Improving Software in the SWAMP

Wednesday, February 6, 2019 @ 03:02 PM gHale

In a move to secure software by enabling developers to evaluate their products against realistic test cases, 9,700 real-world software examples ended up added into a massive SWAMP.

That is because the Department of Homeland Security (DHS) Science and Technology Directorate (S&T) completed the integration of the 9,700 test cases from the Static Tools Analysis Modernization Project (STAMP) into the Software Assurance Marketplace (SWAMP). The test cases are known as the BugInjectors.

RELATED STORIES
DNS Infrastructure Tampering Emergency Order
Analog Grid Back Up Bill Passes Senate
Feds Lack in Physical Security
Personality Traits Become Cyber Risks

“Software powers most of the nation’s economy and critical infrastructure,” said William N. Bryan, DHS Senior Official Performing the Duties of the Under Secretary for Science and Technology. “Through this accomplishment, S&T is creating capabilities to improve software assurance while meeting the national level objectives outlined in the DHS Cybersecurity Strategy and 2016 Federal Cybersecurity Research and Development (R&D) Strategic Plan.”

SWAMP and STAMP are two of the research projects under the DHS S&T Software Assurance Program. The STAMP project is an approach to modernizing and advancing the capabilities of static analysis tools. STAMP’s goal is to improve tool coverage and seamlessly integrate it into the software delivery pipeline to achieve “security at speed” in the software development process. SWAMP provides a national marketplace of continuous software assurance capabilities for software assurance researchers and developers intended to reduce vulnerabilities deployed in software system. To do this, the SWAMP requires a robust repository of test cases for software evaluation.

“The addition of these real-world test cases to the SWAMP is significant as software and tool developers often don’t have access to realistic test data,” said Mary McGinley, S&T’s Director of Physical and Cyber Security. Through the integration of two software assurance projects, we expect this will help improve software quality.”

The BugInjector cases are available directly though S&T-funded performer Grammatech or through the SWAMP website.



Leave a Reply

You must be logged in to post a comment.