MADISON - Secure Decisions, a leading provider of assessment tools to enhance software security, is partnering with the Software Assurance Marketplace (SWAMP) to build a powerful and publicly accessible resource to improve the software that drives everyday life.
SWAMP, housed in the Morgridge Institute for Research, is funded by the Department of Homeland Security (DHS) to accelerate software security practices by building a free testing facility with a wide range of assessment tools available for public and private industry use. It is powered by an advanced computing platform that can handle software of any size.
"Software security has not become a full-blown industry imperative yet, but it needs to be," says Miron Livny, the Morgridge Institute chief technology officer and director of SWAMP. "There is a false sense that network security systems are all that's needed, but systems are so interconnected today there is no true perimeter left on a network."
The partnership with Secure Decisions, a division of New York-based Applied Visions, Inc., adds another powerful tool to the lineup. Secure Decisions is providing a customized version of its Code Dx product to be distributed as part of SWAMP. Code Dx is an important visualization tool that simplifies the remediation process by correlating results from multiple tools into a central platform.
"Adding Code Dx to the SWAMP infrastructure improves the remediation process by making the testing results much easier to consume for today's software developers and security professionals," says Kevin Greene, program manager for the DHS Security and Technology Cyber Security Division.
"It's well known that different software analysis tools have different strengths, and SWAMP provides easy access to all of these tools combined with a powerful analysis platform to handle code of all sizes. Code Dx provides the most effective way to analyze and act on all the data while also reducing the number of false positives that typically plague software testers."
The stakes are very high to improve software integrity for government and industry, Greene adds. Most of the major cases of breached security involve attacks on compromised software applications rather than the traditional attack vector on corporate networks. For example, Target Corp. officials reported the 2013 breach affecting millions of customers resulted from an intruder who stole a vendor's credentials to access its system and place malware on its point-of-sale registers.
As more applications are being deployed via the Internet and delivered through wireless networks, the software applications themselves are more vulnerable to attack than ever, requiring the industry to take greater interest in ensuring the application code is resilient.
Livny says one important contribution of SWAMP will be to make all the existing tools better through a more robust testing environment. As SWAMP adds new assessment tools to its capabilities, Secure Decisions will create new adaptors to make them functional within Code Dx.
"We are constantly adding support for more open source software assurance tools and programming languages in Code Dx," says Ken Prole, Principal Investigator at Secure Decisions. "It's essential that we continue to expand the depth and breadth of Code Dx capabilities so SWAMP and its technologies are always on the leading edge."
Larger companies that already have in-house network and software security tools can add the SWAMP resource as a supplement. It will eliminate the need for companies to invest in every relevant assessment tool because SWAMP's mission is to stay on top of the field and implement new tools as they arise, Livny says.
To learn more about using SWAMP resources, contact Program Manager Patrick Beyer at 608-316-4664, firstname.lastname@example.org. ###