The SWAMP project was a unique, yet significant submission representing an industry-wide paradigm shift toward incorporating software security and assurance throughout the development process and making it available to the public for free
Madison, Wisconsin (PRWEB) November 20, 2014
The Software Assurance Marketplace (SWAMP), a high performance computing platform designed to reduce the cost and complexity challenges of software assurance testing, was recently honored with the 2014 Information Security Executive® (ISE®) North America Project of the Year Award in the academic/public sector category. Award program nominations were accepted across the U.S. and Canada, and the SWAMP was one of 75 nominees across the academic/public sector, commercial, financial services, and healthcare categories. Software Assurance Manager Kevin E. Greene of the Department of Homeland Security Science and Technology Directorate (DHS S&T) and Patrick Beyer, SWAMP Project Manager, accepted the award at the November 5th awards ceremony that took place at the Westin Alexandria in Alexandria, Virginia.
Considered the industry’s most prestigious IT Security award program, the Information Security Executive® (ISE®) of the Year Award Series has become highly anticipated in the security industry, recognizing many of the highest security achievements of the year. All nominations were evaluated and winners were chosen by a panel of distinguished ISE® Alumni Judges, which included previous winners and security industry thought leaders such as Aflac Incorporated CISO, Tim Calahan; The Coca-Cola Company CISO, Paul Huesken; and Nike’s Digital Security and Privacy Director, LJ Johnson.
“The SWAMP project was a unique, yet significant submission representing an industry-wide paradigm shift toward incorporating software security and assurance throughout the development process and making it available to the public for free,” said Marci McCarthy, CEO and president of T.E.N. “We were thrilled to see our judges embrace this project as a winning submission in recognition of the great benefits SWAMP can bring to the technology industry.”
The SWAMP facility was created to provide the tools needed to transform today’s fragile software ecosystem through better software assurance (SwA). As network security protocols have become stronger and hardened the perimeter, it has made hacking into these commercial enterprise networks extremely difficult. As a result, cyber criminals have turned to attacking the software applications themselves to steal confidential customer data. Click here to see photos of the ceremony or here for a video vignette of the SWAMP.
“The rapid proliferation of software has grown to the point where everything from healthcare devices to jet turbine engines to the critical infrastructures that control vital electric and water services are being run by software of some kind,” Patrick Beyer, SWAMP Project Manager, said. “To be able to crack a piece of software requires a level of sophistication and training not seen before in criminal organizations. However, as more and more vulnerabilities are being discovered in these applications, organized crime now has professional hacking companies as sophisticated and organized as any corporate entity in the United States, complete with customer service, money-back guarantees, and even quality assurance departments. We are facing a more dangerous level of cyber-security warfare than ever before, and SwA is now a vital weapon that we need to defend ourselves.”
The SWAMP is focused on advancing the state of SwA by offering an open and powerful high-throughput cloud service that delivers a wide selection of open-source and commercial software security analysis tools in one central location. This gives developers deep visibility into the vulnerabilities and weaknesses that may be present in their software applications more easily than ever before without having to download, configure, and learn each individual tool. An integrated results viewer from Secure Decisions then collates all of the discovered weaknesses into a central console that prioritizes the severity of the software flaws, easing the mitigation process significantly.
In addition, the SWAMP hosts almost 400 open-source software packages with known vulnerabilities, providing an online laboratory that empowers tool developers to enhance both the precision and scope of their tools. Improving the power of these testing tools is an absolute must to advance the state of software security as a whole. Developers can also work together on projects when they choose to use the SWAMP as a collaborative innovation platform. Additionally, the SWAMP is able to collect a large amount of anonymized data regarding all aspects of the software security process to create the industry’s first standardized list of SwA best practices that can be adopted globally.
Hosted at the Morgridge Institute for Research in Madison, Wisconsin, the SWAMP is run by the Morgridge Institute for Research and three academic institutions with a team that offers deep expertise within software assurance, security, open-source software development, national distributed facilities, and identity management. A state-of-the-art, secure facility with 700 cores, 5 TB of RAM, and 100 TB of HDD, the SWAMP uses advanced networking capabilities to meet the continuous software assurance needs of multiple software and tool development projects.
“We are honored to have been recognized by this award this early in our development as the award will help make more information security professionals and developers aware of what
SWAMP can offer since we only opened to the public in February of this year,” Beyer continued. “The software security war cannot be fought alone, and we envision SWAMP as a central innovation center that can provide the tools and the intelligence needed to prevail in this fight as world economies depend upon having trustworthy and dependable eCommerce applications. Since the SWAMP’s inception, over 30,000 software security assessments have been conducted, providing ample evidence that our industry’s developers and security professionals are already beginning to work together.”
In addition to the award SWAMP received, other awards were given to Aetna in the healthcare category, ADP in the financial services category, and TELUS in the commercial category. The other finalists in the Academic/Public Sector category were also recognized at the event, including the government of New Brunswick’s “Security Event Management Centre” project and the University of Connecticut’s “Comcast Center for Excellence in CSI & CHASE.”
ABOUT THE ISE® AWARD PROGRAM SERIES
For more than a decade, the Information Security Executive® (ISE®) of the Year Award Program Series has empowered security executives and their project teams to Connect, Collaborate and Celebrate. Recognized as the industry’s most prestigious IT Security award program, it has become the most anticipated award program for security executives and their project teams. Winners have included executives and project teams from leading organizations such as Nike, The Walt Disney Company, the United States Postal Service, Schlumberger, Texas Instruments, JPMorgan Chase & Co., Equifax, Comcast, PayPal, Northrop Grumman Corporation and Nationwide.
The distinguished ISE® judges are past nominees representing a cross section of industries across the commercial, government, health care and academic sectors. For this reason, the ISE® Awards represent the best achievements of the year as evaluated by those regarded as the industry's most influential and successful thought leaders. Coupled with a one or two-day executive summit, the ISE® Awards are held across the U.S. in major cities including Atlanta, Dallas, New York, San Francisco and Washington, D.C. The ISE® Awards Program Series has reached more than 10,000 executives across a broad range of industries and has been a major influence in executives’ careers, knowledge sharing and the development of peer-to-peer relationships.
T.E.N., a national technology and security executive networking organization, facilitates peer-to-peer relationships between top executives, industry visionaries and solution providers. Nominated for numerous industry awards, T.E.N.’s executive leadership programs enable information exchange, collaboration and decision-making. Its flagship program, the nationally-acclaimed Information Security Executive® (ISE®) of the Year Program Series and Awards, is North America’s largest leadership recognition and networking program for security professionals. Other offerings include The ISE® Lions’ Den & Jungle Lounge, T.E.N. Custom Programs and the ISE® Industry Expert Advisory Services which empower IT solution providers to gain access to highly credentialed IT business veterans’ expertise. For information, visit http://www.ten-inc.com.
ABOUT THE SWAMP
The SWAMP, (SoftWare Assurance MarketPlace) is a Department of Homeland Security-funded facility designed to reduce the cost and complexity challenges of software assurance testing. All SWAMP activities performed by users are confidential although sharing is encouraged to create a collaborative platform for innovation. The SWAMP was funded to advance cybersecurity, protect critical infrastructures and improve the reliability of the open-source software used extensively throughout the software community. SWAMP is a joint project run by the Morgridge Institute for Research in Madison, Wisconsin; Indiana University; the University of Illinois at Urbana-Champaign; and the University of Wisconsin-Madison. For more information, please contact the SWAMP at http://www.continuousassurance.org.