CybersecurityDHS awards $23.6 million to fund development of new software analysis technology
DHS awarded a $23.6 million grant to the Morgridge Institute for Research at the University of Wisconsin-Madison to create the Software Assurance Marketplace, which, over the next five years, will work closely with developers of new software analysis technology and the open source community to advance the security of software; initial operating capabilities for the Software Assurance Marketplace will include the ability continuously to test up to 100 open-source software packages against five software assurance tools on eight platforms, including Macintosh, Linux, and Windows
Researchers from Indiana University’s Pervasive Technology Institute will serve as collaborating partners on a major grant from the DHS to address vulnerabilities arising during the process of software development.
DHS awarded a $23.6 million grant to the Morgridge Institute for Research at the University of Wisconsin-Madison to create the Software Assurance Marketplace, which, over the next five years, will work closely with developers of new software analysis technology and the open source community to advance the security of software.
An Indiana University release reports that as part of the grant, IU’s Center for Applied Cybersecurity Research, Grid Operation Center, and Global Research Network Operations Center will receive $1.9 million to provide operational monitoring, cybersecurity analysis, and user support to the marketplace over the next five years.
“This project demonstrates IU’s unique abilities to leverage institutional strengths in cybersecurity, monitoring and operational support,” said Center for Applied Cybersecurity research deputy director Von Welch, who serves as the lead for Indiana University’s participation in the project. “As a first-of-its-kind system, the Software Assurance Marketplace will introduce new challenges in cybersecurity and operational monitoring, making it a perfect application of the Pervasive Technology Institute’s applied research.”
IU will also perform annual risk analysis; lead cybersecurity technical design and operations; develop and maintain policies and procedures for incident detection and response; and lead the handling of cybersecurity-related incidents in the marketplace. IU personnel will also handle the establishment of a 24/7 call center and trouble ticket system, and will also provide first-tier user support.
Barton Miller, a UW-Madison computer sciences professor who will serve as chief scientist of the Software Assurance Marketplace, said Center for Applied Cybersecurity Research staff and IU expertise will enhance the project’s ability to establish and operate a unique software assurance facility.
“We envision a marketplace that will bring together practitioners in software assurance techniques with those developing open-source software to address the information technology challenges in fields ranging from national security and physics to health care,” Miller said. “We’re excited about the potential of this project to reinforce our nation’s cybersecurity.”
The release notes that initial operating capabilities for the Software Assurance Marketplace will include the ability continuously to test up to 100 open-source software packages against five software assurance tools on eight platforms, including Macintosh, Linux, and Windows. The secure research facility will be able to analyze more than 275 million lines of code per day and also will introduce new tools to reduce the “false positive” readings that now limit the effectiveness of software assurance testing methods.