Software is a crucial component of daily living, affecting our privacy, worldwide economic structures, and the services we depend on every day. With the increasing rate of security breaches, today’s applications need to be built more securely at the code level, and that code needs to be tested regularly. The Software Assurance Marketplace was developed to make it easier to consistently test the quality and security of these applications and bring a transformative change to the software assurance landscape by reducing the number of weaknesses deployed in software.

There are two ways to use the SWAMP: the ready-to-use cloud computing platform at mir-swamp.org or the SWAMP-in-a-Box (SiB) open-source distribution that is downloadable from GitHub. Both are available at no-cost to you and include an array of open-source and commercial software security testing tools as well as a comprehensive results viewer to simplify vulnerability remediation. Each also supports an API, allowing you to integrate the SWAMP into existing software development workflows.

• MIR-SWAMP supports software assurance with minimal fuss and is a good way to try out the SWAMP either for use as part of a class or regular day-to-day usage. It also offers a library of applications with known vulnerabilities, enabling tool developers to improve the effectiveness of their own static and dynamic testing tools.
• SWAMP-in-a-Box can be deployed on your own servers if you have higher security or compliance requirements for your software or, being open-source, when you want to customize the software.

Upcoming Events

• Bart Miller and Elisa Heymann from the University of Wisconsin-Madison are presenting about the SWAMP in their training, “Automated Assessment Tools – Theory & Practice,” at the 2018 NSF Cybersecurity Summit for Large Facilities and Cyberinfrastructure on August 21 at 9:00am-1:00pm in Alexandria, VA. View the Training Descriptions for details.
• Bart Miller and Elisa Heymann will be teaching a tutorial at the IEEE Cybersecurity Development Conference (SecDev) held on September 30-October 2 in Cambridge, MA. “Secure Coding Practices, Automated Assessment Tools and the SWAMP” is scheduled on September 30 from 1:30pm to 5:00pm (view the agenda). Register here.
• Bart Miller and Elisa Heymann will be presenting at the O’Reilly Velocity conference in London on October 30-November 2. Their session, “Critical Infrastructure Software Security: A Maritime Shipping Study Case,” will be at 1:15–1:55pm on Friday, November 2. Register here.
• On November 11-12, Bart Miller and Elisa Heymann will be giving a tutorial at Supercomputing 2018 in Dallas, TX. Review the schedule, and sign up for “Secure Coding Practices and Automated Assessment Tools” to learn about security programming and software assurance tools, including hands-on activities in the SWAMP! Register here.

The SWAMP Team

The SWAMP Partners