light bulb

Did You Know?



Reply
Posts: 902
Registered: ‎06-20-2014

SWAMP: Improving software assurance activities

Published 30 July 2014 Homeland Security News
 
The Software Assurance Market Place, or SWAMP, is an online, open-source, collaborative research environment that allows software developers and researchers to test their software for security weaknesses, improve tools by testing against a wide range of software packages, and interact and exchange best practices to improve software assurance tools and techniques.
 
The Software Assurance Market Place, or SWAMP, is an online, open-source, collaborative research environment that allows software developers and researchers to test their software for security weaknesses, improve tools by testing against a wide range of software packages, and interact and exchange best practices to improve software assurance tools and techniques.
 
“The goal of the SWAMP is to aid in the development of a healthier and safer cyber environment, and that starts with creating better quality software,” said Kevin Greene, Department of Homeland Security Science and Technology Directorate (S&T), Cyber Security Division, SWAMP Program Manager. “We’re doing something unique, we’re providing software developers the opportunity to test software and leverage multiple software analysis tools together in one space to improve the accuracy of their results.”
 
 

sig



Experience Shared is Knowledge Shared, Share Yours! I'm a volunteer – my reward is your SMILE!:smileyvery-happy:


Helpful Webroot Links:


                         Submit Trouble Ticket • User Guides • BrightCloud URL lookup • Account Console 

Download (PC) • Download (Best Buy/Geek Squad Subscription) • Download (Walmart and Target) • Download (MSN Subscription) 


                                         Register and Introduce yourself to The Community!

Posts: 3,179
Topics: 1,942
Kudos: 2,276
Blog Posts: 0
Registered: ‎06-02-2014

Re: SWAMP: Improving software assurance activities

This is a extra layer for the developers to cross check their software for accuracy and coding errors, in the long run this the consumer will benefit from good software applications

Community Leader

Posts: 3,179
Topics: 1,942
Kudos: 2,276
Blog Posts: 0
Registered: ‎06-02-2014

Re: SWAMP: Improving software assurance activities

The following article is a update on Improving Software assuranc

(Software Assurance: Time to Raise the Bar on Static Analysis)

By Kevin E. Greene  Posted on 9/30/2014

 

The results from tools studies suggest that using multiple tools together can produce more powerful analytics and more accurate results.

 

I had an interesting conversation recently about the after-effects of Heartbleed and the challenges facing static analysis with Barton Miller, the chief scientist of the Software Assurance Marketplace (SWAMP), which is a project I’m sponsoring at the Department of Homeland Security to improve software quality, and raise the bar of static analysis capabilities.

I wanted to know if the problems associated with static analysis can be attributed to a lackluster analysis engine. Are the core engines in static analysis tools robust enough to keep pace with the complexity and size of modern software? Obviously, these tools appear to be lacking in depth and breadth, which results in oversimplifying, which may lead tools to make inaccurate assumptions about code; as a result they miss (simple) things and produce a generous amount of false-positives.

 

 

DarkReading/article/ http://www.darkreading.com/application-security/software-assurance-time-to-raise-the-bar-on-static-a...

Community Leader