The United States Department of Homeland Security is contributing just over $23 million to an initiative that will help the federal agency make better determinations about the security of open source software. The initiative was launched in response to the increased use of open source software among officials in virtually all federal agencies and the complaints that have been coming from those officials regarding the lack of sufficient software security analysis tools. The funds will be used by the department’s internal software developers in order for them to be able to improve those tools and to test current and future open source programs.
Homeland Security recently developed and implemented SWAMP, the Software Assurance Market Place, which provides a means through which those developers can perform tests on open source programs. Developers also have been provided with a laboratory designed to improve the capability of the tools that they use for testing programs which DHS officials say have not been performing sufficiently when it comes to identifying weaknesses in their security software. The SWAMP platform is open for use by private developers and IT professionals but government developers are its target market. The goal is to provide a way for the government to be able to not only develop better internal software programs for analysts and other personnel but to also develop better security for those programs.
According to one software assurance program manager with the Homeland Security Science and Technology cybersecurity division, the department is aiming to reduce and eventually eliminate barriers that currently exist as a hindrance to effective quality assurance in the lifecycle of software development. The need for better software analysis came about when developers discovered what is known as Heartbleed, an cyber-vulnerability that allows sensitive information that is protected by OpenSSL – a common online transaction protection program – to be leaked.