Cybersecurity is a continuing worry, especially with attacks such as the Stuxnet virus, which reportedly ruined several of Iran'sĀ nuclear centrifuges by worming its way into plants' industrialĀ programmable logic controllersĀ (PLCs). An organization called the Software Assurance Market PlaceĀ or SWAMP aims to help users make their software more secure by finding weaknesses such as Heartbleed-like vulnerabilities.
The program is an online, open-source, collaborative research setting intended to let software developers and researchers test their software for security weaknesses, improve tools by testing against a wide range of software packages, and interact and exchange best practices to improve software assurance tools andĀ techniques.
"SWAMP's goal is to help develop a healthier and safer cyber environment, and that starts with creating better quality software,ā says Kevin Greene, Department of Homeland Security Science and Technology Directorate , Cyber Security Division,Ā SWAMP Program Manager.
Ā SWAMP lets users address weaknesses in the software through an assessment platform comprising the open-source tools PMD, FindBugs, CppCheck,Ā GCC, and Clang, as well as more than 100 open-source software packages. The program intends to expand its tool repository in the future to include dynamic and binary code assessments, commercial software analysis tools, and mobile platforms, as well as provide APIs for third-party services.
According to Greene, the SWAMP designers made sure that the site remains secure by implementing identity-based controls to protect submittersā intellectual property. Users can submit software either on a public or a private security level. Public packages rely on crowdsourcing to encourage collaboration, resulting in better quality open-sourceĀ software.
āSoftware requires several checks and balances during the development phase," says Greene. "Likewise, when someone is developing software for you, you would need to validate whether that software can be trusted. SWAMPĀ serves as a resource to vet software and ensure it meets individual security requirements beforeĀ being installed.ā
Ā Read the full story
