• SWAMP—A Tool for Software Assurance

• The Software Assurance Marketplace, or “SWAMP,” opened in February 2014 to provide a resource for software developers, software assurance tool developers, infrastructure operators and software researchers to perform continuous assurance (CSwA) testing, and to collaborate and improve software assurance in a secure operating environment. Offerings include cloud security, cybersecurity, education, and open source.
• The “SWAMP” is a national software assurance resource funded by a grant from the Department of Homeland Security Science and Technology Directorate. Miron Livny will serve as its director and chief technology officer. It is housed in the Morgridge Institute for Research at the University of Wisconsin-Madison. Other participants include the Indiana University Center for Applied Cybersecurity Research, the University of Wisconsin Computer Sciences Department and the National Center for Supercomputing Applications at the University of Illinois, Urbana -Champaign.
• The SWAMP offers continuous, automated access to assessment capabilities including the assessment of Java, C and C++ software against five static analysis tools. The SWAMP’s first set of tools include FindBugs, PMD, Clang, CppCheck and GCC and eight platforms. Results are displayed via Secure Decisions’ CodeDx vulnerability results viewer. Over the next five years, the SWAMP will add mobile, dynamic and binary analysis tools and more assessment capabilities.
• According to Kevin Greene, DHS’s software assurance program manager, “We see widespread adoption of the SWAMP as having a profound, positive impact on software systems and applications that powers our critical infrastructure. Better assurance practices lead to better security, it’s that simple.” He adds, “The SWAMP collaboration is a great example of the public and private sector coming together to advance improvements in software assurance activities to deal with emerging cyber threats.” (ID#:14-1230)

•  News article about SWAMP. University of Illinois National Supercomputing Center. http://www.ncsa.illinois.edu/news/story/ncsa_helps_launch_resource_to_fight_cybercrime

•  To learn more about SWAMP, visit http://www.continuousassurance.org

• The U.S. Army Research Laboratory (ARL) has established a Collaborative Research Alliance (CRA) comprised of ARL, U.S. Army Communications-Electronics Research, Development and Engineering Center, academia and industry researchers to study cyber science issues as they relate to Army networks. Led by Pennsylvania State University, the CRA also includes Carnegie Mellon University, Indiana University, the University of California at Davis, and the University of California Riverside. "The CRA gives us an opportunity to jointly advance the theoretical foundations of a science of cybersecurity in the context of Army networks. Such a science will eventually lead to network defense strategies and empirically validated tools. Substantial interactions and staff rotations between domain experts and scientists across the consortium and ARL will be vital to enable the joint research that will ensure the success of the program," said Dr. Ananthram Swami, the Collaborative Alliance Manager for the CRA. (ID#:14-1231) See http://www.arl.army.mil/www/default.cfm?article=2382

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.