The nation’s critical infrastructure (energy, transportation, telecommunications, banking and finance, and more), businesses and services are extensively and increasingly controlled and enabled by software. However, vulnerabilities in that software put those resources at risk. This risk is compounded by software size and complexity, the ways in which software is developed and maintained, the use of software produced by non-vetted suppliers, and the interdependence of software systems. The President’s “National Strategy to Secure Cyberspace (2003)” clearly states the need to “reduce and remediate software vulnerabilities”.
In recent years, the open source technology model has gained considerable momentum in the commercial market as well as throughout government information technology (IT) systems. Thousands of open source software systems and tools are used across the federal government. Such software is often less than fully tested, with uncoordinated maintenance, development, and use. The need for assured software is reflected in multiple sections of the “Federal Plan for Cyber Security and Information Assurance Research and Development” as well as sector-specific documents, including those from the Finance Sector.
The Software Quality Assurance project will develop tools, techniques and environments for analyzing software to detect security vulnerabilities associated with our Nation’s critical infrastructure and networks. Specifically, this project addresses the presence of internal flaws and vulnerabilities in software and deals with the root of the problem by improving software security. Test environments for these tools will also be built; one such facility is the SoftWare Assurance Market Place (SWAMP), which will develop research infrastructure that can be used by open source and commercial software product developers to test the security functionality of their software using source code analysis techniques to discover and eliminate vulnerabilities from large codebases.
Project Performers
Prime: Applied Visions, Inc | Sub: None
Month Year | Document Title | Download |
---|---|---|
October 2012 | Code Pulse: SwA Visual Analytics for Dynamic Analysis Code | PDF (3.1 MB) |
Prime: HRL Laboratories, LLC | Sub: Stevens Institue of Technology
Month Year | Document Title | Download |
---|---|---|
October 2012 | Tunable Information Flow |
Prime: Kestrel Technology, LLC | Sub: None
Month Year | Document Title | Download |
---|---|---|
October 2012 | A “Gold Standard” Method for Benchmarking C Source Code Static Analysis tools | PDF (1 MB) |