Title: Bringing Continuous Assurance to your code with the SWAMP
The Software Assurance Marketplace (SWAMP) is a publicly available, open source, no-cost service that provides continuous software assurance capabilities and static code analysis to developers. Using multiple tools to regularly scan software is the cornerstone of continuous assurance – the practice of integrating software assurance into the continuous cycle of software development. Offering over 30 static analysis tools and support for 10 programming languages, the SWAMP’s high throughput computing infrastructure handles a large volume of assessments.
Try the SWAMP on the web at mir-swamp.org or download SWAMP-in-a-Box, a standalone application for on-premises software assurance. Plug-ins are also available for Eclipse, Jenkins, and Git/Subversion.
The SWAMP project is funded by the Department of Homeland Security Science & Technology Directorate and is a joint effort of four research institutions – The Morgridge Institute for Research, Indiana University, the University of Illinois at Urbana-Champaign, and the University of Wisconsin-Madison.
Learn more at continuousassurance.org.
Barton Miller is the Vilas Distinguished Achievement and the Amar & Belinder Sohi Professor of Computer Science at the University of Wisconsin-Madison. He is Chief Scientist for the DHS Software Assurance Marketplace research facility and is Software Assurance Lead on the NSF Cybersecurity Center of Excellence. In addition, he co-directs the MIST software vulnerability assessment project in collaboration with his colleagues at the Autonomous University of Barcelona. He also leads the Paradyn Parallel Performance Tool project, which is investigating performance and instrumentation technologies for parallel and distributed applications and systems. His research interests include systems security, binary and malicious code analysis and instrumentation extreme scale systems, parallel and distributed program measurement and debugging, and mobile computing. Miller’s research is supported by the U.S. Dept. of Homeland Security, U.S. Dept. of Energy, National Science Foundation, NATO, and various corporations.
In 1988, Miller founded the field of Fuzz random software testing, which is the foundation of many security and software engineering disciplines. In 1992, Miller (working with his then-student, Prof. Jeffrey Hollingsworth), founded the field of dynamic binary code instrumentation and coined the term “dynamic instrumentation.” Dynamic instrumentation forms the basis for his current efforts in malware analysis and instrumentation.