Cybersecurity: SWAMP Helps Find Software Vulnerabilities

July 30, 2014
The Software Assurance Market Place aims to help software developers make their programs more secure by finding weaknesses such as Heartbleed-like vulnerabilities. 

Cybersecurity is a continuing worry, especially with attacks such as the Stuxnet virus, which reportedly ruined several of Iran's nuclear centrifuges by worming its way into plants' industrial programmable logic controllers (PLCs). An organization called the Software Assurance Market Place or SWAMP aims to help users make their software more secure by finding weaknesses such as Heartbleed-like vulnerabilities.

The program is an online, open-source, collaborative research setting intended to let software developers and researchers test their software for security weaknesses, improve tools by testing against a wide range of software packages, and interact and exchange best practices to improve software assurance tools and techniques.

"SWAMP's goal is to help develop a healthier and safer cyber environment, and that starts with creating better quality software,” says Kevin Greene, Department of Homeland Security Science and Technology Directorate , Cyber Security Division, SWAMP Program Manager.

 SWAMP lets users address weaknesses in the software through an assessment platform comprising the open-source tools PMD, FindBugs, CppCheck, GCC, and Clang, as well as more than 100 open-source software packages. The program intends to expand its tool repository in the future to include dynamic and binary code assessments, commercial software analysis tools, and mobile platforms, as well as provide APIs for third-party services.

According to Greene, the SWAMP designers made sure that the site remains secure by implementing identity-based controls to protect submitters’ intellectual property. Users can submit software either on a public or a private security level. Public packages rely on crowdsourcing to encourage collaboration, resulting in better quality open-source software.

“Software requires several checks and balances during the development phase," says Greene. "Likewise, when someone is developing software for you, you would need to validate whether that software can be trusted. SWAMP serves as a resource to vet software and ensure it meets individual security requirements before being installed.”

 Read the full story

Sponsored Recommendations

Municipalities are utilizing inline total solids measurements to enhance sludge thickening, lower polymer usage and cut operational expenses.
Carbon dioxide is increasingly recognized as a vital resource with significant economic potential. While the conversion of carbon dioxide into products is still in its infancy...
Discover our wide range of temperature transmitters that convert sensor signals from RTDs and thermocouples into stable and standardized output signals!
An innovative amine absorption-based carbon capture process enables retrofitting of existing industrial facilities to reduce emissions in hard-to-abate sectors, with advanced ...