This week, May 12-14, the SWAMP hosted a Principal Investigators Meeting at the Morgridge Institute for Research in Madison, WI. Over 30 attendees from across the country gathered to share their most recent developments. Each day featured a rousing discussion pertaining to continuous software assurance and secure coding, including topics like Heartbleed, the state of software assurance, and collaborating with the SWAMP.
Tag Archives: madison
Judy Newman, business reporter for the Wisconsin State Journal and Madison.com spent some time talking with CTO Miron Livny, Project Manager Patrick Beyer and Outreach Coordinator, Karen Hitchcock about SWAMP. Here’s her story:
February 04, 2014 5:10 am • JUDY NEWMAN | Wisconsin State Journal | firstname.lastname@example.org | 608-252-6156
A new project based in Madison aims to root out software vulnerabilities that can leave the door open for viruses, website hacking or other forms of cybercrime, estimated as a $100 billion industry.
The SWAMP, or the Software Assurance Marketplace, is a collaboration of the private, nonprofit Morgridge Institute for Research along with UW-Madison, Indiana University and the University of Illinois at Champaign-Urbana.
Armed with a $23.4 million grant from the U.S. Department of Homeland Security, the SWAMP is offering its services — for free — to companies, software developers and consumers.
The goal is to improve software security, said Miron Livny, the SWAMP’s director and chief technology officer.
“The assumption is that in order to accomplish that, we have to offer better tools to find the security defects in software and we have to increase or expand the adoption or the usage of these tools,” Livny said.
The SWAMP has not designed its own security tools, but it has amassed those already available for public use, called open source software, and is making them available to the public. They can identify potential leaks or weaknesses in the software that might let scammers either take over a computer or program it to make mischief or commit fraud.
“The idea is that if you have a piece of software and you want to run it against the tools, you can bring (upload) it to the SWAMP and we will keep everything that you do confidential,” Livny said.
With security breaches over the holidays for retailers such as Target and Neiman Marcus, and more recent breaches involving several major hotel chains, Internet security has become a pressing concern, Livny added.
“This is a national issue. We all recognize how vulnerable our software is,” Livny said.
The SWAMP project has created 27 jobs, including 22 full-time positions in Madison, project manager Patrick Beyer said.
He said the federal grant will keep it operating for at least five years. After that, “it is our hope that based on the value we provide, we will continue to receive government support,” Beyer said.
Well, we’re about to find out! I’m happy to report that initial beta testing is going quite well. SWAMP is up and running, allowing users to experiment with assessment runs on packages and tools, such as FindBugs and PMD and more. Users can also upload their own Java packages and schedule assessment runs using four open source tools to discover vulnerabilities, from the moderate to the severe.
One of the objectives held by the Department of Homeland Security Science and Technology Directorate is to improve software security and assurance testing education for future generations. To this end, SWAMP has engaged Madison, Wisconsin’s West High School’s Computer Science classes to help us beta test the SWAMP. Next week, we’ll introduce the concept of beta testing and package assessments to these young students. Kudos to their teacher for bringing a real world scenario into the classroom!
Stay tuned for updates about our collaboration with these high schoolers!