The Department of Homeland Security (DHS) Science and Technology (S&T) has issued two solicitations for software assurance tools against an existing Broad Agency Announcement focused on cyber security.
Under the Static Tool Analysis Modernization Project (STAMP), S&T wants to modernize free and open-source static analysis tools that have been neglected and are currently irrelevant. The agency says that modernizing the tools will help advance and improve software analysis capabilities because these lower cost tools will make secure software more prevalent.
S&T expects to have about $8 million available over four years for the STAMP effort with the funding spread across four technical topic areas with the first being a test case generator, followed by tool study and analysis, tool modernization, and finally an operational pilot implementing tool scoring and labeling.
Proposals for the STAMP project are due by Jan. 7 and notification of awards is planned for by June 1.
For the Application Security Threat Attack Modeling (ASTAM) effort, S&T wants to create a Unified Threat Management (UTM) system that “allows cyber security professionals to monitor and manage a wide variety of security-related applications and infrastructure components through a single management console,” according to an agency briefing slide presented at a Dec. 8 Industry Day that covered the new solicitations.
The ultimate goal of the ASTAM effort is to “identify weaknesses in software before it leaves the developer’s desk, helping to reduce the attack surface for software applications, as well as reduce the cost of software failures by finding weaknesses before they expose vulnerabilities,” S&T says. The program also hopes to achieve “continuous monitoring at speed,”
Beginning in FY ’16 and potentially stretching over four years, S&T has up to $18 million available for ASTAM across four technical areas. The four areas are evolving of hybrid analysis mapping, automated application threat modeling, attack simulation and countermeasures modeling, and continuous monitoring and assessment.
Proposals for ASTAM are due by Jan. 26 and notification of awards is expected by June 1.