Inactive

The requirement is to provide "STAMP Out: Improving Software Security with Open Source Static Analysis Tools" software assurance research and development services. The Static Tool Analysis Modernizati... The requirement is to provide "STAMP Out: Improving Software Security with Open Source Static Analysis Tools" software assurance research and development services. The Static Tool Analysis Modernization Project (STAMP) project will modernize selected software analysis tools based on market research on key factors (e.g. market penetration, programming language) to improve tool performance and coverage, to seamlessly integrate and support continuous integration and DevOps operational environments, and provide more accurate analysis of results by reducing false-positives and provide more visibility into false-negatives that often leave residual risks. STAMP is designed to create new techniques that advance the state-of-the-art capabilities found in software analysis tools and will help address the risks posed by the increasing use of software. STAMP will improve the testing and evaluation of static analysis tools, with a focus towards improving deployment and understanding as well as expanding weakness coverage and strength of tools for use in the Software Assurance Marketplace (SWAMP). In addition, the contractor will develop and implement a repeatable methodology for testing, evaluation, and modernizing existing open-source static analysis tools.