×

SWAMP continues to expand platform of software assurance resources

MADISON, Wis., Sept. 24, 2015 (GLOBE NEWSWIRE) -- The Software Assurance Marketplace (SWAMP), an open facility funded by the Science and Technology Directorate of the Department of Homeland Security and operated by a partnership of four research institutions, has added three capabilities to its growing suite of continuous software assurance resources.



New features include the ability to assess software packages written for Ruby on Rails, support for two additional Android build systems, and access to Red Lizard's Goanna static analysis tool for programs written in C/C++.

These new additions further the SWAMP's commitment to broaden support for additional programming languages and to increase the number and variety of static analysis tools and platforms available to the software assurance community.

The SWAMP is a joint effort of four research institutions: The Morgridge Institute for Research in Madison, Indiana University, the University of Illinois at Urbana-Champaign, and the University of Wisconsin-Madison.

Ruby on Rails support follows the July 2015 introduction of language support and analysis tools for Ruby. Additionally, Brakeman and dawnscanner, two analysis tools specific to Rails, join the three existing tools for Ruby that are already part of the SWAMP: ruby-lint, RuboCop, and Reek. Support for additional scripting languages is under active development, with new arrivals scheduled before the end of the year.

Red Lizard Software, an independent software technology company based in Sydney, Australia, is now offering SWAMP users access to its static analysis tool, Goanna. As the second commercial entity to bring its analysis technologies to the SWAMP, Red Lizard's Goanna tool is a valuable resource for developers to assess their C/C++ programs for potential weaknesses.

"With half of the world's cyber-security breaches attributed to software vulnerabilities, we enthusiastically support DHS SWAMP's request to join their continuous security scanning initiative," says Dr. Ralf Huuck, CEO of Red Lizard Software. "We are proud to contribute our Goanna compliance and security analyzer for detecting and preventing security breaches of open source software and critical government infrastructure."

Adds Huuck: "We are confident that regular Goanna scans of critical open source and government infrastructure will provide an important building block to a more secure and robust cyberspace."
Adds Miron Livny, director of the SWAMP, housed at the Morgridge Institute for Research in Madison: "We are very pleased to have Red Lizard Software as partners in offering the open source developer and education communities easy access to a rich and powerful suite of analysis tools. It takes an international coalition of academic and commercial entities to translate the power of software assurance technologies into a more secure cyber infrastructure."

Android application developers that use Java can use the different Java and Android tools supported by the SWAMP to continuously analyze their code for potential weaknesses. The SWAMP now supports assessing software packages using the Gradle and Maven build systems, as well as Ant.

With the addition of Brakeman, dawnscanner, and Goanna, the SWAMP currently offers a total of 19 static analysis tools. Over the next quarter, the SWAMP team will continue to add supported languages (JavaScript, Groovy, PHP) and analysis tools (GrammaTech's Code Sonar, CodeNarc, JavaScript Lint, JSHint, PHP CodeSniffer, and RIPS).

ABOUT THE SWAMP

SWAMP (Software Assurance Marketplace) is devoted to advancing the capabilities and to increasing the adoption of software assurance technologies through an open continuous assurance facility. The SWAMP project is funded by the Department of Homeland Security Science & Technology Directorate. The SWAMP facility that went live in February 2014 offers free services that include access to 19 software assurance tools, a library of more than 280 open-source code samples with known vulnerabilities to help developers improve the quality of their static and dynamic testing tools, project management and automation tools, and high throughput computing capacity. For more information, visit the SWAMP at continuousassurance.org.

CONTACT: Brian Mattmiller, bmattmiller@morgridge.org, 608-316-4332Source:Morgridge Institute for Research