Academia and industry partner to boost network security

Secure Decisions, a provider of assessment tools to enhance software security, has partnered with the Software Assurance Marketplace (SWAMP) to build a powerful and publicly accessible resource to improve the software that drives everyday life.

SWAMP, housed in the Morgridge Institute for Research at the University of Wisconsin-Madison, is funded by the US Department of Homeland Security (DHS) to accelerate software security practices by building a free testing facility with a wide range of assessment tools available for public and private industry use. It is powered by an advanced computing platform that can handle software of any size.

“Software security has not become a full-blown industry imperative yet, but it needs to be,” says Miron Livny, the Morgridge Institute CTO and director of SWAMP. “There is a false sense that network security systems are all that’s needed, but systems are so interconnected today there is no true perimeter left on a network.”

Secure Decisions, a division of New York-based Applied Visions, is providing a customised version of its Code Dx product to be distributed as part of SWAMP. Code Dx is a visualisation tool that simplifies the remediation process by correlating results from multiple tools into a central platform.

“It’s well known that different software analysis tools have different strengths, and SWAMP provides easy access to all of these tools combined with a powerful analysis platform to handle code of all sizes,” says Kevin Greene, program manager for the DHS Security and Technology Cyber Security Division.

“Code Dx provides the most effective way to analyse and act on all the data while also reducing the number of false positives that typically plague software testers.”

The stakes are high to improve software integrity for government and industry, Greene adds. Most of the major cases of breached security involve attacks on compromised software applications rather than the traditional attack vector on corporate networks.

As more applications are being deployed via the internet and delivered through wireless networks, the software applications themselves are more vulnerable to attack than ever, requiring the industry to take greater interest in ensuring the application code is resilient.

Livny says one important contribution of SWAMP will be to make all the existing tools better through a more robust testing environment. As SWAMP adds new assessment tools to its capabilities, Secure Decisions will create new adaptors to make them functional within Code Dx.

Larger companies that already have in-house network and software security tools can add the SWAMP resource as a supplement. It will eliminate the need for companies to invest in every relevant assessment tool because SWAMP’s mission is to stay on top of the field and implement new tools as they arise, Livny says.

Image courtesy Dennis van Zuijlekom under CC.