Software Assurance Analysis and Visual Analytics

Award Information
Agency:
Department of Homeland Security
Branch
n/a
Amount:
$836,996.16
Award Year:
2010
Program:
SBIR
Phase:
Phase II
Contract:
D11PC20010
Award Id:
n/a
Agency Tracking Number:
0922004
Solicitation Year:
2009
Solicitation Topic Code:
H-SB09.2-004
Solicitation Number:
n/a
Small Business Information
6 Bayview Avenue, Northport, NY, 11768-1502
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
600226022
Principal Investigator:
John Goodall
(518) 207-3105
johng@securedecisions.avi.com
Business Contact:
Frank Zinghini
(631) 759-3901
frankz@avi.com
Research Institution:
n/a
Abstract
To increase confidence that software is secure, researchers and vendors have developed different kinds of automated software security analysis tools. These tools analyze software for weaknesses and vulnerabilities, but produce massive data with many false positives. Further, the individual tools catch different vulnerabilities, often with little overlap. The NSA tested five static code analysis tools and found that 84pct of the vulnerabilities were identified by only one tool. These results point to the need to combine and correlate the results of multiple tools to ensure comprehensive vulnerability analysis. However, the disparate interfaces and nonnormalized results of each tool make correlation of their results taxing to the software developer. The Secure Decisions Division of Applied Visions Inc. is developing a Software Assurance Analysis and Visual Analytics platform that integrates the results of disparate software analysis tools into a visual environment for triage and exploration of code vulnerabilities. Software developers can explore voluminous vulnerability results to uncover hidden trends, triage the most important code weaknesses, and show who is responsible for introducing software vulnerabilities. Visual analytics focus the user`s attention on the most pressing vulnerabilities. By correlating and normalizing data from multiple tools, the overall vulnerability detection coverage of software is increased.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government