In a move to secure software by enabling developers to evaluate their products against realistic test cases, 9,700 real-world software examples ended up added into a massive SWAMP.
That is because the Department of Homeland Security (DHS Science and Technology Directorate (S&T) completed the integration of the 9,700 test cases from the Static Tools Analysis Modernization Project (STAMP) into the Software Assurance Marketplace (SWAMP). The test cases are known as the BugInjectors.
“Software powers most of the nation’s economy and critical infrastructure,” said William N. Bryan, DHS Senior Official Performing the Duties of the Under Secretary for Science and Technology. “Through this accomplishment, S&T is creating capabilities to improve software assurance while meeting the national level objectives outlined in the DHS Cybersecurity Strategy and 2016 Federal Cybersecurity Research and Development (R&D) Strategic Plan.”
SWAMP and STAMP are two of the research projects under the DHS S&T Software Assurance Program. The STAMP project is an approach to modernizing and advancing the capabilities of static analysis tools. STAMP’s goal is to improve tool coverage and seamlessly integrate it into the software delivery pipeline to achieve “security at speed” in the software development process. SWAMP provides a national marketplace of continuous software assurance capabilities for software assurance researchers and developers intended to reduce vulnerabilities deployed in software system. To do this, the SWAMP requires a robust repository of test cases for software evaluation.
“The addition of these real-world test cases to the SWAMP is significant as software and tool developers often don’t have access to realistic test data,” said Mary McGinley, S&T’s Director of Physical and Cyber Security. Through the integration of two software assurance projects, we expect this will help improve software quality.”
The BugInjector cases are available directly though S&T-funded performer Grammatech or through the SWAMP website.