing something unique, we’re providing software developers the opportunity to test software and leverage multiple software analysis tools together in one space to improve the accuracy of their results.” Full story 

2 replies

Userlevel 7
This is a extra layer for the developers to cross check their software for accuracy and coding errors, in the long run this the consumer will benefit from good software applications
Userlevel 7
The following article is a update on Improving Software assuranc

(Software Assurance: Time to Raise the Bar on Static Analysis)

By Kevin E. Greene  Posted on 9/30/2014
 
The results from tools studies suggest that using multiple tools together can produce more powerful analytics and more accurate results.
 I had an interesting conversation recently about the after-effects of Heartbleed and the challenges facing static analysis with Barton Miller, the chief scientist of the Software Assurance Marketplace (SWAMP), which is a project I’m sponsoring at the Department of Homeland Security to improve software quality, and raise the bar of static analysis capabilities.
I wanted to know if the problems associated with static analysis can be attributed to a lackluster analysis engine. Are the core engines in static analysis tools robust enough to keep pace with the complexity and size of modern software? Obviously, these tools appear to be lacking in depth and breadth, which results in oversimplifying, which may lead tools to make inaccurate assumptions about code; as a result they miss (simple) things and produce a generous amount of false-positives.
 
 
DarkReading/article/ http://www.darkreading.com/application-security/software-assurance-time-to-raise-the-bar-on-static-analysis-/a/d-id/1316159?

Reply