DOHS funds $23.6m cybersecurity grant to address software reliability issues

A $23.6m grant from the U.S. Department of Homeland Security (DOHS) will help scientists at Morgridge Institute for Research establish the “Software Assurance Marketplace” to address the quality and reliability of software used in the nation’s critical cyber-infrastructure.

The Morgridge Institute, Indiana University, the University of Illinois at Urbana-Champaign and the University of Wisconsin-Madison received the grant as part of a broad agency announcement by the DOHS Science and Technology Directorate to address threats arising from the development process of software used in technology in a wide range of industries, including the energy industry.

“Open-source software, developed by multiple programmers in collaborative environments, underpins much of the information technology we rely on every day – from communication networks to the databases that manage our personal records,” Miron Livny, Morgridge Institute director of core computational technology, said in a statement. “By its very nature, open-source software allows for rapid progress. Yet, the collaborative environments that facilitate open-source innovation have offered limited access to tools and resources for continuous cybersecurity assurance.”

Livny, a UW-Madison computer science professor, will lead the effort to establish the Software Assurance Marketplace, which will be based at the Wisconsin Institutes for Discovery, a public-private research center on the UW-Madison campus that houses the Morgridge Institute.

Primary operating capabilities for the marketplace will include the ability to continuously test up to 100 open-source software packages against five software assurance tools on eight platforms, such as Macintosh, Linux and Windows. The secure research facility will be able to analyze more than 275 million lines of code per day and will introduce tools to reduce false-positive readings that limit the effectiveness of software assurance testing methods.

While the initial stages of the marketplace do not have a focus on any specific industry segments, Livny told TransmissionHub on Nov. 2 that “having [the energy] industry involved in its entire spectrum would be extremely valuable.”

The goal of the program is to create a resource that will support as many software developers and tool developers as possible.

“I think industry representatives can play a significant role in guiding us, from sharing the problems that they are most concerned about to adopting new tools, since the marketplace itself is going to be open source, and industry representatives will be able to take some of the technologies that the marketplace developed and move them to their internal environments,” Livny said.

Barton Miller, UW-Madison computer sciences professor, said in a statement: “We have assembled a powerful team of software and security researchers and experts who will enable us to establish and operate a unique software assurance facility. We envision a marketplace that will bring together practitioners in software assurance techniques with those developing open-source software to address software quality assurance challenges in fields ranging from national security and physics to health care.”

Miller will serve as chief scientist for the Software Assurance Marketplace.

Under an initial five-year agreement, the Morgridge Institute will receive $14.9m. UW-Madison’s Middleware Security and Testing group will receive $4.7m, the National Center for Supercomputing Applications Cybersecurity Directorate at the University of Illinois at Urbana-Champaign will receive $2.1m, and Indiana University’s Pervasive Technology Institute will receive $1.9m.