Company Performance Metrics
The Software Assurance Marketplace (SWAMP) is an open, no-cost, high-performance computing platform designed to serve as a resource to the software community. Created to advance the state of cybersecurity, protect critical infrastructures, and improve the resilience of open-source software (applications, libraries, etc.), the ultimate goal of the
SWAMP is to provide higher quality and more secure software for government agencies, businesses, academia, and end users. The SWAMP was developed to lower the barriers for software and tool developers, researchers, and educators/students (Audience/User Groups) to do continuous software assurance. By offering multiple software analysis tools and a library of software applications with known vulnerabilities, the SWAMP is committed to making it easier to integrate security into the software development life cycle.
There are two ways to use the SWAMP: the ready-to-use cloud computing platform at mir-swamp.org and the SWAMP-in-a-Box (SiB) open-source distribution downloadable from GitHub. The SWAMP (mir-swamp.org) went live in February 2014 and is hosted at the Morgridge Institute for Research in Madison, Wisconsin. This shared, secure facility offers advanced networking capabilities and robust hardware to meet the continuous assurance needs of multiple software and tool development projects. Coupled with HTCondor, an open-source workload scheduling and compute management system, the SWAMP provides a powerful and easy-to-use environment to support high-volume continuous software assurance across a broad set of platforms that are embedded in a distributed environment. They provide an environment that enables run isolation and additional platform version choices. These machines are provisioned in a flexible, secure network setting that provides unique configurations to support and scale to meet the needs of the most demanding testing scenarios.
Since software security testing requires the use of multiple tools to perform a comprehensive analysis, the SWAMP hosts a wide library of both commercial and open-source assurance tools to enable software projects of any size to be thoroughly and quickly tested for weaknesses. The SWAMP provides access to an integrated results viewer that compiles and prioritizes all of the test results into one central platform. This allows users to easily visualize the detected security weaknesses from all of the tools used and quickly remediate the most critical defects. By incorporating the SWAMP into the software development life cycle, it is easier to find vulnerabilities before that software is deployed for use or released to the public.