CWE
CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > Compatibility > Sort By Capability  

Sort By Capability
Sort By Capability

All organizations participating in the Compatibility Program are listed below.

CWE Output

Product (61) Organization (34) Type Country (9) Status
CodeSonar GrammaTech, Inc. Static Analysis Tool United States Compatible
HP Assessment Management Platform (ASP) Hewlett-Packard Enterprise Platform for Managing a Web Application Security Assessment Program United States Compatible
HP Fortify On Demand Hewlett-Packard Static and Dynamic Analysis and Results Reporting Service United States Compatible
HP Fortify Real-Time Analyzer Hewlett-Packard Real-Time Detection and Prevention of Attacks United States Compatible
HP Fortify Software Security Center Hewlett-Packard Results Reporting United States Compatible
HP Fortify Static Code Analyzer Hewlett-Packard Static Analysis and Results Reporting United States Compatible
HP WebInspect Hewlett-Packard Dynamic Analysis Web Application Security Assessment Tool United States Compatible
Klocwork Insight Klocwork, Inc. Assessment and Remediation Tool Canada Compatible
SAMATE Reference Dataset (SRD) National Institute of Standards and Technology (NIST) Web-based Software Security Assurance Application United States Compatible
Security-Database Web Services Security-Database Web Services France Compatible
Veracode Analytics Veracode, Inc. SAST, DAST, Manual Penetration Testing United States Compatible
Veracode Dynamic Analysis Veracode, Inc. SAST, DAST, Manual Penetration Testing United States Compatible
Veracode Manual Testing Veracode, Inc. SAST, DAST, Manual Penetration Testing United States Compatible
Veracode Static Analysis Veracode, Inc. SAST, DAST, Manual Penetration Testing United States Compatible
World Laboratory of Bugtraq (WLB) 2 CXSecurity Vulnerability Database Poland Compatible
Architectural and Design Risk Management Cigital, Inc. Software Security Architecture and Design Risk Assessment and Management United States Available
CAST Application Intelligence Platform CAST Automated Application Assessment Platform France Available
Cenzic Hailstorm Professional Cenzic, Inc. Web Application Penetration Testing and Vulnerability Management System United States Available
Cenzic Hailstrom Enterprise ARC Cenzic, Inc. Web Application Security Risk Management Platform United States Available
Certification of Software Lifecycle Personnel ISC2 The International Information Systems Security Certification Consortium Professional Certification United States Available
CodeSecure Enterprise Armorize Technologies, Inc. Web Application Source Code Analysis Tool United States Available
CodeSecure Verifier Armorize Technologies, Inc. Web Application Source Code Analysis Suite United States Available
CodeSecure Workbench Armorize Technologies, Inc. Web Application Source Code Analysis Tool United States Available
COREvidence NETpeas, SA Cloud-Based, Multi-Engines Vulnerability Management Service France Available
Coverity Integrity Center Coverity, Inc. Static Analysis Tool United States Available
Coverity Prevent Coverity, Inc. Static Analysis Tool United States Available
CxSuite Checkmarx Static Application Security Testing/Application Security Code Review Israel Available
DEFENSICS X Codenomicon Ltd. Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities Finland Available
EMC Product Security Policy (PSP) EMC Corporation and RSA (The Security Division of EMC) Enterprise Policy for Secure Product Development United States Available
EMC Security Development Lifecycle (SDL) EMC Corporation and RSA (The Security Division of EMC) Enterprise Secure Development Lifecycle United States Available
EMC Vulnerability Response Policy (VRP) EMC Corporation and RSA (The Security Division of EMC) Enterprise Response Policy for Product Vulnerabilities United States Available
Jtest Parasoft Corporation Java Software Quality Analysis and Testing Solution United States Available
JVN iPedia Information-Technology Promotion Agency (IPA), Japan Vulnerability Countermeasure Information Database Japan Available
LDRA Testbed LDRA Static and Dynamic Software Analysis Tool Suite United Kingdom Available
MyJVN Information-Technology Promotion Agency (IPA), Japan Filtered Vulnerability Countermeasure Information Tool Japan Available
Rational AppScan Standard Edition IBM Rational Web Application Security Assessment Tool United States Available
Secure Code Review Astyran Pte Ltd. Secure Code Review Singapore Available
Secure Code Review with Automated Tools Cigital, Inc. Security Code Assessment United States Available
Secure Design Review Astyran Pte Ltd. Secure Design Review Singapore Available
Secure Development Lifecycle Apple Secure Development Lifecycle United States Available
Secure programming class, CS390S CERIAS/Purdue University Secure Programming Class and Publicly Available Teaching Materials United States Available
Security Training and Awareness (various courses) Cigital, Inc. Software Security Training and Awareness Courses United States Available
SecurityAlert SecurityReason Web Application Security Risk Management Platform Poland Available
SofCheck Inspector for Ada SofCheck Inc. Static Analysis and Fault Detection Tool United States Available
Software Assurance Assessment KDM Analytics Software Assurance Assessment Service United States Available
Symantec Product Security Symantec Symmunize (Symantec's Secure Development Lifecycle Process) United States Available
TBvision LDRA Static and Dynamic Software Analysis Tool Suite United Kingdom Available
Web Application Vulnerability Assessment Astyran Pte Ltd. Application Vulnerability Assessment Singapore Available
EC-Council Certified Secure Programmer EC-Council Secure Programmer Certification Program United States Planned
HP DevInspect Hewlett-Packard Web Application Security Assessment Tool for Developers United States Planned
HP QAInspect Hewlett-Packard Web Application Security Assessment Tool for QA United States Planned
HP SaaS for ASC Hewlett-Packard Web Application Security Assessment and AMP delivered through Software-as-a-Service United States Planned
QA*C - CWE Compliance Module for C Programming Language Programming Research, Inc. Source Code Static Analysis Product Suite United States Planned
QA*CPP - CWE Compliance Module for C++ Programming Language Programming Research, Inc. Source Code Static Analysis Product Suite United States Planned
Rational AppScan Enterprise Edition IBM Rational Enterprise Web Application Security Assessment Tool United States Planned
Rational AppScan Source Edition IBM Rational Source Code Testing Tool United States Planned
Rational AppScan Tester Edition IBM Rational Development-Time Web Application Security Testing Tool United States Planned
Red Hat Customer Portal Red Hat, Inc. Customer Assessment Service United States Planned
Secure Application Development Training Courses SkillBridge, LLC Instructor Led Training United States Planned
Secure Programming Exams/Assessments SANS Institute Professional Secure Programming Examination United States Planned
WebLayers Center Security Policy Library WebLayers, Inc. Software Development Lifecycle (SDLC) Governance United States Planned
Back to top

CWE Searchable

Product (60) Organization (33) Type Country (9) Status
CodeSonar GrammaTech, Inc. Static Analysis Tool United States Compatible
HP Assessment Management Platform (ASP) Hewlett-Packard Enterprise Platform for Managing a Web Application Security Assessment Program United States Compatible
HP Fortify On Demand Hewlett-Packard Static and Dynamic Analysis and Results Reporting Service United States Compatible
HP Fortify Real-Time Analyzer Hewlett-Packard Real-Time Detection and Prevention of Attacks United States Compatible
HP Fortify Software Security Center Hewlett-Packard Results Reporting United States Compatible
HP Fortify Static Code Analyzer Hewlett-Packard Static Analysis and Results Reporting United States Compatible
HP WebInspect Hewlett-Packard Dynamic Analysis Web Application Security Assessment Tool United States Compatible
Klocwork Insight Klocwork, Inc. Assessment and Remediation Tool Canada Compatible
SAMATE Reference Dataset (SRD) National Institute of Standards and Technology (NIST) Web-based Software Security Assurance Application United States Compatible
Security-Database Web Services Security-Database Web Services France Compatible
Veracode Analytics Veracode, Inc. SAST, DAST, Manual Penetration Testing United States Compatible
Veracode Dynamic Analysis Veracode, Inc. SAST, DAST, Manual Penetration Testing United States Compatible
Veracode Manual Testing Veracode, Inc. SAST, DAST, Manual Penetration Testing United States Compatible
Veracode Static Analysis Veracode, Inc. SAST, DAST, Manual Penetration Testing United States Compatible
World Laboratory of Bugtraq (WLB) 2 CXSecurity Vulnerability Database Poland Compatible
Architectural and Design Risk Management Cigital, Inc. Software Security Architecture and Design Risk Assessment and Management United States Available
CAST Application Intelligence Platform CAST Automated Application Assessment Platform France Available
Cenzic Hailstorm Professional Cenzic, Inc. Web Application Penetration Testing and Vulnerability Management System United States Available
Cenzic Hailstrom Enterprise ARC Cenzic, Inc. Web Application Security Risk Management Platform United States Available
Certification of Software Lifecycle Personnel ISC2 The International Information Systems Security Certification Consortium Professional Certification United States Available
CodeSecure Enterprise Armorize Technologies, Inc. Web Application Source Code Analysis Tool United States Available
CodeSecure Verifier Armorize Technologies, Inc. Web Application Source Code Analysis Suite United States Available
CodeSecure Workbench Armorize Technologies, Inc. Web Application Source Code Analysis Tool United States Available
COREvidence NETpeas, SA Cloud-Based, Multi-Engines Vulnerability Management Service France Available
Coverity Integrity Center Coverity, Inc. Static Analysis Tool United States Available
Coverity Prevent Coverity, Inc. Static Analysis Tool United States Available
CxSuite Checkmarx Static Application Security Testing/Application Security Code Review Israel Available
DEFENSICS X Codenomicon Ltd. Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities Finland Available
EMC Product Security Policy (PSP) EMC Corporation and RSA (The Security Division of EMC) Enterprise Policy for Secure Product Development United States Available
EMC Security Development Lifecycle (SDL) EMC Corporation and RSA (The Security Division of EMC) Enterprise Secure Development Lifecycle United States Available
EMC Vulnerability Response Policy (VRP) EMC Corporation and RSA (The Security Division of EMC) Enterprise Response Policy for Product Vulnerabilities United States Available
Jtest Parasoft Corporation Java Software Quality Analysis and Testing Solution United States Available
JVN iPedia Information-Technology Promotion Agency (IPA), Japan Vulnerability Countermeasure Information Database Japan Available
LDRA Testbed LDRA Static and Dynamic Software Analysis Tool Suite United Kingdom Available
MyJVN Information-Technology Promotion Agency (IPA), Japan Filtered Vulnerability Countermeasure Information Tool Japan Available
Rational AppScan Standard Edition IBM Rational Web Application Security Assessment Tool United States Available
Secure Code Review Astyran Pte Ltd. Secure Code Review Singapore Available
Secure Code Review with Automated Tools Cigital, Inc. Security Code Assessment United States Available
Secure Design Review Astyran Pte Ltd. Secure Design Review Singapore Available
Secure programming class, CS390S CERIAS/Purdue University Secure Programming Class and Publicly Available Teaching Materials United States Available
Security Training and Awareness (various courses) Cigital, Inc. Software Security Training and Awareness Courses United States Available
SecurityAlert SecurityReason Web Application Security Risk Management Platform Poland Available
SofCheck Inspector for Ada SofCheck Inc. Static Analysis and Fault Detection Tool United States Available
Software Assurance Assessment KDM Analytics Software Assurance Assessment Service United States Available
Symantec Product Security Symantec Symmunize (Symantec's Secure Development Lifecycle Process) United States Available
TBvision LDRA Static and Dynamic Software Analysis Tool Suite United Kingdom Available
Web Application Vulnerability Assessment Astyran Pte Ltd. Application Vulnerability Assessment Singapore Available
EC-Council Certified Secure Programmer EC-Council Secure Programmer Certification Program United States Planned
HP DevInspect Hewlett-Packard Web Application Security Assessment Tool for Developers United States Planned
HP QAInspect Hewlett-Packard Web Application Security Assessment Tool for QA United States Planned
HP SaaS for ASC Hewlett-Packard Web Application Security Assessment and AMP delivered through Software-as-a-Service United States Planned
QA*C - CWE Compliance Module for C Programming Language Programming Research, Inc. Source Code Static Analysis Product Suite United States Planned
QA*CPP - CWE Compliance Module for C++ Programming Language Programming Research, Inc. Source Code Static Analysis Product Suite United States Planned
Rational AppScan Enterprise Edition IBM Rational Enterprise Web Application Security Assessment Tool United States Planned
Rational AppScan Source Edition IBM Rational Source Code Testing Tool United States Planned
Rational AppScan Tester Edition IBM Rational Development-Time Web Application Security Testing Tool United States Planned
Red Hat Customer Portal Red Hat, Inc. Customer Assessment Service United States Planned
Secure Application Development Training Courses SkillBridge, LLC Instructor Led Training United States Planned
Secure Programming Exams/Assessments SANS Institute Professional Secure Programming Examination United States Planned
WebLayers Center Security Policy Library WebLayers, Inc. Software Development Lifecycle (SDLC) Governance United States Planned
Back to top

CWE Coverage

Product (56) Organization (31) Type Country (9) Status
CodeSonar GrammaTech, Inc. Static Analysis Tool United States Compatible
HP Assessment Management Platform (ASP) Hewlett-Packard Enterprise Platform for Managing a Web Application Security Assessment Program United States Compatible
HP Fortify On Demand Hewlett-Packard Static and Dynamic Analysis and Results Reporting Service United States Compatible
HP Fortify Real-Time Analyzer Hewlett-Packard Real-Time Detection and Prevention of Attacks United States Compatible
HP Fortify Software Security Center Hewlett-Packard Results Reporting United States Compatible
HP Fortify Static Code Analyzer Hewlett-Packard Static Analysis and Results Reporting United States Compatible
HP WebInspect Hewlett-Packard Dynamic Analysis Web Application Security Assessment Tool United States Compatible
Klocwork Insight Klocwork, Inc. Assessment and Remediation Tool Canada Compatible
SAMATE Reference Dataset (SRD) National Institute of Standards and Technology (NIST) Web-based Software Security Assurance Application United States Compatible
Security-Database Web Services Security-Database Web Services France Compatible
Veracode Analytics Veracode, Inc. SAST, DAST, Manual Penetration Testing United States Compatible
Veracode Dynamic Analysis Veracode, Inc. SAST, DAST, Manual Penetration Testing United States Compatible
Veracode Manual Testing Veracode, Inc. SAST, DAST, Manual Penetration Testing United States Compatible
Veracode Static Analysis Veracode, Inc. SAST, DAST, Manual Penetration Testing United States Compatible
World Laboratory of Bugtraq (WLB) 2 CXSecurity Vulnerability Database Poland Compatible
Architectural and Design Risk Management Cigital, Inc. Software Security Architecture and Design Risk Assessment and Management United States Available
CAST Application Intelligence Platform CAST Automated Application Assessment Platform France Available
Cenzic Hailstorm Professional Cenzic, Inc. Web Application Penetration Testing and Vulnerability Management System United States Available
Cenzic Hailstrom Enterprise ARC Cenzic, Inc. Web Application Security Risk Management Platform United States Available
Certification of Software Lifecycle Personnel ISC2 The International Information Systems Security Certification Consortium Professional Certification United States Available
CodeSecure Enterprise Armorize Technologies, Inc. Web Application Source Code Analysis Tool United States Available
CodeSecure Verifier Armorize Technologies, Inc. Web Application Source Code Analysis Suite United States Available
CodeSecure Workbench Armorize Technologies, Inc. Web Application Source Code Analysis Tool United States Available
COREvidence NETpeas, SA Cloud-Based, Multi-Engines Vulnerability Management Service France Available
Coverity Integrity Center Coverity, Inc. Static Analysis Tool United States Available
Coverity Prevent Coverity, Inc. Static Analysis Tool United States Available
CxSuite Checkmarx Static Application Security Testing/Application Security Code Review Israel Available
DEFENSICS X Codenomicon Ltd. Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities Finland Available
Jtest Parasoft Corporation Java Software Quality Analysis and Testing Solution United States Available
JVN iPedia Information-Technology Promotion Agency (IPA), Japan Vulnerability Countermeasure Information Database Japan Available
LDRA Testbed LDRA Static and Dynamic Software Analysis Tool Suite United Kingdom Available
MyJVN Information-Technology Promotion Agency (IPA), Japan Filtered Vulnerability Countermeasure Information Tool Japan Available
Rational AppScan Standard Edition IBM Rational Web Application Security Assessment Tool United States Available
Secure Code Review Astyran Pte Ltd. Secure Code Review Singapore Available
Secure Code Review with Automated Tools Cigital, Inc. Security Code Assessment United States Available
Secure Design Review Astyran Pte Ltd. Secure Design Review Singapore Available
Secure Development Lifecycle Apple Secure Development Lifecycle United States Available
Secure programming class, CS390S CERIAS/Purdue University Secure Programming Class and Publicly Available Teaching Materials United States Available
Security Training and Awareness (various courses) Cigital, Inc. Software Security Training and Awareness Courses United States Available
SecurityAlert SecurityReason Web Application Security Risk Management Platform Poland Available
SofCheck Inspector for Ada SofCheck Inc. Static Analysis and Fault Detection Tool United States Available
Software Assurance Assessment KDM Analytics Software Assurance Assessment Service United States Available
TBvision LDRA Static and Dynamic Software Analysis Tool Suite United Kingdom Available
Web Application Vulnerability Assessment Astyran Pte Ltd. Application Vulnerability Assessment Singapore Available
HP DevInspect Hewlett-Packard Web Application Security Assessment Tool for Developers United States Planned
HP QAInspect Hewlett-Packard Web Application Security Assessment Tool for QA United States Planned
HP SaaS for ASC Hewlett-Packard Web Application Security Assessment and AMP delivered through Software-as-a-Service United States Planned
QA*C - CWE Compliance Module for C Programming Language Programming Research, Inc. Source Code Static Analysis Product Suite United States Planned
QA*CPP - CWE Compliance Module for C++ Programming Language Programming Research, Inc. Source Code Static Analysis Product Suite United States Planned
Rational AppScan Enterprise Edition IBM Rational Enterprise Web Application Security Assessment Tool United States Planned
Rational AppScan Source Edition IBM Rational Source Code Testing Tool United States Planned
Rational AppScan Tester Edition IBM Rational Development-Time Web Application Security Testing Tool United States Planned
Red Hat Customer Portal Red Hat, Inc. Customer Assessment Service United States Planned
Secure Application Development Training Courses SkillBridge, LLC Instructor Led Training United States Planned
Secure Programming Exams/Assessments SANS Institute Professional Secure Programming Examination United States Planned
WebLayers Center Security Policy Library WebLayers, Inc. Software Development Lifecycle (SDLC) Governance United States Planned
Back to top
Page Last Updated: May 03, 2012
 

CWE is co-sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2012, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us