Under a DHS S&T Phase II SBIR, the Secure Decisions team will develop a Software Assurance Visual Analysis Tool that visualizes and correlates weaknesses in software.
NORTHPORT, NY, January 3rd, 2012– This DHS S&T-funded project will visualize vulnerabilities in software systems, which can be exploited to attack information systems. Some of these vulnerabilities are found as part of systems development and testing, but most are not identified until systems are deployed – when these software vulnerabilities jeopardize the security of other information systems. DHS S&T recognizes the need for more rigorous and routine software testing and vulnerability analysis to identify and remediate security weaknesses before systems are deployed into critical environments where those vulnerabilities can be exploited.
Secure Decisions’ Visual Analysis Tool visualizes and correlates weakness data from disparate code analysis tools, putting them into the proper context for effective triage and mitigation. The tool is aligned with the emerging concept of a vendor-agnostic Software Assurance ecosystem. The Visual Analysis Tool’s multi-faceted visualizations provide investigative flexibility to pinpoint high priority problem areas within the analyzed codebases. SDLC integration is automated to augment the analysis with weakness traceability as well as significantly speed-up remediation by automating issue-creation and tracking.
The Phase I proof-of-concept successfully demonstrated the viability of the Secure Decisions’ approach by visually correlating weaknesses found by three different SwA analysis tools. Phase II will provide a flexible interface to ingest the results of a wide-array of weakness analysis tools; enhance existing and create additional visualizations; and increase the level of integration with SDLC tools.
To learn more about Swa-Vis please visit: https://secdecwp.wpengine.com/research-development/software-assurance.
About Applied Visions and Secure Decisions
Applied Visions, Inc. (AVI) provides software products, custom solutions, and advanced technology research for commercial and government customers. The company’s vision and expertise in visual software solutions for complex defense, national security, and business problems have served AVI’s customers in the Department of Defense, Department of Homeland Security, Federal Bureau of Investigation, and prominent technology and Fortune 500 firms. Founded in 1987, AVI is based in Northport, NY, and has secure facilities and clearances to support classified government programs.
Secure Decisions was launched by AVI in 2000 to focus on cyber security research and products for the government. Today, Secure Decisions is a leader in security visualization, with an established track record of R&D contracts, technology transition and product development. Secure Decisions’ products are used to enhance the situational awareness of senior officers, computer network defenders and other security professionals in government and commercial organizations. SecureScope™, VIAssist™, and MeerCAT® are among Secure Decisions’ extensive portfolio of cyber defense solutions.
All trademarks, trade names, service marks, and logos referenced herein belong to their respective parties.