The Software Assurance Marketplace (SWAMP) provides a national marketplace of continuous software assurance capabilities for software assurance (SWA) researchers and developers. By providing researchers, tool developers, tool users and educators who train our workforce a suite of secure and dependable analysis services, SWAMP aims to reduce the number of vulnerabilities deployed in new software systems.
Researchers who develop new SWA tools and methodologies use the repositories and cyber infrastructure provided by SWAMP to improve their technologies and tools, while software developers and adopters use the same services to locate vulnerabilities in their software and take remediation steps.
Educators use these services to offer hands-on experience in SWA techniques to their students. By generating economies of scale around the sharing of tools, techniques, information, experiences and resources, SWAMP:
- Helps advance the quality and adoption rate of software assurance tools,
- Lowers the barriers to entry for adopting software assurance tools, and
- Provides easy to interpret analysis results and spur improved rates of corrective action and mitigation.
Software increasingly makes possible every aspect of the digital world. It powers the nation’s critical infrastructure and nearly every device humans interact with today. Security often is an after-the-fact consideration or a secondary activity compared with software functionality and getting the product to market. Current software analysis tools may find certain flaws and vulnerabilities, but completely miss others. Using multiple software analysis tools provides more complete coverage of program code and therefore provides a holistic view of vulnerabilities. SWAMP provides a collaborative research environment that brings together multiple tools software developers, researchers, academia (educators and students) and software assurance tool developers can use to improve software assurance capabilities.
SWAMP provides a unique opportunity for software and software assurance tool developers to test their code and products. The environment enables multiple, independent analyses of submitted code using open-source software analysis tools and some commercial tools and also provides a user, web-enabled interface to submit code, select the tools and platforms to run their code against, and receive test results in a timely fashion. SWAMP uses a variety of channels to engage with customers, including—but not limited to—training and overview sessions at various conferences and workshops and cultivating internet and social media presences.
Morgridge Institute for Research (MIR): MIR is the prime contractor for SWAMP. MIR runs the Continuous Software Assurance Laboratory (CoSALab), providing the core networking, hardware, databases and software required to support SWAMP’s mission of continuous software assurance. CoSALab supports a wide range of operating systems and virtual environments to run isolation and additional platforms version choices.
University of Illinois at Urbana-Champaign (UIUC): The National Center for Supercomputing Applications (NCSA) Cybersecurity and Networking Division at UIUC provides SWAMP the technologies users can select for interoperable identity management.
University of Wisconsin, Madison: The University of Wisconsin’s Middleware Security and Testing project brings leadership to SWAMP in software assurance tool research, development and application.
Indiana University: The Indiana University’s Center for Applied Cybersecurity Research provides system and service security and operations center services for SWAMP.
SWAMP Snapshot Article (July 24, 2014)