The Software Assurance Marketplace (SWAMP) has partnered with Synopsys, an industry leader in software security and quality, to expand its suite of assurance tools in support of the academic community.
In support of educators training the next generation of software developers on secure coding practices, the SWAMP’s continuous assurance platform has added Synopsys Static Analysis (Coverity), a widely used static analysis tool produced by Synopsys, that scans C and C++, the programming languages used by more than one in five programmers worldwide. Synopsys Static Analysis (Coverity), which was recently named a Leader in The Forrester Wave: Static Application Security Testing, marks the fourth industry tool incorporated into the SWAMP’s open and accessible assurance facility. As a result of this partnership, educators can integrate Coverity into their curricula through the SWAMP at no cost.
“Synopsys Static Analysis (Coverity) is a widely respected tool in the software assurance community and is a valuable addition to the SWAMP,” says Barton Miller, University of Wisconsin–Madison professor of computer science and chief scientist of the SWAMP.
“We see a critical need to increase the workforce trained in the best practices of software security,” adds Miller. “Our partnership with Synopsys significantly furthers our efforts to reach educators and provide more trained practitioners.”
“Joining forces with Synopsys in including award-winning software assurance capabilities in our marketplace is an important step in the implementation of our vision,” says Miron Livny, SWAMP director and chief technology officer for the Morgridge Institute for Research. “Our goal at SWAMP is to establish an assurance ecosystem by incorporating a rich suite of tools, and in adding Synopsys Static Analysis (Coverity), we make a significant step in achieving this goal in support of education and cybersecurity workforce development.”
The SWAMP has a unique focus on workforce development and is partnering with universities to integrate software assurance into the curriculum. Miller says the Synopsys Static Analysis (Coverity) launch will be especially valuable to the academic community since the C and C++ languages are commonly used in educational settings. Students who are learning to code and refine their programming skills will have an additional tool to evaluate their software for errors, expanding their resources for developing dependable and secure code.
Few aspects of everyday life are not touched by software, from commerce to energy to healthcare sectors. Weaknesses in software code are the most common targets of security breaches. The SWAMP’s goal is to help eliminate those weaknesses before they are deployed and become exploited vulnerabilities by integrating effective software assessment techniques into the developer’s work cycle.
Its most important benefit to developers and educators has been providing an integrated, one-stop environment for programmers to analyze their code across a wide range of commercial and open-source tools — and providing the combined feedback in a single results viewer.
The Software Assurance Marketplace is a joint effort of four research institutions – The Morgridge Institute for Research, Indiana University, the University of Illinois at Urbana-Champaign, and the University of Wisconsin–Madison – to advance the capabilities and to increase the adoption of software assurance technologies through open continuous assurance technologies and a shared facility. The SWAMP project is funded by the Department of Homeland Security Science & Technology Directorate. Services include access to high throughput computing capacity, 30 software assurance tools, and a library of more than 280 open-source code samples with known vulnerabilities to help developers improve the quality of their static and dynamic testing tools.