Updates were made to the SWAMP today at mir-swamp.org.
- Updated the Ubuntu 16.04 platform, including newer Java build systems natively installed
- Assessments that fail due to network failures will now be re-tried automatically
- Performance improvements
- General enhancements and bug fixes
Please let us know if you have any questions at email@example.com.
Version 10.3 of Parasoft‘s C/C++test and Jtest tools are now supported as tool add-ons in SWAMP-in-a-Box (SiB), providing SWAMP users with secure, local access to Parasoft’s mature static analysis security solution inside their own network. With Parasoft support, SWAMP-in-a-Box now provides expanded access to preconfigured static analysis rulesets, including CWE Top 25, CERT, MISRA, and UL-2900.
“This is an important next step in our partnership with Parasoft to advance the adoption of Continuous Assurance,” says Miron Livny, SWAMP Director and Chief Technology Officer. “Organizations that deploy their customized instances of SWAMP-in-a-Box will benefit from easy and managed access to the evolving capabilities offered by Parasoft’s software testing solutions.”
“We’re very excited to be supporting SWAMP-in-a-Box. Parasoft was the first commercial static analysis tool available in the SWAMP, and it’s great to see the SiB feature give greater access to SWAMP capabilities by allowing users to keep analysis and code on premises,” said Arthur Hicken, Evangelist at Parasoft.
To learn more about Parasoft and SiB, join the upcoming webinar on March 8, 2018 at 1pm Eastern (12pm Central), or contact Parasoft at firstname.lastname@example.org.
Read the full article
The SWAMP, along with several other companies and universities, participated in a recent exploratory working group focused on shaping the future of software security. The goal was to “create a very succinct and concrete plan of real-world actions that are executable today for a more resilient software world.” Four working group sessions, led by industry experts, discussed gaps in assurance tool technologies, labeling software with assurance levels to improve the software supply chain, creating a more orthogonal encyclopedia of software weaknesses than CWEs, and mobility app security threats. Read the full article on Dark Reading for the detailed talking points and takeaways.