DHS introduces cybersecurity solution for open source software

In an effort to improve cybersecurity among federal agencies, the Department of Homeland Security recently introduced a new service designed to examine open source software solutions for potential vulnerabilities and bugs, ZDNet reported.

The service, called the Software Assurance Marketplace (SWAMP), is funded via a $23.4 million grant for the Department of Homeland Security Science & Technology Directorate. According to the news source, the program was designed by researchers from a number of universities, including the University of Illinois-Champaign/Urbana and University of Indiana.

Open source popularity
The impetus for developing SWAMP came about in response to the growing use of open source tools in the public sector, as Patrick Beyer, project manager for SWAMP at the Morgridge Institute for Research, explained.

"With open source's popularity, more and more government branches are using open-source code. Some are grabbing code from here, there and everywhere," said Beyer, the news source reported. "[Consequently] there's more and more concern about the safety and quality of this code."

ZDNet contributor Steven J. Vaughan-Nichols pointed out that this has been a long-developing trend. For years, federal agencies have leveraged open source software for a variety of purposes. As an example, he noted that NASA first began to use Linux in the 1980s.

Additionally, Government Computing recently reported that government agencies at every level, including those in other nations, are increasingly turning to open source offerings to enjoy greater flexibility and cost-savings. Proprietary software providers often attempt to lock clients into aggressive, unchangeable contracts which can prove very limiting for government departments, while open source provides much more freedom. This is particularly important as agencies continue to upgrade their IT operations.

Securing open source
In order to ensure that the open source solutions used by government agencies are secure, the SWAMP service will provide users with five static analysis tools. As the news source explained, these tools analyze open source code, searching for potential security defects without the need to actually execute the problem.

"These static analysis tools review program code and search for application coding flaws, unintentional or intentional, that could give hackers access to critical company data or customer information," SWAMP claimed, according to ZDNet.

SWAMP also provides nearly 400 open source software packages designed to help developers enhance their various tools, enabling superior software development efforts, the source noted.