Codenomicon's discovery of OpenSSL's "Heartbleed" flaw this past spring highlighted the increasing importance of source code assurance and quality control as software grows in prominence in daily life. The Heartbleed memory leak opened the door for infiltrators to obtain passwords and security keys to decode encrypted data — a vulnerability that allegedly still threatens enterprise systems months after its discovery, according to a recent report.
But Kevin Greene (pictured at left), a project manager in the cybersecurity division of the U. S. Department of Homeland Security's Science and Technology Directorate, claims that he has the answer to these kinds of problems. He manages a program called the Software Assurance Marketplace, aka SWAMP, an online platform that allows software developers to submit their code for vulnerability analysis free of charge.
According to Greene, SWAMP could have detected the Heartbleed flaw early in its development phase where other vulnerability tools apparently failed.
"None of the tools were able to detect the weakness that led to Heartbleed, so to me, using SWAMP, a software researcher can identify the type of anomalies that are in these tools and start working on the techniques that exist in the state of the art tools," Greene said.