Accessibility Statement Skip Navigation
  • Why PRWeb
  • How It Works
  • Who Uses It
  • Pricing
  • Login
  • GDPR
  • Create a Free Account
Return to PRWeb homepage
  • News
  • Resources
  • Contact
When typing in this field, a list of search results will appear and be automatically updated as you type.

Searching for your content...

No results found. Please change your search terms and try again.
  • News in Focus
      • Browse News Releases

      • All News Releases
      • Multimedia Gallery

      • All Multimedia
      • All Photos
      • All Videos
  • Business & Money
      • Auto & Transportation

      • Aerospace, Defense
      • Air Freight
      • Airlines & Aviation
      • Automotive
      • Maritime & Shipbuilding
      • Railroads and Intermodal Transportation
      • Supply Chain/Logistics
      • Transportation, Trucking & Railroad
      • Travel
      • Trucking and Road Transportation
      • View All Auto & Transportation

      • Business Technology

      • Blockchain
      • Broadcast Tech
      • Computer & Electronics
      • Computer Hardware
      • Computer Software
      • Data Analytics
      • Electronic Commerce
      • Electronic Components
      • Electronic Design Automation
      • Financial Technology
      • High Tech Security
      • Internet Technology
      • Nanotechnology
      • Networks
      • Peripherals
      • Semiconductors
      • View All Business Technology

      • Entertain­ment & Media

      • Advertising
      • Art
      • Books
      • Entertainment
      • Film and Motion Picture
      • Magazines
      • Music
      • Publishing & Information Services
      • Radio & Podcast
      • Television
      • View All Entertain­ment & Media

      • Financial Services & Investing

      • Accounting News & Issues
      • Acquisitions, Mergers and Takeovers
      • Banking & Financial Services
      • Bankruptcy
      • Bond & Stock Ratings
      • Conference Call Announcements
      • Contracts
      • Cryptocurrency
      • Dividends
      • Earnings
      • Earnings Forecasts & Projections
      • Financing Agreements
      • Insurance
      • Investments Opinions
      • Joint Ventures
      • Mutual Funds
      • Private Placement
      • Real Estate
      • Restructuring & Recapitalization
      • Sales Reports
      • Shareholder Activism
      • Shareholder Meetings
      • Stock Offering
      • Stock Split
      • Venture Capital
      • View All Financial Services & Investing

      • General Business

      • Awards
      • Commercial Real Estate
      • Corporate Expansion
      • Earnings
      • Environmental, Social and Governance (ESG)
      • Human Resource & Workforce Management
      • Licensing
      • New Products & Services
      • Obituaries
      • Outsourcing Businesses
      • Overseas Real Estate (non-US)
      • Personnel Announcements
      • Real Estate Transactions
      • Residential Real Estate
      • Small Business Services
      • Socially Responsible Investing
      • Surveys, Polls and Research
      • Trade Show News
      • View All General Business

  • Science & Tech
      • Consumer Technology

      • Artificial Intelligence
      • Blockchain
      • Cloud Computing/Internet of Things
      • Computer Electronics
      • Computer Hardware
      • Computer Software
      • Consumer Electronics
      • Cryptocurrency
      • Data Analytics
      • Electronic Commerce
      • Electronic Gaming
      • Financial Technology
      • Mobile Entertainment
      • Multimedia & Internet
      • Peripherals
      • Social Media
      • STEM (Science, Tech, Engineering, Math)
      • Supply Chain/Logistics
      • Wireless Communications
      • View All Consumer Technology

      • Energy & Natural Resources

      • Alternative Energies
      • Chemical
      • Electrical Utilities
      • Gas
      • General Manufacturing
      • Mining
      • Mining & Metals
      • Oil & Energy
      • Oil and Gas Discoveries
      • Utilities
      • Water Utilities
      • View All Energy & Natural Resources

      • Environ­ment

      • Conservation & Recycling
      • Environmental Issues
      • Environmental Policy
      • Environmental Products & Services
      • Green Technology
      • Natural Disasters
      • View All Environ­ment

      • Heavy Industry & Manufacturing

      • Aerospace & Defense
      • Agriculture
      • Chemical
      • Construction & Building
      • General Manufacturing
      • HVAC (Heating, Ventilation and Air-Conditioning)
      • Machinery
      • Machine Tools, Metalworking and Metallurgy
      • Mining
      • Mining & Metals
      • Paper, Forest Products & Containers
      • Precious Metals
      • Textiles
      • Tobacco
      • View All Heavy Industry & Manufacturing

      • Telecomm­unications

      • Carriers and Services
      • Mobile Entertainment
      • Networks
      • Peripherals
      • Telecommunications Equipment
      • Telecommunications Industry
      • VoIP (Voice over Internet Protocol)
      • Wireless Communications
      • View All Telecomm­unications

  • Lifestyle & Health
      • Consumer Products & Retail

      • Animals & Pets
      • Beers, Wines and Spirits
      • Beverages
      • Bridal Services
      • Cannabis
      • Cosmetics and Personal Care
      • Fashion
      • Food & Beverages
      • Furniture and Furnishings
      • Home Improvement
      • Household, Consumer & Cosmetics
      • Household Products
      • Jewelry
      • Non-Alcoholic Beverages
      • Office Products
      • Organic Food
      • Product Recalls
      • Restaurants
      • Retail
      • Supermarkets
      • Toys
      • View All Consumer Products & Retail

      • Entertain­ment & Media

      • Advertising
      • Art
      • Books
      • Entertainment
      • Film and Motion Picture
      • Magazines
      • Music
      • Publishing & Information Services
      • Radio & Podcast
      • Television
      • View All Entertain­ment & Media

      • Health

      • Biometrics
      • Biotechnology
      • Clinical Trials & Medical Discoveries
      • Dentistry
      • FDA Approval
      • Fitness/Wellness
      • Health Care & Hospitals
      • Health Insurance
      • Infection Control
      • International Medical Approval
      • Medical Equipment
      • Medical Pharmaceuticals
      • Mental Health
      • Pharmaceuticals
      • Supplementary Medicine
      • View All Health

      • Sports

      • General Sports
      • Outdoors, Camping & Hiking
      • Sporting Events
      • Sports Equipment & Accessories
      • View All Sports

      • Travel

      • Amusement Parks and Tourist Attractions
      • Gambling & Casinos
      • Hotels and Resorts
      • Leisure & Tourism
      • Outdoors, Camping & Hiking
      • Passenger Aviation
      • Travel Industry
      • View All Travel

  • Policy & Public Interest
      • Policy & Public Interest

      • Advocacy Group Opinion
      • Animal Welfare
      • Congressional & Presidential Campaigns
      • Corporate Social Responsibility
      • Domestic Policy
      • Economic News, Trends, Analysis
      • Education
      • Environmental
      • European Government
      • FDA Approval
      • Federal and State Legislation
      • Federal Executive Branch & Agency
      • Foreign Policy & International Affairs
      • Homeland Security
      • Labor & Union
      • Legal Issues
      • Natural Disasters
      • Not For Profit
      • Patent Law
      • Public Safety
      • Trade Policy
      • U.S. State Policy
      • View All Policy & Public Interest

  • People & Culture
      • People & Culture

      • Aboriginal, First Nations & Native American
      • African American
      • Asian American
      • Children
      • Diversity, Equity & Inclusion
      • Hispanic
      • Lesbian, Gay & Bisexual
      • Men's Interest
      • People with Disabilities
      • Religion
      • Senior Citizens
      • Veterans
      • Women
      • View All People & Culture

  • Hamburger menu
  • Cision PRWeb provides efficient communication tools to continuously engage with target audiences across multiple online channels
  • Create a Free Account
    • ALL CONTACT INFO
    • Contact Us


      11AM ET Sunday – 8PM ET Friday

  • Send a Release
  • Sign up
  • Log in
  • Resources
  • RSS
  • GDPR
  • News in Focus
    • Browse All News
    • Multimedia Gallery
  • Business & Money
    • Auto & Transportation
    • Business Technology
    • Entertain­ment & Media
    • Financial Services & Investing
    • General Business
  • Science & Tech
    • Consumer Technology
    • Energy & Natural Resources
    • Environ­ment
    • Heavy Industry & Manufacturing
    • Telecomm­unications
  • Lifestyle & Health
    • Consumer Products & Retail
    • Entertain­ment & Media
    • Health
    • Sports
    • Travel
  • Policy & Public Interest
  • People & Culture
    • People & Culture
  • Send a Release
  • Sign up
  • Log in
  • Resources
  • RSS
  • GDPR
  • Send a Release
  • Sign up
  • Log in
  • Resources
  • RSS
  • GDPR
  • Send a Release
  • Sign up
  • Log in
  • Resources
  • RSS
  • GDPR

Homeland Security-Funded Software Assurance Marketplace (SWAMP) Announces Partnerships with Commercial Vendors
  • USA - English


News provided by

Morgridge Institute for Research

Sep 19, 2014, 03:00 ET

Share this article

Share toX

Share this article

Share toX

Swamp Logo
Swamp Logo

Madison, Wisconsin (PRWEB) September 19, 2014 -- The SoftWare Assurance MarketPlace (SWAMP) announced today that it has formed partnerships with Veracode, Parasoft, Red Lizard and GrammaTech. They join existing partner Secure Decisions so that together, they can enhance the software security services offered by the SWAMP. Through these partnerships, the no-cost and open-source SWAMP facility will now offer an array of both commercial and open-source software security testing tools as well as an integrated commercial results viewer to significantly improve remediation of software flaws. Today’s announcement broadens the SWAMP’s capabilities, enabling the Department of Homeland Security Science and Technology Directorate (DHS S&T) funded facility to further advance the state of cybersecurity, better protect the nation’s critical infrastructure and improve the resiliency of open-source software.

Designed to accelerate the adoption of continuous software assurance practices, the SWAMP facility addresses the growing realization of the power of using multiple tools to create a comprehensive view of an application’s potential vulnerabilities. In fact, according to the latest National Institute of Standards and Technology (NIST) research report, tools mostly find different weaknesses, and over two-thirds of detected software defects can be discovered by only one tool. The report went on to explain that it was very rare for the same code defect to be detected by three or more tools. (Software Assurance Metrics and Tool Evaluation published in January of 2013) In addition, the National Security Agency (NSA) Center for Assured Software published a separate study of over 60,000 test cases with several million lines of source code (6.5 million+ for C/C++ and 3.2 million for Java) which showed that only 14 percent of the known software defects were able to be detected, even when using multiple tools.

The four new commercial vendors will join Secure Decisions, a long-time SWAMP partner that already provides its software assurance analytics tool, Code Dx®, to SWAMP users. Since software security requires the use of multiple testing tools to conduct a comprehensive analysis of software vulnerabilities, and since there is a lack of standardized naming and security rating conventions between tools, managing the remediation process usually requires tedious hours of manual vulnerability data analysis. Code Dx automates this process by consolidating, normalizing, prioritizing and displaying weaknesses detected by disparate code analysis tools onto a central platform to ensure the most critical weaknesses are remediated quickly. By allowing SWAMP users to easily visualize and correlate the detected security weaknesses from ALL the tools used, developers can achieve acceptable software assurance levels more easily while injecting security best practices into the Software Development Life Cycle (SDLC).

“Software applications have become a core fabric to all aspects of our lives and are integral for the operation of our cars, home appliances, medical devices and, of course, our mobile devices. Software even powers the critical infrastructures that support our daily life support needs such as electricity and water,” said Software Assurance Manager Kevin E. Greene of The Department of Homeland Security Science and Technology Directorate (DHS S&T). “The Department of Homeland Security funded the SWAMP because these software applications are quickly moving from behind the protection of corporate firewalls onto the web, making the need for improved software assurance capabilities more essential than ever to provide a first line of defense in protecting our nation’s critical infrastructure and e-commerce environments.”

As a result of these new partnerships, the SWAMP now offers powerful new capabilities:
• Veracode’s cloud-based service provides SWAMP users with easy access to binary static analysis (SAST) with actionable guidance that helps developers quickly prioritize and remediate critical software vulnerabilities such as an SQL Injection or cross-site scripting (XSS) error.
• Red Lizard Software’s Goanna software analysis tool performs whole program analysis on applications to detect hard-to-find C/C++ software flaws. Built using cutting-edge software assurance research coming from NICTA, Australia’s Information Communications Technology (ICT) Research Centre of Excellence, Goanna also integrates with most IDE’s and build systems to detect bugs early in the development cycle before they are released to customers.
• GrammaTech’s static analysis tool, CodeSonar, helps developers eliminate the most costly and hard-to-find defects. Designed for zero-tolerance defect environments, CodeSonar's engine analyzes both source code and binaries. The binary analysis capability enables users to analyze software components even when source code is unavailable. CodeSonar’s new distributed analyses capability, developed through DHS S&T funding, can efficiency run in large clusters of computers. As a result, Code Sonar’s unique ability to exploit the power of distributed computing makes it particularly well-suited to the SWAMP’s high throughput computing environment.
• Parasoft’s Static Analysis Engine (SAE) for Java and C/C++ will help SWAMP developers prevent defects by unobtrusively applying thousands of rules based on academic research, industry standards, and proven best practices. As part of Parasoft’s Development Testing Platform family of software quality solutions, SAE enables developers and testers to identify vulnerabilities at the earliest possible stage of the SDLC and eliminate them while the costs of remediation are at their lowest.

The new tools testing capabilities complement the seven open-source static analysis tools already being used by SWAMP users. These tools include FindBugs, PMD, Cppcheck, Clang and Clang Static Analyzer, GCC, Google’s error-prone and Checkstyle. With the addition of the open-source tool Pylint and the full implementation of these commercial tools, SWAMP will soon be able to offer users access to 12 software analysis tools. The SWAMP currently assesses programs written in the Java and C/C++ programming languages and PHP, C# and Python language support are being added to the SWAMP’s capabilities as well. Currently, nine Unix/Linux-based platforms are supported in the SWAMP. Android platform support will be added shortly with Macintosh and Windows support to follow. In addition, dynamic and mobile testing support will also be added to the SWAMP’s capabilities within the next year. The number of supported programming languages, platforms and software analysis tools will continue to grow in the future.

Hosted at the Morgridge Institute for Research in Madison, Wisconsin, the SWAMP is run by the Morgridge Institute for Research and three academic institutions with a team that offers deep expertise within software assurance, security, open-source software development, national distributed facilities and identity management. A state-of-the-art, secure facility with 700 cores, 5 TB of RAM, and 100 TB of HDD, the SWAMP uses advanced networking capabilities to meet the continuous assurance needs of multiple software and tool development projects.

The SWAMP is also promoting the adoption of continuous assurance practices from multiple angles by offering its infrastructure to tool developers to enhance and create better tools capable of finding a greater quantity and variety of software weaknesses. An absolutely critical need to improve the state of software assurance as a whole, the SWAMP facility provides an ideal resource for tool developers to test their tools by hosting almost 400 publicly available software packages including the NIST Juliet Testing Suite. Additionally, the SWAMP’s intuitive user interface and its support staff ensure that tool developers are able to work effectively and attain useful results by testing against the documented vulnerabilities in these applications.

"We are actively working with interested developers to bring their own tools into the SWAMP so they can leverage SWAMP’s capabilities to advance their tool’s capabilities,” said Miron Livny, Chief Technology Officer of the Morgridge Institute for Research and lead principal investigator of the SWAMP. “SWAMP is now more powerful than ever as a result of these new partnerships and provides even easier access to the diverse collection of software analysis technologies needed to obtain a truly comprehensive view of an application’s vulnerabilities. This makes it easier to adopt the continuous software assurance practices needed to match the new world of continuous software development.”

ABOUT THE SWAMP
The SWAMP, (SoftWare Assurance MarketPlace) is a Department of Homeland Security funded facility designed to reduce the cost and complexity challenges of software assurance testing. SWAMP consists of a no-cost security testing platform that offers high throughput computing services combined with a comprehensive array of software security testing tools. The SWAMP also includes a broad library of open-source code samples with known weaknesses to help developers improve the quality of their static and dynamic testing tools. All SWAMP activities performed by users will be kept confidential although sharing is encouraged to create a collaborative platform for innovation. The SWAMP was funded to advance cybersecurity, protect critical infrastructures and improve the reliability of the open-source software used extensively throughout the software community. SWAMP is a joint project run by the Morgridge Institute for Research in Madison, Wisconsin; Indiana University; the University of Illinois at Urbana-Champaign; and the University of Wisconsin-Madison. For more information, please contact the SWAMP at http://www.continuousassurance.org.

Patrick Beyer, Morgridge Institute for Research, http://www.continuousassurance.org, +1 (608) 509-5203, [email protected]

Modal title

HOMELAND SECURITY-FUNDED SOFTWARE ASSURANCE MARKETPLACE (SWAMP) ANNOUNCES PARTNERSHIPS WITH COMMERCIAL VENDORS
View PDF
HOMELAND SECURITY-FUNDED SOFTWARE ASSURANCE MARKETPLACE (SWAMP) ANNOUNCES PARTNERSHIPS WITH COMMERCIAL VENDORS
HOMELAND SECURITY-FUNDED SOFTWARE ASSURANCE MARKETPLACE (SWAMP) ANNOUNCES PARTNERSHIPS WITH COMMERCIAL VENDORS

Contact PRWeb

  • 11AM ET Sunday – 8PM ET Friday
  • Contact Us

About PRWeb

  • About PRWeb
  • Partners
  • Partnership Programs
  • Editorial Guidelines
  • Resources

Why PRWeb

  • Why PRWeb
  • How It Works
  • Who Uses It
  • Pricing

Accounts

  • Create a Free Account
  • Log in
  • Contact Us

Do not sell or share my personal information:

  • Submit via [email protected] 
  • Call Privacy toll-free: 877-297-8921

Contact Cision

Products

About

My Services
  • All News Releases
  • Online Member Center
  • ProfNet
Cision Distribution Helpline
888-776-0942
  • Legal
  • Site Map
  • RSS
  • Cookie Settings
Copyright © 2025 Cision US Inc.