About SWAMP-in-a-Box

What is the SWAMP?

Software is a crucial component of daily living, affecting our privacy, worldwide economic structures, and the services we depend on every day. With the increasing rate of security breaches, today’s applications need to be built more securely at the code level, and that code needs to be tested regularly. The Software Assurance Marketplace was developed to make it easier to consistently test the quality and security of these applications and bring a transformative change to the software assurance landscape by reducing the number of weaknesses deployed in software.

Why use the SWAMP?

Different people use the SWAMP for different reasons. Why you participate in the Software Assurance Marketplace depends on your goals. Be assured that however you may choose to use the SWAMP, you are in full control of your data. You decide whether to make your results public or private or shared with just those you trust.

  • Software Developers

    use the SWAMP with the available software assurance tools to analyze their software. If they learn about a security weakness in their code, they can fix it. Finding the weaknesses is the hard part. Manually reviewing code to find all the security weaknesses and vulnerabilities in software is a tedious and labor-intensive job. Each operating system that runs their software can present new opportunities for security weaknesses. The SWAMP automates finding the weaknesses in their code on multiple operating systems.
  • Software Assurance (SwA) Tool Developers

    use the SWAMP to help software developers assess their code. Developing static code analysis tools to automate the detection of security weaknesses and vulnerabilities is a great service to the software community at large! But it is a challenging endeavor. The SWAMP makes their life easier with its wide assortment of software packages to test against and other tools to compare their tool against.
  • Educators

    use the SWAMP to help their Students learn about the importance of software assurance. Many software developers do not use software assurance tools because either they are unaware of the available tools or they are too busy to learn how to use static code analysis tools effectively. The SWAMP provides a one-stop shop equipped with the most instructive code examples and the best SwA tools for the most used programming languages. Plus, the SWAMP makes training the next generation to use software assurance techniques available at no cost!
  • IT Infrastructure Operators

    use the SWAMP to improve their organization’s return on investment. No organization knowingly would put itself at risk operating with software having security vulnerabilities. Learning whether a piece of software is secure can be a time-consuming, expensive endeavor – especially considering all the software components in IT operations. Organizations concerned with supply chain risk management find the SWAMP a cost-effective means towards a sound software assurance policy.

The SWAMP Team

The SWAMP project is led by a team at the Morgridge Institute for Research at the University of Wisconsin, Madison. The leaders and scientific team members of the Software Assurance Marketplace have a long and accomplished history of working together. Some of the joint work has taken place in the context of large collaborations that span a wide range of institutions, involve diverse groups of stakeholders and serve a broad range of needs and expectations. Over more than 10 years, team members have developed the interpersonal relationships and skills needed to lead the Software Assurance Marketplace to success. Team members recognize the challenges of working in complex environments and intend to translate the concept of the Software Assurance Marketplace into a force that advances the state of the art and promotes the adoption of technologies to improve our nation's cybersecurity.

Join the SWAMP Community

to our mailing list. We'll notify you of events interesting to the SWAMP User Communities.

SWAMP Funding and Support

The SWAMP is funded by the Department of Homeland Security (DHS) Science and Technology Directorate, Homeland Security Advanced Research Projects Agency, Cyber Security Division (DHS S&T/HSARPA/CSD)