DHS adds 9,700+ real-world benchmarks to software assurance marketplace

The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) recently completed the integration of more than 9,700 real-world software test cases from the Static Tools Analysis Modernization Project (STAMP) into the Software Assurance Marketplace (SWAMP), the agency announced January 31. The test cases, known as BugInjector cases, improve software by enabling developers to evaluate their products against realistic test cases.

“Software powers most of the nation’s economy and critical infrastructure,” said William Bryan, DHS senior official performing the duties of the under secretary for science and technology. “Through this accomplishment, S&T is creating capabilities to improve software assurance while meeting the national level objectives outlined in the DHS Cybersecurity Strategy and 2016 Federal Cybersecurity Research and Development (R&D) Strategic Plan.”

SWAMP and STAMP are two of the research projects under the DHS S&T Software Assurance Program. The STAMP project is a revolutionary approach to modernizing and advancing the capabilities of static analysis tools. STAMP’s goal is to improve tool coverage and seamlessly integrate it into the software delivery pipeline to achieve “security at speed” in the software development process. The SWAMP provides a national marketplace of continuous software assurance capabilities for software assurance researchers and developers intended to reduce vulnerabilities deployed in software system. To do this, the SWAMP requires a robust repository of test cases for software evaluation.

“The addition of these real-world test cases to the SWAMP is significant as software and tool developers often don’t have access to realistic test data,” said Mary McGinley, S&T’s director of physical and cyber security. Through the integration of two software assurance projects, we expect this will help improve software quality.”

Source: DHS S&T