The Cyber Security Division of the United States Department of Homeland Security has announced that its SWAMP project is now up and running. SWAMP is an acronym for the Software Assurance Marketplace and was created by the Department as an internet based, collaborative, open-source research environment that lets software developers run tests on their own software to check for lapses in security and improve performance. Developers can also interact with one another, exchange best practices, and generally pool their resources in order to streamline their products and improve their software assurance tools.
The Director of the DHS Cyber Security Division, Kevin Greene, has stated that the aim of SWAMP is to ultimately develop a “healthier and safer cyber environment” which he says begins with the creation and implementation of higher quality software.
SWAMP was designed and built in a state-of-the-art programming environment and gives users the opportunity to utilize a broad range of software packages in order to leverage community projects and test cases. It also allows them to deal with weaknesses in the software by way of specific assessment capabilities that consist of several open-source tools including Clang, CppCheck, and PMD. The assessment platforms also consist of over one hundred open-source software packages and the Cyber Division has plans to include commercial software assessment capabilities as well as binary and dynamic code assessments.
One of the main priorities of SWAMP is to ensure the security of the website which includes the protection of intellectual property by way of identity-based control platforms. Depending on the submitter’s desired level of security for their software, it can be submitted as either private or public.
Access to private software packages will only be granted to the project owners. Homeland Security made SWAMP available to a select few users earlier this year and has now made it available to users everywhere.