Are you headed to Austin, TX in May for OSCON 2017? If so, today is the last day to get the “Best Price” on conference passes. Use our discount code, SWAMP25, to save 25% on your admission, and be sure to look out for the Software Assurance Marketplace in Booth #518 at OSCON on May 8-11!
Our team members will be giving several presentations at the conference, as well as demoing the latest enhancements to SWAMP and SWAMP-in-a-Box!
The SWAMP was just featured on the NewsWatch TV program. Dr. Lethia Jackson from Bowie State University spoke about the benefits that her computer science students have received from using the SWAMP in the classroom. She said, “The students gain an understanding of what is secure coding, but most importantly, their confidence is what they’ve really gained. They feel more confident in programming, period.” Check out the video and more here. And don’t forget to review your code in the SWAMP at https://www.mir-swamp.org/.
The SWAMP’s Chief Scientist, Bart Miller, was recently interviewed by Andy Greenberg at WIRED regarding his role in the development of fuzzing. “In the world of cybersecurity, fuzzing is the usually automated process of finding hackable software bugs by randomly feeding different permutations of data into a target program until one of those permutations reveals a vulnerability.”
At the University of Wisconsin-Madison, Miller and a group of students “created the first purpose-built fuzzing tool to try to exploit that method of haphazardly stumbling into security flaws.” At the time, their paper and methods were criticized, but according to Miller, “Today, if you’re a hacker trying to crack a system, the first thing you do is fuzz test it.”
Read the full article
A team of researchers from the University of Wisconsin-Madison recently published an academic paper sharing the pros and cons of using software assurance tools. They first discuss the process of using a software assurance tool and the challenges that come with it. Then, they evaluate how the SWAMP’s security, automation, access to multiple tools, and unified results viewer reduce the barriers to tool adoption.
Read the full paper
In a time when million-dollar security breaches of household name corporations regularly make headlines, computer science undergraduates at America’s universities remain surprisingly underexposed to basic cybersecurity tactics. The Software Assurance Marketplace (SWAMP) has been working to address this skills gap through a unique partnership with Bowie State University in Maryland. The SWAMP offers a rich and accessible suite of software security tools that Bowie State has been integrating into undergraduate coding courses, giving students an efficient way to examine and rid their code of security weaknesses. The partnership offers a national model for integrating cybersecurity into the curriculum.
Read the full article
The SWAMP will be exhibiting at OSCON 2016, and we’d love to see you there! It will be our first time in Austin, so we’re excited to see lots of new faces and have some exciting SWAMP updates to share. For a discount on your conference pass, use our code below. Then stop by our booth in the expo area on May 17-19!
Austin, TX – May 16-20 – Booth #518
- 25% off a 2-day or higher conference pass: SWAMP25
- Register here
Bruce Maas, CIO of the University of Wisconsin-Madison, mentioned the SWAMP in today’s article on wisbusiness.com. In reference to increased broadband use for the Internet of Things, he states, “The university’s federally funded SWAMP project (Software Assurance Marketplace) is staffed by leading computer science department faculty who will work with the business community on software code to create greater security for their companies.”
Read the full article
The SWAMP, along with several other companies and universities, participated in a recent exploratory working group focused on shaping the future of software security. The goal was to “create a very succinct and concrete plan of real-world actions that are executable today for a more resilient software world.” Four working group sessions, led by industry experts, discussed gaps in assurance tool technologies, labeling software with assurance levels to improve the software supply chain, creating a more orthogonal encyclopedia of software weaknesses than CWEs, and mobility app security threats. Read the full article on Dark Reading for the detailed talking points and takeaways.
Just as Luke Skywalker honed his Jedi skills with Yoda on Dagobah, you can strengthen your code with a variety of software analysis tools in the SWAMP! In his article for Security Current, Ed Moyle explains the value that the SWAMP provides to developers and the application security community as a “collaborative, open environment that allows no-cost access to a body of software testing tools, code samples, test-beds, and other resources designed to enable robust application security testing.” Use the SWAMP, you must, for coding wisdom and software security guidance.
George Lawton from Service Virtualization recently interviewed Bart Miller, Chief Scientist of the SWAMP and computer science professor at University of Wisconsin-Madison. During their Q&A, Miller explained how the SWAMP hosts an orchestra of static analysis tools.
“The commercial tools will run side by side with the open source tools… There is no one tool that covers everything. We are trying to create an environment where you are not as interested in listening to each instrument as to the whole orchestra. We are trying to bring together a merged combined result.”
Read the full article to learn more about the benefits of assessing your code against multiple tools in the SWAMP.