Software Assurance            Software Hardening            Autonomic Computing

Software Assurance Marketplace (SWAMP) Announces Partnership with GrammaTech

Madison, WI – The SoftWare Assurance MarketPlace (SWAMP) announced that it has formed a partnership with GrammaTech, as well as Parasoft, Red Lizard, and Veracode, in order to enhance the software security services offered by the SWAMP. Adding to Secure Decisions, an existing partner, these companies’ tools will broaden the SWAMP’s capabilities, enabling the facility, funded by the Department of Homeland Security Science and Technology Directorate (DHS S&T), to further advance the state of cyber-security, better protect the nation’s critical infrastructure, and improve the resiliency of open-source software.

"Software applications have become a core fabric to all aspects of our lives and are integral for the operation of our cars, home appliances, medical devices and, of course, our mobile devices. Software even powers the critical infrastructures that support our daily life support needs such as electricity and water," said Software Assurance Manager Kevin E. Greene of The Department of Homeland Security Science and Technology Directorate (DHS S&T). "The Department of Homeland Security funded the SWAMP because these software applications are quickly moving from behind the protection of corporate firewalls onto the web, making the need for improved software assurance capabilities more essential than ever to provide a first line of defense in protecting our nation’s critical infrastructure and e-commerce environments."

Designed to accelerate the adoption of continuous software assurance practices, the SWAMP facility acknowledges the power of using multiple tools to create a comprehensive view of an application’s vulnerabilities. GrammaTech’s CodeSonar is now one of the tools available to SWAMP users. Designed for zero-tolerance defect environments, CodeSonar helps developers eliminate the most costly and hard-to-find defects, and analyzes both source code and binaries. The binary analysis capability enables users to analyze software components even when source code is unavailable. CodeSonar’s new distributed analyses capability, developed through DHS S&T funding, provides efficiency for running in large clusters of computers. As a result, CodeSonar’s unique ability to exploit the power of distributed computing makes it particularly well suited to the SWAMP high throughput computing environment.

"GrammaTech is proud that SWAMP is using CodeSonar to analyse source code and binaries. SWAMP combines deep security expertise, state-of-the-art software-assurance tools, and, more importantly, a vision of how to make it easier for organizations to benefit from software-assurance technologies," said Dr. Paul Anderson, Vice President of Engineering at GrammaTech "As a result, SWAMP is positioned particularly well to address the growing software-security challenge."

Mark Zarins, Vice President of Sales at GrammaTech, will be speaking at 3pm today on a SWAMP-hosted panel at OWASP's APPSEC USA in Denver, CO.

About GrammaTech:
Originally founded as a spin-off from Cornell University to commercialize software developed by Tim Teitelbaum and Thomas Reps at Cornell’s computer science lab, GrammaTech is a leading developer of software-assurance tools and advanced cyber-security solutions. GrammaTech’s tools are used by software developers worldwide, spanning a myriad of industries including avionics, medical, industrial control, and other applications where reliability and security are paramount. With both static and dynamic analysis techniques that analyze source code as well as binary executables, GrammaTech provides superior static analysis for better software.

About the SWAMP:
The SWAMP, (SoftWare Assurance MarketPlace) is a Department of Homeland Security funded facility designed to reduce the cost and complexity challenges of software assurance testing. SWAMP consists of a no-cost security testing platform that offers high throughput computing services combined with a comprehensive array of software security testing tools. The SWAMP also includes a broad library of open-source code samples with known vulnerabilities to help developers improve the quality of their static and dynamic testing tools. All SWAMP activities performed by users will be kept confidential although sharing is encouraged to create a collaborative platform for innovation. The SWAMP was funded to advance cybersecurity, protect critical infrastructures and improve the reliability of the open-source software used extensively throughout the software community. SWAMP is a joint project run by the Morgridge Institute for Research in Madison, Wisconsin; Indiana University; the University of Illinois at Urbana-Champaign; and the University of Wisconsin-Madison. For more information, please contact the SWAMP atwww.continuousassurance.org.