Software controls so many aspects of our lives. Software developers work hard to make their software secure and do their best to remove all potential weaknesses. The Software Assurance Marketplace, or “SWAMP,” is dedicated to helping place the best possible tools in the hands of these developers and to train them to get the most out of these tools through its shared facility.
SWAMP lowers the barriers for researchers, educators, and software and tool developers to do continuous software assurance by offering multiple software analysis tools and a library of software applications with known vulnerabilities.
According to their websites, the capabilities of SWAMP include:
- Operates on the original source code
- Tracks problems down to the location in the original code
- Relatively quick and easy to use
- Provides complete code coverage
- Create projects
- Invite new members
- Share assessment results
- View results using Code Dx™
- Compare results from multiple tools
- Find and visualize overlaps
- Correlate results
Who can benefit from the SWAMP?
- Commercial software developers – create better products
- Open source software developers – write code that will withstand rigorous code review
Students and educators
- Learn secure coding practices
- Learn to use industry standard tools
- Learn how to fix the problems the tools report
- Learn to use the SWAMP
Software assurance professionals
- SwA tool developers – test SwA tools against hundreds of curated software packages
- SwA researchers – analyze a large body of assessment results from many tools and packages
They’re currently reaching out to software developers, educators, students, and tool developers to join the marketplace. For more information on SWAMP, visit their website at mir-swamp.org.