SWAMP expands portfolio of open-access software assurance tools

SWAMP expands portfolio of open-access software assurance tools

Morgridge Institute for Research

SWAMP-logo313pxThe Software Assurance Marketplace (SWAMP) has added three new services to its suite of assurance offerings, including support for software written in Ruby, support for Android software written in Java, and access to Parasoft’s Jtest and C/C++test static analysis tools.

The new services are a big step in ongoing efforts by the SWAMP team of researchers, developers, and operators to meet the growing demand for easier access to a diverse range of software assurance capabilities through an open and dependable facility.

Ruby joins Python as the second scripting language supported by the SWAMP and provides the necessary stepping-stone for Ruby on Rails support, scheduled for launch later this summer. Support for the JavaScript and PHP languages is under development. By the end of 2015, the SWAMP facility will support a total of eight languages.

Through a partnership with Parasoft, an independent software vendor, SWAMP users can for the first time include the assessment results of commercial tools in the search for weaknesses in their software. Alongside open source tools, Parasoft’s Jtest and C/C++test are the first commercial static analysis tools to be offered to SWAMP users, bolstering multi-tool support for the Java and C/C++ programming languages.

“With the help of Secure Decision’s Code Dx, Java and C/C++ developers can concurrently use multiple tools to analyze their code,” says Bart Miller, chief scientist of the SWAMP. “These include five tools for Java, four tools for C/C++, and one for Android-specific Java programs.”

Support for Android software opens the door for a new segment of the software developer community to benefit from the SWAMP services, adds Miller. Android application developers that use Java can now use the different tools supported by the SWAMP to continuously analyze their code for potential weaknesses. “Because each tool looks at the software differently, multiple analysis runs increase the likelihood of finding a weakness or vulnerability in the software being scanned,” says Miller.

Arthur Hicken, chief evangelist of Parasoft, says that static code analysis has proven to be the best technology to help software development teams get out in front of security problems and harden their code.

“We’re excited to be working with the SWAMP and having our static analysis tools included in their offerings,” Hicken says. “The opportunities for developers to produce better code, as well as feedback for tool vendors such as ourselves, makes everyone’s software more secure.”

Adds Miron Livny, director of the SWAMP, housed at the Morgridge Institute for Research in Madison: “We are very pleased to have Parasoft as partners in offering the open source developer and education communities easy access to a rich and powerful suite of analysis tools. It takes a broad coalition of academic and commercial organizations to increase the impact of software assurance technologies on the security of our infrastructure.” Read more …