|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Product | Organization | Type | Status | |
|---|---|---|---|---|
| Fortify Source Code Analysis (SCA) | Fortify Software | Source Code Analysis Tool | Available | |
| Ounce | Ounce Labs | Static Source Code Analysis Tool | Available | |
| Architectural and Design Risk Management | Cigital, Inc. | Software Security Architecture and Design Risk Assessment and Management | Available | |
| Secure Code Review with Automated Tools | Cigital, Inc. | Security Code Assessment | Available | |
| Security Training and Awareness (various courses) | Cigital, Inc. | Software Security Training and Awareness Courses | Available | |
| SecurityReview | Veracode, Inc. | Assessment Service | Available | |
| Secure programming class, CS390S | CERIAS/Purdue University | Secure Programming Class and Publicly Available Teaching Materials | Available | |
| CodeSecure Verifier | Armorize Technologies, Inc. | Web Application Source Code Analysis Suite | Available | |
| CodeSecure Enterprise | Armorize Technologies, Inc. | Web Application Source Code Analysis Tool | Available | |
| CodeSecure Workbench | Armorize Technologies, Inc. | Web Application Source Code Analysis Tool | Available | |
| CodeSonar | GrammaTech, Inc. | Static Analysis Tool | Available | |
| CxSuite | Checkmarx | Static Application Security Testing/Application Security Code Review | Available | |
| Security-Database Web Services | Security-Database | Web Services | Available | |
| Cenzic Hailstrom Enterprise ARC | Cenzic, Inc. | Web Application Security Risk Management Platform | Available | |
| Cenzic Hailstorm Professional | Cenzic, Inc. | Web Application Penetration Testing and Vulnerability Management System | Available | |
| SecurityAlert | SecurityReason | Web Application Security Risk Management Platform | Available | |
| JVN iPedia | Information-Technology Promotion Agency (IPA), Japan | Vulnerability Countermeasure Information Database | Available | |
| MyJVN | Information-Technology Promotion Agency (IPA), Japan | Filtered Vulnerability Countermeasure Information Tool | Available | |
| EMC Security Development Lifecycle (SDL) | EMC Corporation and RSA (The Security Division of EMC) | Enterprise Secure Development Lifecycle | Available | |
| EMC Product Security Policy (PSP) | EMC Corporation and RSA (The Security Division of EMC) | Enterprise Policy for Secure Product Development | Available | |
| EMC Vulnerability Response Policy (VRP) | EMC Corporation and RSA (The Security Division of EMC) | Enterprise Response Policy for Product Vulnerabilities | Available | |
| Certification of Software Lifecycle Personnel | ISC2 The International Information Systems Security Certification Consortium | Vulnerability Countermeasure Information Database | Available | |
| DEFENSICS 3 | Codenomicon Ltd. | Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities | Available | |
| Secure Development Lifecycle | Apple | Secure Development Lifecycle | Available | |
| Jtest | Parasoft Corporation | Java Software Quality Analysis and Testing Solution | Available | |
| Software Assurance Assessment | KDM Analytics | Software Assurance Assessment Service | Available | |
| CAST Application Intelligence Platform | CAST | Automated Application Assessment Platform | Available | |
| Coverity Integrity Center | Coverity, Inc. | Static Analysis Tool | Planned | |
| Coverity Prevent | Coverity, Inc. | Static Analysis Tool | Planned | |
| HP Assessment Management Platform software | HP Application Security Center | Enterprise Platform for Managing a Web Application Security Assessment Program | Planned | |
| HP DevInspect | HP Application Security Center | Web Application Security Assessment Tool for Developers | Planned | |
| HP QAInspect software | HP Application Security Center | Web Application Security Assessment Tool for QA | Planned | |
| HP SaaS for ASC | HP Application Security Center | Web Application Security Assessment and AMP delivered through Software-as-a-Service | Planned | |
| HP WebInspect software | HP Application Security Center | Web Application Security Assessment Tool | Planned | |
| Klocwork Enterprise Development Suite | Klocwork, Inc. | Assessment and Remediation Tool | Planned | |
| LDRA Testbed | LDRA | Static and Dynamic Software Analysis Tool Suite | Planned | |
| QA*C - CWE Compliance Module for C Programming Language | Programming Research, Inc. | Source Code Static Analysis Product Suite | Planned | |
| QA*CPP - CWE Compliance Module for C++ Programming Language | Programming Research, Inc. | Source Code Static Analysis Product Suite | Planned | |
| Rational AppScan Build Edition | IBM Rational | Web Application Security Testing Tool For QA | Planned | |
| Rational AppScan Developer Edition | IBM Rational | Embedded Build-Time Web Application Security Testing Tool | Planned | |
| Rational AppScan Enterprise Edition | IBM Rational | Enterprise Web Application Security Assessment Tool | Planned | |
| Rational AppScan Express Edition | IBM Rational | Web Application Security Assessment Tool | Planned | |
| Rational AppScan Standard Edition | IBM Rational | Web Application Security Assessment Tool | Planned | |
| Rational AppScan Tester Edition | IBM Rational | Development-Time Web Application Security Testing Tool | Planned | |
| Secure Application Development Training Courses | SkillBridge, LLC | Instructor Led Training | Planned | |
| Secure Programming Exams/Assessments | SANS Institute | Professional Secure Programming Examination | Planned | |
| SofCheck Inspector for Ada | SofCheck Inc. | Static Analysis and Fault Detection Tool | Planned | |
| Product | Organization | Type | Status | |
|---|---|---|---|---|
| Fortify Source Code Analysis (SCA) | Fortify Software | Source Code Analysis Tool | Available | |
| Ounce | Ounce Labs | Static Source Code Analysis Tool | Available | |
| Architectural and Design Risk Management | Cigital, Inc. | Software Security Architecture and Design Risk Assessment and Management | Available | |
| Secure Code Review with Automated Tools | Cigital, Inc. | Security Code Assessment | Available | |
| Security Training and Awareness (various courses) | Cigital, Inc. | Software Security Training and Awareness Courses | Available | |
| SecurityReview | Veracode, Inc. | Assessment Service | Available | |
| Secure programming class, CS390S | CERIAS/Purdue University | Secure Programming Class and Publicly Available Teaching Materials | Available | |
| SofCheck Inspector for Ada | SofCheck Inc. | Static Analysis and Fault Detection Tool | Available | |
| CodeSecure Verifier | Armorize Technologies, Inc. | Web Application Source Code Analysis Suite | Available | |
| CodeSecure Enterprise | Armorize Technologies, Inc. | Web Application Source Code Analysis Tool | Available | |
| CodeSecure Workbench | Armorize Technologies, Inc. | Web Application Source Code Analysis Tool | Available | |
| CodeSonar | GrammaTech, Inc. | Static Analysis Tool | Available | |
| Security-Database Web Services | Security-Database | Web Services | Available | |
| Cenzic Hailstrom Enterprise ARC | Cenzic, Inc. | Web Application Security Risk Management Platform | Available | |
| Cenzic Hailstorm Professional | Cenzic, Inc. | Web Application Penetration Testing and Vulnerability Management System | Available | |
| SecurityAlert | SecurityReason | Web Application Security Risk Management Platform | Available | |
| JVN iPedia | Information-Technology Promotion Agency (IPA), Japan | Vulnerability Countermeasure Information Database | Available | |
| MyJVN | Information-Technology Promotion Agency (IPA), Japan | Filtered Vulnerability Countermeasure Information Tool | Available | |
| EMC Security Development Lifecycle (SDL) | EMC Corporation and RSA (The Security Division of EMC) | Enterprise Secure Development Lifecycle | Available | |
| EMC Product Security Policy (PSP) | EMC Corporation and RSA (The Security Division of EMC) | Enterprise Policy for Secure Product Development | Available | |
| EMC Vulnerability Response Policy (VRP) | EMC Corporation and RSA (The Security Division of EMC) | Enterprise Response Policy for Product Vulnerabilities | Available | |
| DEFENSICS 3 | Codenomicon Ltd. | Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities | Available | |
| Jtest | Parasoft Corporation | Java Software Quality Analysis and Testing Solution | Available | |
| Software Assurance Assessment | KDM Analytics | Software Assurance Assessment Service | Available | |
| CAST Application Intelligence Platform | CAST | Automated Application Assessment Platform | Available | |
| Certification of Software Lifecycle Personnel | ISC2 The International Information Systems Security Certification Consortium | Vulnerability Countermeasure Information Database | Planned | |
| Coverity Integrity Center | Coverity, Inc. | Static Analysis Tool | Planned | |
| Coverity Prevent | Coverity, Inc. | Static Analysis Tool | Planned | |
| CxSuite | Checkmarx | Static Application Security Testing/Application Security Code Review | Planned | |
| HP Assessment Management Platform software | HP Application Security Center | Enterprise Platform for Managing a Web Application Security Assessment Program | Planned | |
| HP DevInspect | HP Application Security Center | Web Application Security Assessment Tool for Developers | Planned | |
| HP QAInspect software | HP Application Security Center | Web Application Security Assessment Tool for QA | Planned | |
| HP SaaS for ASC | HP Application Security Center | Web Application Security Assessment and AMP delivered through Software-as-a-Service | Planned | |
| HP WebInspect software | HP Application Security Center | Web Application Security Assessment Tool | Planned | |
| Klocwork Enterprise Development Suite | Klocwork, Inc. | Assessment and Remediation Tool | Planned | |
| LDRA Testbed | LDRA | Static and Dynamic Software Analysis Tool Suite | Planned | |
| QA*C - CWE Compliance Module for C Programming Language | Programming Research, Inc. | Source Code Static Analysis Product Suite | Planned | |
| QA*CPP - CWE Compliance Module for C++ Programming Language | Programming Research, Inc. | Source Code Static Analysis Product Suite | Planned | |
| Rational AppScan Build Edition | IBM Rational | Web Application Security Testing Tool For QA | Planned | |
| Rational AppScan Developer Edition | IBM Rational | Embedded Build-Time Web Application Security Testing Tool | Planned | |
| Rational AppScan Enterprise Edition | IBM Rational | Enterprise Web Application Security Assessment Tool | Planned | |
| Rational AppScan Express Edition | IBM Rational | Web Application Security Assessment Tool | Planned | |
| Rational AppScan Standard Edition | IBM Rational | Web Application Security Assessment Tool | Planned | |
| Rational AppScan Tester Edition | IBM Rational | Development-Time Web Application Security Testing Tool | Planned | |
| Secure Application Development Training Courses | SkillBridge, LLC | Instructor Led Training | Planned | |
| Secure Programming Exams/Assessments | SANS Institute | Professional Secure Programming Examination | Planned | |
| Product | Organization | Type | Status | |
|---|---|---|---|---|
| Fortify Source Code Analysis (SCA) | Fortify Software | Source Code Analysis Tool | Available | |
| Ounce | Ounce Labs | Static Source Code Analysis Tool | Available | |
| SecurityReview | Veracode, Inc. | Assessment Service | Available | |
| CodeSecure Verifier | Armorize Technologies, Inc. | Web Application Source Code Analysis Suite | Available | |
| CodeSecure Enterprise | Armorize Technologies, Inc. | Web Application Source Code Analysis Tool | Available | |
| CodeSecure Workbench | Armorize Technologies, Inc. | Web Application Source Code Analysis Tool | Available | |
| CodeSonar | GrammaTech, Inc. | Static Analysis Tool | Available | |
| Security-Database Web Services | Security-Database | Web Services | Available | |
| Cenzic Hailstrom Enterprise ARC | Cenzic, Inc. | Web Application Security Risk Management Platform | Available | |
| Cenzic Hailstorm Professional | Cenzic, Inc. | Web Application Penetration Testing and Vulnerability Management System | Available | |
| SecurityAlert | SecurityReason | Web Application Security Risk Management Platform | Available | |
| JVN iPedia | Information-Technology Promotion Agency (IPA), Japan | Vulnerability Countermeasure Information Database | Available | |
| MyJVN | Information-Technology Promotion Agency (IPA), Japan | Filtered Vulnerability Countermeasure Information Tool | Available | |
| Secure Development Lifecycle | Apple | Secure Development Lifecycle | Available | |
| CAST Application Intelligence Platform | CAST | Automated Application Assessment Platform | Available | |
| Architectural and Design Risk Management | Cigital, Inc. | Software Security Architecture and Design Risk Assessment and Management | Planned | |
| Certification of Software Lifecycle Personnel | ISC2 The International Information Systems Security Certification Consortium | Vulnerability Countermeasure Information Database | Planned | |
| Coverity Integrity Center | Coverity, Inc. | Static Analysis Tool | Planned | |
| Coverity Prevent | Coverity, Inc. | Static Analysis Tool | Planned | |
| CxSuite | Checkmarx | Static Application Security Testing/Application Security Code Review | Planned | |
| DEFENSICS 3 | Codenomicon Ltd. | Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities | Planned | |
| HP Assessment Management Platform software | HP Application Security Center | Enterprise Platform for Managing a Web Application Security Assessment Program | Planned | |
| HP DevInspect | HP Application Security Center | Web Application Security Assessment Tool for Developers | Planned | |
| HP QAInspect software | HP Application Security Center | Web Application Security Assessment Tool for QA | Planned | |
| HP SaaS for ASC | HP Application Security Center | Web Application Security Assessment and AMP delivered through Software-as-a-Service | Planned | |
| HP WebInspect software | HP Application Security Center | Web Application Security Assessment Tool | Planned | |
| Jtest | Parasoft Corporation | Java Software Quality Analysis and Testing Solution | Planned | |
| Klocwork Enterprise Development Suite | Klocwork, Inc. | Assessment and Remediation Tool | Planned | |
| LDRA Testbed | LDRA | Static and Dynamic Software Analysis Tool Suite | Planned | |
| QA*C - CWE Compliance Module for C Programming Language | Programming Research, Inc. | Source Code Static Analysis Product Suite | Planned | |
| QA*CPP - CWE Compliance Module for C++ Programming Language | Programming Research, Inc. | Source Code Static Analysis Product Suite | Planned | |
| Rational AppScan Build Edition | IBM Rational | Web Application Security Testing Tool For QA | Planned | |
| Rational AppScan Developer Edition | IBM Rational | Embedded Build-Time Web Application Security Testing Tool | Planned | |
| Rational AppScan Enterprise Edition | IBM Rational | Enterprise Web Application Security Assessment Tool | Planned | |
| Rational AppScan Express Edition | IBM Rational | Web Application Security Assessment Tool | Planned | |
| Rational AppScan Standard Edition | IBM Rational | Web Application Security Assessment Tool | Planned | |
| Rational AppScan Tester Edition | IBM Rational | Development-Time Web Application Security Testing Tool | Planned | |
| Secure Application Development Training Courses | SkillBridge, LLC | Instructor Led Training | Planned | |
| Secure Code Review with Automated Tools | Cigital, Inc. | Security Code Assessment | Planned | |
| Secure Programming Exams/Assessments | SANS Institute | Professional Secure Programming Examination | Planned | |
| Secure programming class, CS390S | CERIAS/Purdue University | Secure Programming Class and Publicly Available Teaching Materials | Planned | |
| Security Training and Awareness (various courses) | Cigital, Inc. | Software Security Training and Awareness Courses | Planned | |
| SofCheck Inspector for Ada | SofCheck Inc. | Static Analysis and Fault Detection Tool | Planned | |
| Software Assurance Assessment | KDM Analytics | Software Assurance Assessment Service | Planned | |
| Product | Organization | Type | Status | |
|---|---|---|---|---|
| EMC Security Development Lifecycle (SDL) | EMC Corporation and RSA (The Security Division of EMC) | Enterprise Secure Development Lifecycle | Available | |
| EMC Product Security Policy (PSP) | EMC Corporation and RSA (The Security Division of EMC) | Enterprise Policy for Secure Product Development | Available | |
| EMC Vulnerability Response Policy (VRP) | EMC Corporation and RSA (The Security Division of EMC) | Enterprise Response Policy for Product Vulnerabilities | Available | |
| DEFENSICS 3 | Codenomicon Ltd. | Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities | Available | |
| Jtest | Parasoft Corporation | Java Software Quality Analysis and Testing Solution | Available | |
| Software Assurance Assessment | KDM Analytics | Software Assurance Assessment Service | Available | |
| CAST Application Intelligence Platform | CAST | Automated Application Assessment Platform | Planned | |
| Coverity Integrity Center | Coverity, Inc. | Static Analysis Tool | Planned | |
| Coverity Prevent | Coverity, Inc. | Static Analysis Tool | Planned | |
| LDRA Testbed | LDRA | Static and Dynamic Software Analysis Tool Suite | Planned | |
| QA*C - CWE Compliance Module for C Programming Language | Programming Research, Inc. | Source Code Static Analysis Product Suite | Planned | |
| QA*CPP - CWE Compliance Module for C++ Programming Language | Programming Research, Inc. | Source Code Static Analysis Product Suite | Planned | |
|
|
|||