Cybersecurity: SWAMP Helps Find Software Vulnerabilities

    July 30, 2014
    The Software Assurance Market Place aims to help software developers make their programs more secure by finding weaknesses such as Heartbleed-like vulnerabilities. 

    Cybersecurity is a continuing worry, especially with attacks such as the Stuxnet virus, which reportedly ruined several of Iran's nuclear centrifuges by worming its way into plants' industrial programmable logic controllers (PLCs). An organization called the Software Assurance Market Place or SWAMP aims to help users make their software more secure by finding weaknesses such as Heartbleed-like vulnerabilities.

    The program is an online, open-source, collaborative research setting intended to let software developers and researchers test their software for security weaknesses, improve tools by testing against a wide range of software packages, and interact and exchange best practices to improve software assurance tools and techniques.

    "SWAMP's goal is to help develop a healthier and safer cyber environment, and that starts with creating better quality software,” says Kevin Greene, Department of Homeland Security Science and Technology Directorate , Cyber Security Division, SWAMP Program Manager.

     SWAMP lets users address weaknesses in the software through an assessment platform comprising the open-source tools PMD, FindBugs, CppCheck, GCC, and Clang, as well as more than 100 open-source software packages. The program intends to expand its tool repository in the future to include dynamic and binary code assessments, commercial software analysis tools, and mobile platforms, as well as provide APIs for third-party services.

    According to Greene, the SWAMP designers made sure that the site remains secure by implementing identity-based controls to protect submitters’ intellectual property. Users can submit software either on a public or a private security level. Public packages rely on crowdsourcing to encourage collaboration, resulting in better quality open-source software.

    “Software requires several checks and balances during the development phase," says Greene. "Likewise, when someone is developing software for you, you would need to validate whether that software can be trusted. SWAMP serves as a resource to vet software and ensure it meets individual security requirements before being installed.”

     Read the full story

    Continue Reading

    Sponsored Recommendations

    Municipalities are utilizing inline total solids measurements to enhance sludge thickening, lower polymer usage and cut operational expenses.
    Carbon dioxide is increasingly recognized as a vital resource with significant economic potential. While the conversion of carbon dioxide into products is still in its infancy...
    Discover our wide range of temperature transmitters that convert sensor signals from RTDs and thermocouples into stable and standardized output signals!
    An innovative amine absorption-based carbon capture process enables retrofitting of existing industrial facilities to reduce emissions in hard-to-abate sectors, with advanced ...

    Latest from Home

    Wireframe Landscape Wire with Depth of Field Effect. 3D Topographic map background concept. Geography concept. Space surface HUD Design Element.
    Source: VTScada by Trihedral
    VTScada 12.2 by Trihedral makes it possible to share your data on a massive scale with a variety of different systems, with more security and ease of use.
    Young men and women sitting relaxed use tablet ,computer notebook on a wooden bench in college.Students using technology to learn the lessons of the student group during semester

    Most Read

    Sponsored