Ninety percent of all reported security incidents resulted from exploits committed against defects in the design or code of the software.
Madison, Wisconsin (PRWEB) September 17, 2014
The SoftWare Assurance MarketPlace (SWAMP) today announced it is hosting a blue ribbon panel to discuss the state of software assurance on Thursday, September 18th at 3:00 pm MST in the Silverton room of the Denver Marriott City Center at the AppSec USA 2014 show.
As software applications take more of a central stage in our daily lives, supporting everything from the critical infrastructures that deliver life-dependent services to the ecommerce applications that fuel economies worldwide, it is clear that software assurance is becoming a critical need. With the recent rash of software system vulnerability exploits in the industry, the panel will focus on the urgent demand to develop more secure software and the impact that centralized software security testing and technology collaboration can have on the industry. Lessons learned from Heartbleed and other recent security breaches will be discussed as well.
The Panel Takes Place At:
Thursday, September 18th, at 3:00 pm MST
The AppSec USA 2014 Conference
Denver Marriott City Center, Silverton Room
1701 California St.
Denver, CO 80202-3402
The panel participants include:
- Kevin Greene, Software Assurance Program Manager, Department of Homeland Security Science & Technology Directorate, Cybersecurity Division
- Chris Wysopal, CTO and Co-Founder of Veracode
- Arthur Hicken, Evangelist of Parasoft
- Ralf Huuck, CEO and Co-Founder of Red Lizard Software
- Bart Miller, Chief Scientist of the SWAMP and Computer Science Professor at the University of Wisconsin-Madison
- Ken Prole, Project Engineer of Secure Decisions
- Mark Zarins, Vice President of Sales for GrammaTech
The panel was created to discuss the details of what software assurance (SwA) is and what it takes to integrate SwA measures into our daily interactions. Defined as "the level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its lifecycle,” SwA is a strategic initiative for the U.S. Department of Homeland Security (DHS) which seeks to reduce software vulnerabilities, minimize exploitation, and address ways to improve the routine development and deployment of trustworthy software products. In fact, industry estimates define that 90 percent of all reported security incidents resulted from exploits committed against defects in the design or code of the software. As a result, ensuring the integrity of software is key to reducing the overall risk of cyber attacks capable of causing debilitating disruption to critical infrastructures, national economies or national security worldwide.
As part of this initiative, DHS Science & Technology Directorate funded the SoftWare Assurance MarketPlace (SWAMP) for $23.5 million to provide a no-cost, high performance computing platform that more easily enables the principals of continuous software assurance to be integrated into the Software Development Life Cycle (SDLC.) Critical to achieving an improved SwA posture, the SWAMP includes an array of software security testing tools and a comprehensive results viewer that simplifies vulnerability remediation. In fact, today’s panel members have all committed resources to support the growth of the SWAMP, recognizing it as an open collaborative research environment that allows software developers and researchers to test their software for security weaknesses, improve tools by testing against a wide range of software packages and interact and exchange best practices to improve software assurance tools and techniques.
“We’re thrilled that the SWAMP can bring together so many leaders in software security technology to produce higher quality, more secure software that can provide a safer computing environment worldwide,” said Software Assurance Manager Kevin E. Greene of the Department of Homeland Security Science and Technology Directorate (DHS S&T). “Because SWAMP is a non-partisan organization with no profit motive, we can combine the best and brightest from both open-source and commercial organizations to undertake significant new research on secure software engineering. By examining a range of development issues from new methods that avoid basic programming errors to enterprise systems that remain secure when portions of the system software are compromised, we have an exciting opportunity to completely re-invent the industry and ensure that safe computing environments are available and functional worldwide.”
The SWAMP is run by a team from the Morgridge Institute for Research (MIR) and three other academic institutions that combined, have broad experience in software assurance, security, open source software development, national distributed facilities and identity management. Hosted at MIR in Madison, Wisconsin, the SWAMP is located at a state-of-the-art, secure facility and is offering 700 cores, 5 TB of RAM, and 100 TB of HDD through advanced networking capabilities to meet the continuous assurance needs of multiple software and tool development projects.
ABOUT THE SWAMP
The SWAMP (SoftWare Assurance MarketPlace) is a Department of Homeland Security funded facility designed to reduce the cost and complexity challenges of software assurance testing. SWAMP consists of a no-cost security testing platform that offers high throughput computing services combined with a comprehensive array of software security testing tools. The SWAMP also includes a broad library of open-source code samples with known vulnerabilities to help developers improve the quality of their static and dynamic testing tools. All SWAMP activities performed by users will be kept confidential although sharing is encouraged to create a collaborative platform for innovation. The SWAMP was funded to advance cybersecurity, protect critical infrastructures and improve the reliability of the open-source software used extensively throughout the software community. SWAMP is a joint project run by the Morgridge Institute for Research in Madison, Wisconsin; Indiana University, University of Illinois at Urbana-Champaign and the University of Wisconsin-Madison. For more information, please contact the SWAMP at http://www.continuousassurance.org.