Hiking Software Security in a SWAMP

Thursday, July 10, 2014 @ 06:07 PM gHale

Software security assessment tool provider Secure Decisions is partnering with the Software Assurance Marketplace (SWAMP) to build a publicly accessible resource to improve the software that drives everyday life.

SWAMP, located in the Morgridge Institute for Research at the University of Wisconsin-Madison, gets its funding from the Department of Homeland Security (DHS) to accelerate software security practices by building a free testing facility with a wide range of assessment tools available for public and private industry use. An advanced computing platform that can handle software of any size powers the facility.

RELATED STORIES
NIST Security Program Starts
Major Update to ICS Security Guide
NIST Guidelines: Start with Security
Smart Grid Framework 3.0 Available

“Software security has not become a full-blown industry imperative yet, but it needs to be,” said Miron Livny, the Morgridge Institute chief technology officer and director of SWAMP. “There is a false sense that network security systems are all that’s needed, but systems are so interconnected today there is no true perimeter left on a network.”

The partnership with Secure Decisions, a division of New York-based Applied Visions, Inc., adds another tool to the lineup. Secure Decisions is providing a customized version of its Code Dx product to become a part of SWAMP. Code Dx is a visualization tool that simplifies the remediation process by correlating results from multiple tools into a central platform.

“Adding Code Dx to the SWAMP infrastructure improves the remediation process by making the testing results much easier to consume for today’s software developers and security professionals,” said Kevin Greene, program manager for the DHS Security and Technology Cyber Security Division.

“It’s well known that different software analysis tools have different strengths, and SWAMP provides easy access to all of these tools combined with a powerful analysis platform to handle code of all sizes,” Greene said. “Code Dx provides the most effective way to analyze and act on all the data while also reducing the number of false positives that typically plague software testers.”

The stakes remain high to hike software integrity. Most of the major cases of breached security involve attacks on compromised software applications rather than the traditional attack vector on corporate networks. In one glaring case, Target Corp. officials reported the 2013 breach affecting millions of customers resulted from an intruder who stole a vendor’s credentials to access its system and place malware on its point-of-sale registers.

As more applications deploy via the Internet and end up delivered through wireless networks, the software applications themselves are more vulnerable to attack, requiring the industry to take greater interest in ensuring the application code is resilient.



Leave a Reply

You must be logged in to post a comment.