Tag Archives: SWA

Post-IOC Planning: Pushing the SwA Agenda

Normally, “pushing an agenda” is seen in a negative light, but we’re proud to be pushing a software assurance “agenda.” What we mean, of course, is that we’re passionate about increasing awareness about the importance of software assurance in our digital world and making SwA tools more widely available to those who need them.

It's not too early to learn software assurance in middle and high school.

It’s not too early to learn software assurance in middle and high school.

Through our development and IOC preparations, we’ve had numerous conversations with developers, tool researchers, infrastructure operators and educators about the tools available for assurance. We’ve talked to government organizations, private companies and open source advocates and have received overwhelming support for our efforts. Our platform is freely available to anyone who is interested improving software quality/security.

We’re particularly excited about some conversations with college professors and high school instructors who would like to incorporate the SWAMP in their CS curriculum. We know that reaching and teaching our youth about quality coding will be critical in shaping our future digital world.

If you’re an educator and are interested in using the SWAMP in your class, we want to hear from you. Please contact Irene Landrum, who will help you get started. Whether you want to have your students use existing software packages to learn about vulnerability detection or upload their own, we can help make the process easy and quick.

Have other ideas? We’re open to suggestions. We’re here to help support the development and education community, so let us know how we can help.

Miron Livny Speaks at WIN

Miron spoke at the Wisconsin Innovation Network Luncheon on cybersecurity Tuesday, Feb. 26, 2013, along with Josh Bressers of Red Hat.

There were roughly 40 attendees who offered many questions on the general topic of cybersecurity and how the SWAMP will play a role in improving software security.

Josh is the front-end security lead for Red Hat. By front-end he means all the things that make Red Hat software more secure BEFORE it leaves the door. That includes developer education related to secure coding practices (really just getting started here), as well as manual and automated analysis.

After the lunch, Josh spent a bit of time with the MIR SWAMP team and the UW’s Jim Kupsch, discussing broad ways in which Red Hat and SWAMP could potentially collaborate including:

  1. Development, sharing and dissemination of secure coding practice educational materials
  2. Sponsoring or contributing to open source SWA tool development
  3. Using SWAMP for some of their ‘front end’ security operations

Josh also mentioned a Fedora project called Firehose – An Interchange Format for Static Code Analysis Results – a capability we are interested in supporting in SWAMP.