Security in the SWAMP
A key concern of SWAMP security is providing SWAMP users with the guarantees they need to be comfortable in using the SWAMP for software assurance. To that end, a key principle of the SWAMP is that SWAMP users own any tools, software they bring to the SWAMP or any results they produce in the SWAMP. This means they control who that data is shared with, with the ability to create projects for easy, controlled sharing among collaborators.
And while this principle is good, it’s only as good as the integrity of the SWAMP infrastructure. That’s why we are putting together a complete SWAMP cybersecurity program, starting with a risk assessment and culminating with both typical controls (e.g. physical controls, encrypted access, audits, firewalls, intrusion detection) and features specific to the SWAMP role as a flagship software assurance facility.
We welcome members of the SWAMP community with any specific concerns to discuss them with the SWAMP team.
Von, SWAMP CSO / firstname.lastname@example.org