Tag Archives: Barton Miller

What about libraries?

In response to an interesting article on Contrast Security on libraries and application security, SWAMP Chief Scientist, Dr. Barton Miller elucidates on how the SWAMP will augment appsec:

“Thank you Dave for stressing the importance of libraries when thinking about software assurance.  This is certainly an issue that has motivated our approach to building the code assessment capabilities of the SWAMP.

We fully share your view that the issue of vulnerabilities in libraries is a serious and challenging problem. This has been well noted by the security research community and is seen in CWE and CVE reports associated with popular libraries.  And run-time (dynamic) tools are an important element of the solution to this problem.

In the SWAMP, we are taking a security-in-depth approach that enables software developers to combine both static and dynamic techniques when continuously assess their code.  In the static domain, this means the detection of libraries dependences at build time (a technology that the SWAMP supports) and then assuring that all components are assessed.  This approach can be made quite tractable by recording with library versions have already been assessed and reusing those results. In the dynamic domain, this means running tools that will follow execution into these dependence libraries and assess them.

As we move to include dynamic tools in the SWAMP, we would be happy to see a tool like Contrast include in the selection of tools that are part of our evolving marketplace.”

Join us for SWAMP’s Virtual Town Hall Meetings

Executive Session: Prioritizing Software Assurance for Risk Management

We’re getting excited about two events we’re hosting this week in collaboration with T.E.N., Inc. in Atlanta.

Tomorrow, January 22 from 2-3PM ET, our CTO and Director Miron Livny will co-present with NASA Ames Research Center’s Jerry Davis about the importance of software assurance. These two highly accomplished execs will discuss the role of software assurance in risk management and share their own experiences from the academic and government environments. It’s not too late to register and participate in the conversation. Miron and Jerry will be taking plenty of questions from the audience.

Register

Developer Session: Good Security Starts with Software Assurance

For developers, we’re hosting another open session featuring SWAMP’s Chief Science Officer Barton Miller and Cox Communications’ Phil Agcaoili. Both have experiences to share about best tools, practices and the importance of software assurance in the software development lifecycle.

Again, there will be plenty of time for questions from the audience, so please set aside the time to learn more about SwA and the SWAMP.

Register

More information from T.E.N.