SwA-Vis
Software Assurance Visual Analysis Tool
Secure Decisions’ Software Assurance (SwA) Visual Analysis Tool visualizes and correlates weaknesses in software. It increases coverage and confidence in the results of multiple tools; facilitates vulnerability prioritization based on code context; provides developer traceability and trends analysis for process improvement; and integrates with the Software Development Life Cycle (SDLC) for quick and effective remediation.
Secure Decisions’ Visual Analysis Tool visualizes and correlates weakness data from disparate code analysis tools, putting them into the proper context for effective triage and mitigation. The tool is aligned with the emerging concept of a vendor-agnostic Software Assurance ecosystem. Software weakness findings from a variety of tools and development environments are reported in a standardized form, shielding the user from product-specific idiosyncrasies and semantic differences. The Visual Analysis Tool’s multi-faceted visualizations provide investigative flexibility to pinpoint high priority problem areas within the analyzed codebases. SDLC integration is automated to augment the analysis with weakness traceability as well as significantly speed-up remediation by automating issue-creation and tracking. The tool’s ability to bridge SwA analysis to the SDLC, by interfacing with existing SwA analysis tools on one end and with SDLC tools on the other, streamlines the SwA analysis process to maximize analysis and remediation effectiveness resulting in improved software robustness and trustworthiness.
The Phase I proof-of-concept successfully demonstrated the viability of the Secure Decisions’ approach by visually correlating weaknesses found by three different SwA analysis tools. Phase II will provide a flexible interface to ingest the results of a wide-array of weakness analysis tools; enhance existing and create additional visualizations; and increase the level of integration with SDLC tools.
