Ray Morris... exactly. People are so closed minded. You don't think NSA already know the backdoors and vulnerabilities in popular open-source packages.? lol
This will be eventually transitioned to the community to maintain. Think about it... much of software used in government and critical infrastructure is now relying on open-source components. The SWAMP is a response from DHS that says.. software security is a huge problem... here is a resource to help improve software development activities and raise the quality of tools used to detect bugs and weaknesses.
That's the plan is to try and raise the bar of open source tools. Actually, there is a use case to support to vendors to bring their tool and run their tool against a wide range of software packages and test cases in the SWAMP. The goal is to create better performing tools and improve tool coverage. I think the SWAMP is an excellent idea.
Commercial tools are just as bad as open-source. Look at heartbleed, none of the tools found that weakness that led to heartbleed. You have to understand the premise behind the project before making assumptions. There will be commercial tools being offered soon!!!
Slashdot Mirror
Ray Morris... exactly. People are so closed minded. You don't think NSA already know the backdoors and vulnerabilities in popular open-source packages.? lol
This will be eventually transitioned to the community to maintain. Think about it... much of software used in government and critical infrastructure is now relying on open-source components. The SWAMP is a response from DHS that says.. software security is a huge problem ... here is a resource to help improve software development activities and raise the quality of tools used to detect bugs and weaknesses.
That's the plan is to try and raise the bar of open source tools. Actually, there is a use case to support to vendors to bring their tool and run their tool against a wide range of software packages and test cases in the SWAMP. The goal is to create better performing tools and improve tool coverage. I think the SWAMP is an excellent idea.
Commercial tools are just as bad as open-source. Look at heartbleed, none of the tools found that weakness that led to heartbleed. You have to understand the premise behind the project before making assumptions. There will be commercial tools being offered soon!!!
Finally someone with commonsense. The Chief Scientist of the SWAMP is the "father of Fuzzing", Barton Miller.