DHS chooses GrammaTech for software analysis tools for cyber security of critical infrastructure
The goal of STAMP is to modernize software analysis tools to improve performance and coverage, and provide more accurate analysis of results.
WASHINGTON – U.S. homeland security experts needed software-assurance tools to provide cyber security for critical infrastructure like energy, transportation, and banking. They found their solution from GrammaTech Inc. in Ithaca, N.Y.
Officials of the U.S. Department of Homeland Security (DHS) in Washington announced plans Friday to award a new contract to GrammaTech for the Static Tool Analysis Modernization Project (STAMP) project.
The goal of STAMP is to modernize software analysis tools to improve performance and coverage, seamlessly to integrate and support integration and operational environments, and provide more accurate analysis of results by reducing false-positives and provide more visibility into false-negatives.
STAMP is designed to create new techniques that advance the state-of-the-art capabilities found in software analysis tools and will help address the risks posed by the increasing use of software.
Existing weaknesses in software expose vulnerabilities that put critical infrastructure at risk, DHS officials say. Last October the National Vulnerability Database (NVD) reported more than 12,000 vulnerabilities in the calendar year -- nearly double the number reported in 2015 and 2016.
This risk is compounded by software size and complexity and the growing reliance on reusable software code and open-source software. Today's most advanced software assurance tools have not kept pace with modern software.
These tools often have difficulty tracking data flows through complex and large software systems, such that software analysis tools oversimplify and make assumptions about software code that is inaccurate.
STAMP will improve the testing and evaluation of static analysis tools, with a focus towards improving deployment and understanding as well as expanding weakness coverage and strength of tools for use in the Software Assurance Marketplace (SWAMP).
In addition, GrammaTech will develop a repeatable methodology for testing, evaluation, and modernizing existing open-source static analysis tools.
DHS officials say they are choosing GrammaTech for the STAMP project because of the company's deep understanding of static analysis tools; knowledge of the software security life cycle; experience in software analysis; and its previous experience working with the National Institute of Standards and Technology in the Software Assurance Metrics And Tool Evaluation (SAMATE) program.