Presentation is loading. Please wait.

Presentation is loading. Please wait.

Making Condor Safer with… A Collaborative Marketplace for Continuous Software Assurance Brooklin Gore, Chief Operations Officer

Published byMarvin Mosley Modified over 9 years ago

Similar presentations

Presentation on theme: "Making Condor Safer with… A Collaborative Marketplace for Continuous Software Assurance Brooklin Gore, Chief Operations Officer"— Presentation transcript:

1 Making Condor Safer with… A Collaborative Marketplace for Continuous Software Assurance Brooklin Gore, Chief Operations Officer info@cosalab.org http://swamp.cosalab.org

2 U.S. Department of Homeland Security Science and Technology Directorate o Software Assurance Marketplace project part of $70+ million multi-year Cyber Security Division effort to improve security of nation’s critical information infrastructure o BAA 11-02 involves 34 awards to 29 academic, commercial and research organizations in 14 technical areas focused on detecting, preventing and responding to cyber attacks

3 Software Assurance Marketplace o Six proposals submitted o Awarded to Morgridge Institute for Research with Indiana University, University of Illinois Urbana- Champaign, and UW−Madison as subcontractors o Offers industry, academia and government agencies no-cost access to a secure research facility with analytical and reporting capabilities o Will help the software assurance community improve the security of software used in the nation’s critical infrastructure

4 Software Assurance Marketplace Organization Software Assurance Marketplace Director Miron Livny Chief Operations Officer Brooklin Gore Software Development Production Identity Mgmt. Lead Jim Basney Chief Security Officer Von Welch Operations Center Security Operations Chief Scientist Barton Miller Software Assurance Tools and Standards User Support External Resources Morgridge Institute for Research Indiana Univ. Pervasive Technology Institute U. of Wisconsin Middleware Security and Testing Group U. Of Illinois NCSA Cybersecurity Directorate ~ 24 Team Members

5 A Growing Need…

6 Use Cases Software Developers Upload software packages for analysis by a suite of software assurance tools and view results via dashboard. Cybersecurity Researchers Review data on tool coverage and common weaknesses to improve standards, education and certification programs. Software Assurance Tool Developers Upload SWA tools and evaluate against large corpus of SW packages and test suites with known weaknesses. Software Assurance Marketplace

7 User Communities SwA Tool Developers SwA Researchers Software Developers Educators & Students Infrastructure Operators

8 Making HTCondor Safer with Continuous Software Assurance o In the past o Used BaTLab for release build and test o Ran Coverity static analysis tool before stable releases o Today o Use BaTLab for per commit build and test o Running Coverity ‘continuously’ o Working on adding a 2 nd tool from GrammaTech o Spring 2014 o Use SWAMP for continuous integration and CSwA o Continuous runs with a corpus of open source and commercial static analysis tools o Over time, adding dynamic tools, improved results viewing

9 Major Deliverables Year Phase BuildBetaEnhanceOperate 12345 SWAMP Operational (Version 1.0 of CoSALab and Metronome) V3 of CoSALab and Metronome Third SWAMP User’s Meeting V1 Stable Release of Metronome Second SWAMP User’s Meeting V2 of CoSALab and Metronome Third SWAMP User’s Meeting Fourth SWAMP User’s Meeting Final Metronome Release Feb. 2, 2014 Oct. 1, 2012 Oct. 1, 2013 Date Sep. 30, 2015 Sep. 30, 2017 Planning First SWAMP Community Meeting

10 Jan. 2014 Initial Operating Capabilities 5 Tools Clang, cppcheck, Oink (C, C++) Findbugs, PMD (Java) Commercial – TBD Developers bring more 100 Packages C, C++, Java Open Source Include test suites (e.g. NIST SATE) Developers bring more 8 Platforms Debian Fedora Red Hat Scientific Linux Ubuntu Windows Current + Last Version? Requests? (to be defined)

11 You are the key! o We need your input – how do you envision using such a resource? What tools, packages, policies, topics, platforms would help you? o We need your involvement – help with tools, packages, standards, technical literature, seminars, training. o We need your feedback – the good, the bad, and the ugly. Contact us: info@cosalab.orginfo@cosalab.org http://swamp.cosalab.org

Download ppt "Making Condor Safer with… A Collaborative Marketplace for Continuous Software Assurance Brooklin Gore, Chief Operations Officer"

Similar presentations

Red Soft strategy presentation and Q&A

Red Soft strategy presentation and Q&A
Update on OCIs Cybersecurity Activities for CASC September 2011 Kevin Thompson.

Update on OCIs Cybersecurity Activities for CASC September 2011 Kevin Thompson.
Community Based Cyber Security Program Technical Assistance Package Nicholas Corea Program Director G&H International Services for Donald Lumpkins, Program.

Community Based Cyber Security Program Technical Assistance Package Nicholas Corea Program Director G&H International Services for Donald Lumpkins, Program.
Joint CASC/CCI Workshop Report Strategic and Tactical Recommendations EDUCAUSE Campus Cyberinfrastructure Working Group Coalition for Academic Scientific.

Joint CASC/CCI Workshop Report Strategic and Tactical Recommendations EDUCAUSE Campus Cyberinfrastructure Working Group Coalition for Academic Scientific.
Illinois Shared Learning Environment Illinois Pathways Initiative – Lead Entity Discussion October 11, 2012 Illinois Department of Commerce and Economic.

Illinois Shared Learning Environment Illinois Pathways Initiative – Lead Entity Discussion October 11, 2012 Illinois Department of Commerce and Economic.
Integrated Ocean Observing System (IOOS) Data Management and Communication (DMAC) Standards Process Julie Bosch NOAA National Coastal Data Development.

Integrated Ocean Observing System (IOOS) Data Management and Communication (DMAC) Standards Process Julie Bosch NOAA National Coastal Data Development.
Public Safety Communications Research Program A joint program between NIST’s Communications Technology Laboratory & NTIA’s Institute for Telecommunication.

Public Safety Communications Research Program A joint program between NIST’s Communications Technology Laboratory & NTIA’s Institute for Telecommunication.
Science Gateway Security Recommendations Jim Basney Von Welch This material is based upon work supported by the.

Science Gateway Security Recommendations Jim Basney Von Welch This material is based upon work supported by the.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
OHIO SACWIS OHIO SACWIS PCSAO Executive Membership Meeting 26 February 2004.

OHIO SACWIS OHIO SACWIS PCSAO Executive Membership Meeting 26 February 2004.
Open Security Technology Washington, DC February 11, 2011 Dept. of Homeland Security Science & Technology Directorate Luke Berndt Program Manager.

Open Security Technology Washington, DC February 11, 2011 Dept. of Homeland Security Science & Technology Directorate Luke Berndt Program Manager.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
Fiscal Year 2008 Urban Areas Security Initiative Nonprofit Security Grant Program Investment Justification Questions, Criteria, and Prioritization Methodology.

Fiscal Year 2008 Urban Areas Security Initiative Nonprofit Security Grant Program Investment Justification Questions, Criteria, and Prioritization Methodology.
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
EInfrastructures (Internet and Grids) - 15 April 2004 Sharing ICT Resources – “Think Globally, Act Locally” A point-of-view from the United States Mary.

EInfrastructures (Internet and Grids) - 15 April 2004 Sharing ICT Resources – “Think Globally, Act Locally” A point-of-view from the United States Mary.
Data Sources & Using VIVO Data Visualizing Scholarship VIVO provides network analysis and visualization tools to maximize the benefits afforded by the.

Data Sources & Using VIVO Data Visualizing Scholarship VIVO provides network analysis and visualization tools to maximize the benefits afforded by the.
National Computational Science Alliance Boston University Access Grid Conference Facility at Boston University Jennifer Teig von Hoffman.

National Computational Science Alliance Boston University Access Grid Conference Facility at Boston University Jennifer Teig von Hoffman.
Evidence-Based Policy Making / Decision Support Luis Furlan Director, Center for Studies in Applied Informatics – Universidad del Valle de Guatemala Kevin.

Evidence-Based Policy Making / Decision Support Luis Furlan Director, Center for Studies in Applied Informatics – Universidad del Valle de Guatemala Kevin.
Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”

Framework for Improving Critical Infrastructure Cybersecurity Overview and Status Executive Order “Improving Critical Infrastructure Cybersecurity”

Similar presentations

Ads by Google