Software Assurance Marketplace to advance nation's cybersecurity
Hover over and click on each section to further explore various components.
Welcome to the Software Assurance Marketplace (SWAMP), a state-of-the-art facility designed to advance our nation's cybersecurity by improving the security and reliability of open source software. Working with open source software developers, software assurance tool developers and software security researchers, the marketplace offers no-cost access to a secure research facility with unparalleled analytical and reporting capabilities.
Funded by the U.S. Department of Homeland Security, the Software Assurance Marketplace focuses on open source software used in major data networks, scientific installations and the public health sector. Serving industry, academia and key government agencies, the Software Assurance Marketplace enables collaborators to improve software security and software analysis tool quality through rigorous testing and review known as continuous software assurance.
What is software assurance and why is it critical?
As defined by the U.S. Department of Homeland Security's Build Security In program, the software assurance process establishes confidence that software will function as intended, free from vulnerabilities intentionally or unintentionally inserted into the code. Today, much of our infrastructure—from the national power grid to communications equipment—relies on open source software, developed by multiple programmers working in collaborative environments.
By its very nature, open source software enables rapid technological progress. Yet the collaborative environments that encourage open source innovation have evolved without widespread access to tools and resources for effective cybersecurity assurance testing.
How we help
The Software Assurance Marketplace aids open source software developers and software assurance tool developers in the creation of more secure cyberinfrastructure by offering the capacity needed to continuously test and "rebuild" the code underlying critical infrastructure applications. The lab supports developers in evaluating the effectiveness of their work and employs integrated analytical and display functions that eliminate the problem of "false positives" during the reporting process.
Located in the Wisconsin Institutes for Discovery building on the UW–Madison campus, the Software Assurance Marketplace seeks to ensure broad access to the latest quality assurance tools and information available. We plan to start beta testing external applications and software assurance tools in October 2013 with broad public availability in January 2014.
An open source project
In addition to our primary mission of improving the quality of open source software assurance tools and enabling more secure open source software, our project itself is open source. Our goal is to enable other nations, commercial software suppliers or classified government agencies to take our system design and software to create their own version of the SWAMP. We will publish blueprints of our systems and hardware architecture and will make regular releases of the SWA-Metronome software that powers the Continuous Software Assurance Lab (CoSaLab). We expect to release our software under an open source license similar to the Apache License 2.0.
We need your help! If you are a software assurance tool developer, security researcher or open source software developer, we'd like your input as we build the Software Assurance Marketplace over the next year. Starting in October 2013, we'd like your help providing software assurance tools and open source software for our beta test period. Finally, in January 2014, we hope you make the Software Assurance Marketplace and its continuous software assurance services part of your software development life cycle. To get involved, contact Brooklin Gore at firstname.lastname@example.org, (608) 316-4302. To join the SWAMP community, subscribe to our mailing list. We'll be soliciting your input, and notifying you of events where you can engage the SWAMP community in person.
Who we are
The marketplace is operated by the core computational technology group at the Morgridge Institute for Research in collaboration with the University of Wisconsin–Madison's Middleware Security and Testing team, the National Center for Supercomputing Applications' Cybersecurity Directorate and Indiana University's Center for Pervasive Technology Institute.