The Homeland Security Agency is primarily dedicated to protecting the United States from external threats. While these efforts have typically centered on the physical realm, now the DHS is turning its attention to the digital realm. As ZDNet contributor Steve J. Vaughan-Nichols recently highlighted, the DHS now offers a service specifically designed to help organizations examine open source software code for potential security threats.
Open source verification
The new service, announced during OSCon, is called the Software Assurance Marketplace and known as SWAMP. As Patrick Beyer, project manager for SWAMP at the Morgridge Institute for Research, explained to the news source, the purpose of this project is to ensure that government agencies remain safe and secure when leveraging open source solutions.
"With open source's popularity, more and more government branches are using open-source code. Some are grabbing code from here, there and everywhere," Beyer explained, the source reported. "We're the one place you can go to check into the code."
The program is funded by a $23.4 million grant from the Department of Homeland Security Science & Technology Directorate, Vaughan-Nichols explained. It was designed by researchers from several schools, including the University of Indiana and the University of Wisconsin-Madison. The writer explained that the researchers involved in the initiative bring expertise in a number of fields, such as national distributed facilities and identity management.
Static analysis tools
As the writer explained, SWAMP relies on static code analysis tools to examine open source software for potential security vulnerabilities. With these solutions, users can conduct scans without the need to actually execute the problems in question.
"These static analysis tools review program code and search for application coding flaws, unintentional or intentional, that could give hackers access to critical company data or customer information," SWAMP explained, the source reported
SWAMP also provides users with nearly 400 open source software packages designed to allow developers to improve their software projects, Nichols-Vaughan noted.
Beyer emphasized that SWAMP users will not need to worry about potential privacy concerns.
"All SWAMP activities performed by users are kept completely confidential," Beyer said, according to the news source. "The only one who sees your code are you and the SWAMP system administrators. In no way does testing your programs on SWAMP give the government any access, control or rights to your programs."
Open source in the public sector
As Beyer noted, open source solutions are becoming increasingly popular for public sector organizations at every level and around the world. Among the key reasons for this trend is open source's superior flexibility and potential for cost-savings, as Government Computing highlighted.
According to the source, government agencies now realize that open source tools provide a greater degree of control over how the software is implemented and utilized. Furthermore, many proprietary software providers require aggressive, inflexible contracts, a fact which is turning even more public sector organizations toward open source options.