CWE - Sort By Capability

Home > Compatibility > Sort By Capability

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

Section Contents
Compatibility
Program
Requirements
Make a Declaration
Declarations to be Compatible
Organizations Participating
Sort by Product
Sort by Category
Sort by Capability

Sort By Capability

Sort By Capability

CWE Output | CWE Searchable | CWE Coverage

All organizations participating in the Compatibility Program are listed below.

CWE Output

Product	Organization	Type	Status

Fortify Source Code Analysis (SCA)	Fortify Software	Source Code Analysis Tool	Available
Ounce	Ounce Labs	Static Source Code Analysis Tool	Available
Architectural and Design Risk Management	Cigital, Inc.	Software Security Architecture and Design Risk Assessment and Management	Available
Secure Code Review with Automated Tools	Cigital, Inc.	Security Code Assessment	Available
Security Training and Awareness (various courses)	Cigital, Inc.	Software Security Training and Awareness Courses	Available
SecurityReview	Veracode, Inc.	Assessment Service	Available
Secure programming class, CS390S	CERIAS/Purdue University	Secure Programming Class and Publicly Available Teaching Materials	Available
CodeSecure Verifier	Armorize Technologies, Inc.	Web Application Source Code Analysis Suite	Available
CodeSecure Enterprise	Armorize Technologies, Inc.	Web Application Source Code Analysis Tool	Available
CodeSecure Workbench	Armorize Technologies, Inc.	Web Application Source Code Analysis Tool	Available
CodeSonar	GrammaTech, Inc.	Static Analysis Tool	Available
CxSuite	Checkmarx	Static Application Security Testing/Application Security Code Review	Available
Security-Database Web Services	Security-Database	Web Services	Available
Cenzic Hailstrom Enterprise ARC	Cenzic, Inc.	Web Application Security Risk Management Platform	Available
Cenzic Hailstorm Professional	Cenzic, Inc.	Web Application Penetration Testing and Vulnerability Management System	Available
SecurityAlert	SecurityReason	Web Application Security Risk Management Platform	Available
JVN iPedia	Information-Technology Promotion Agency (IPA), Japan	Vulnerability Countermeasure Information Database	Available
MyJVN	Information-Technology Promotion Agency (IPA), Japan	Filtered Vulnerability Countermeasure Information Tool	Available
EMC Security Development Lifecycle (SDL)	EMC Corporation and RSA (The Security Division of EMC)	Enterprise Secure Development Lifecycle	Available
EMC Product Security Policy (PSP)	EMC Corporation and RSA (The Security Division of EMC)	Enterprise Policy for Secure Product Development	Available
EMC Vulnerability Response Policy (VRP)	EMC Corporation and RSA (The Security Division of EMC)	Enterprise Response Policy for Product Vulnerabilities	Available
Certification of Software Lifecycle Personnel	ISC2 The International Information Systems Security Certification Consortium	Vulnerability Countermeasure Information Database	Available
DEFENSICS 3	Codenomicon Ltd.	Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities	Available
Secure Development Lifecycle	Apple	Secure Development Lifecycle	Available
Jtest	Parasoft Corporation	Java Software Quality Analysis and Testing Solution	Available
Software Assurance Assessment	KDM Analytics	Software Assurance Assessment Service	Available
CAST Application Intelligence Platform	CAST	Automated Application Assessment Platform	Available

Coverity Integrity Center	Coverity, Inc.	Static Analysis Tool	Planned
Coverity Prevent	Coverity, Inc.	Static Analysis Tool	Planned
HP Assessment Management Platform software	HP Application Security Center	Enterprise Platform for Managing a Web Application Security Assessment Program	Planned
HP DevInspect	HP Application Security Center	Web Application Security Assessment Tool for Developers	Planned
HP QAInspect software	HP Application Security Center	Web Application Security Assessment Tool for QA	Planned
HP SaaS for ASC	HP Application Security Center	Web Application Security Assessment and AMP delivered through Software-as-a-Service	Planned
HP WebInspect software	HP Application Security Center	Web Application Security Assessment Tool	Planned
Klocwork Enterprise Development Suite	Klocwork, Inc.	Assessment and Remediation Tool	Planned
LDRA Testbed	LDRA	Static and Dynamic Software Analysis Tool Suite	Planned
QA*C - CWE Compliance Module for C Programming Language	Programming Research, Inc.	Source Code Static Analysis Product Suite	Planned
QA*CPP - CWE Compliance Module for C++ Programming Language	Programming Research, Inc.	Source Code Static Analysis Product Suite	Planned
Rational AppScan Build Edition	IBM Rational	Web Application Security Testing Tool For QA	Planned
Rational AppScan Developer Edition	IBM Rational	Embedded Build-Time Web Application Security Testing Tool	Planned
Rational AppScan Enterprise Edition	IBM Rational	Enterprise Web Application Security Assessment Tool	Planned
Rational AppScan Express Edition	IBM Rational	Web Application Security Assessment Tool	Planned
Rational AppScan Standard Edition	IBM Rational	Web Application Security Assessment Tool	Planned
Rational AppScan Tester Edition	IBM Rational	Development-Time Web Application Security Testing Tool	Planned
Secure Application Development Training Courses	SkillBridge, LLC	Instructor Led Training	Planned
Secure Programming Exams/Assessments	SANS Institute	Professional Secure Programming Examination	Planned
SofCheck Inspector for Ada	SofCheck Inc.	Static Analysis and Fault Detection Tool	Planned

CWE Searchable

Product	Organization	Type	Status

Fortify Source Code Analysis (SCA)	Fortify Software	Source Code Analysis Tool	Available
Ounce	Ounce Labs	Static Source Code Analysis Tool	Available
Architectural and Design Risk Management	Cigital, Inc.	Software Security Architecture and Design Risk Assessment and Management	Available
Secure Code Review with Automated Tools	Cigital, Inc.	Security Code Assessment	Available
Security Training and Awareness (various courses)	Cigital, Inc.	Software Security Training and Awareness Courses	Available
SecurityReview	Veracode, Inc.	Assessment Service	Available
Secure programming class, CS390S	CERIAS/Purdue University	Secure Programming Class and Publicly Available Teaching Materials	Available
SofCheck Inspector for Ada	SofCheck Inc.	Static Analysis and Fault Detection Tool	Available
CodeSecure Verifier	Armorize Technologies, Inc.	Web Application Source Code Analysis Suite	Available
CodeSecure Enterprise	Armorize Technologies, Inc.	Web Application Source Code Analysis Tool	Available
CodeSecure Workbench	Armorize Technologies, Inc.	Web Application Source Code Analysis Tool	Available
CodeSonar	GrammaTech, Inc.	Static Analysis Tool	Available
Security-Database Web Services	Security-Database	Web Services	Available
Cenzic Hailstrom Enterprise ARC	Cenzic, Inc.	Web Application Security Risk Management Platform	Available
Cenzic Hailstorm Professional	Cenzic, Inc.	Web Application Penetration Testing and Vulnerability Management System	Available
SecurityAlert	SecurityReason	Web Application Security Risk Management Platform	Available
JVN iPedia	Information-Technology Promotion Agency (IPA), Japan	Vulnerability Countermeasure Information Database	Available
MyJVN	Information-Technology Promotion Agency (IPA), Japan	Filtered Vulnerability Countermeasure Information Tool	Available
EMC Security Development Lifecycle (SDL)	EMC Corporation and RSA (The Security Division of EMC)	Enterprise Secure Development Lifecycle	Available
EMC Product Security Policy (PSP)	EMC Corporation and RSA (The Security Division of EMC)	Enterprise Policy for Secure Product Development	Available
EMC Vulnerability Response Policy (VRP)	EMC Corporation and RSA (The Security Division of EMC)	Enterprise Response Policy for Product Vulnerabilities	Available
DEFENSICS 3	Codenomicon Ltd.	Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities	Available
Jtest	Parasoft Corporation	Java Software Quality Analysis and Testing Solution	Available
Software Assurance Assessment	KDM Analytics	Software Assurance Assessment Service	Available
CAST Application Intelligence Platform	CAST	Automated Application Assessment Platform	Available

Certification of Software Lifecycle Personnel	ISC2 The International Information Systems Security Certification Consortium	Vulnerability Countermeasure Information Database	Planned
Coverity Integrity Center	Coverity, Inc.	Static Analysis Tool	Planned
Coverity Prevent	Coverity, Inc.	Static Analysis Tool	Planned
CxSuite	Checkmarx	Static Application Security Testing/Application Security Code Review	Planned
HP Assessment Management Platform software	HP Application Security Center	Enterprise Platform for Managing a Web Application Security Assessment Program	Planned
HP DevInspect	HP Application Security Center	Web Application Security Assessment Tool for Developers	Planned
HP QAInspect software	HP Application Security Center	Web Application Security Assessment Tool for QA	Planned
HP SaaS for ASC	HP Application Security Center	Web Application Security Assessment and AMP delivered through Software-as-a-Service	Planned
HP WebInspect software	HP Application Security Center	Web Application Security Assessment Tool	Planned
Klocwork Enterprise Development Suite	Klocwork, Inc.	Assessment and Remediation Tool	Planned
LDRA Testbed	LDRA	Static and Dynamic Software Analysis Tool Suite	Planned
QA*C - CWE Compliance Module for C Programming Language	Programming Research, Inc.	Source Code Static Analysis Product Suite	Planned
QA*CPP - CWE Compliance Module for C++ Programming Language	Programming Research, Inc.	Source Code Static Analysis Product Suite	Planned
Rational AppScan Build Edition	IBM Rational	Web Application Security Testing Tool For QA	Planned
Rational AppScan Developer Edition	IBM Rational	Embedded Build-Time Web Application Security Testing Tool	Planned
Rational AppScan Enterprise Edition	IBM Rational	Enterprise Web Application Security Assessment Tool	Planned
Rational AppScan Express Edition	IBM Rational	Web Application Security Assessment Tool	Planned
Rational AppScan Standard Edition	IBM Rational	Web Application Security Assessment Tool	Planned
Rational AppScan Tester Edition	IBM Rational	Development-Time Web Application Security Testing Tool	Planned
Secure Application Development Training Courses	SkillBridge, LLC	Instructor Led Training	Planned
Secure Programming Exams/Assessments	SANS Institute	Professional Secure Programming Examination	Planned

CWE Coverage

Product	Organization	Type	Status

Fortify Source Code Analysis (SCA)	Fortify Software	Source Code Analysis Tool	Available
Ounce	Ounce Labs	Static Source Code Analysis Tool	Available
SecurityReview	Veracode, Inc.	Assessment Service	Available
CodeSecure Verifier	Armorize Technologies, Inc.	Web Application Source Code Analysis Suite	Available
CodeSecure Enterprise	Armorize Technologies, Inc.	Web Application Source Code Analysis Tool	Available
CodeSecure Workbench	Armorize Technologies, Inc.	Web Application Source Code Analysis Tool	Available
CodeSonar	GrammaTech, Inc.	Static Analysis Tool	Available
Security-Database Web Services	Security-Database	Web Services	Available
Cenzic Hailstrom Enterprise ARC	Cenzic, Inc.	Web Application Security Risk Management Platform	Available
Cenzic Hailstorm Professional	Cenzic, Inc.	Web Application Penetration Testing and Vulnerability Management System	Available
SecurityAlert	SecurityReason	Web Application Security Risk Management Platform	Available
JVN iPedia	Information-Technology Promotion Agency (IPA), Japan	Vulnerability Countermeasure Information Database	Available
MyJVN	Information-Technology Promotion Agency (IPA), Japan	Filtered Vulnerability Countermeasure Information Tool	Available
Secure Development Lifecycle	Apple	Secure Development Lifecycle	Available
CAST Application Intelligence Platform	CAST	Automated Application Assessment Platform	Available

Architectural and Design Risk Management	Cigital, Inc.	Software Security Architecture and Design Risk Assessment and Management	Planned
Certification of Software Lifecycle Personnel	ISC2 The International Information Systems Security Certification Consortium	Vulnerability Countermeasure Information Database	Planned
Coverity Integrity Center	Coverity, Inc.	Static Analysis Tool	Planned
Coverity Prevent	Coverity, Inc.	Static Analysis Tool	Planned
CxSuite	Checkmarx	Static Application Security Testing/Application Security Code Review	Planned
DEFENSICS 3	Codenomicon Ltd.	Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities	Planned
HP Assessment Management Platform software	HP Application Security Center	Enterprise Platform for Managing a Web Application Security Assessment Program	Planned
HP DevInspect	HP Application Security Center	Web Application Security Assessment Tool for Developers	Planned
HP QAInspect software	HP Application Security Center	Web Application Security Assessment Tool for QA	Planned
HP SaaS for ASC	HP Application Security Center	Web Application Security Assessment and AMP delivered through Software-as-a-Service	Planned
HP WebInspect software	HP Application Security Center	Web Application Security Assessment Tool	Planned
Jtest	Parasoft Corporation	Java Software Quality Analysis and Testing Solution	Planned
Klocwork Enterprise Development Suite	Klocwork, Inc.	Assessment and Remediation Tool	Planned
LDRA Testbed	LDRA	Static and Dynamic Software Analysis Tool Suite	Planned
QA*C - CWE Compliance Module for C Programming Language	Programming Research, Inc.	Source Code Static Analysis Product Suite	Planned
QA*CPP - CWE Compliance Module for C++ Programming Language	Programming Research, Inc.	Source Code Static Analysis Product Suite	Planned
Rational AppScan Build Edition	IBM Rational	Web Application Security Testing Tool For QA	Planned
Rational AppScan Developer Edition	IBM Rational	Embedded Build-Time Web Application Security Testing Tool	Planned
Rational AppScan Enterprise Edition	IBM Rational	Enterprise Web Application Security Assessment Tool	Planned
Rational AppScan Express Edition	IBM Rational	Web Application Security Assessment Tool	Planned
Rational AppScan Standard Edition	IBM Rational	Web Application Security Assessment Tool	Planned
Rational AppScan Tester Edition	IBM Rational	Development-Time Web Application Security Testing Tool	Planned
Secure Application Development Training Courses	SkillBridge, LLC	Instructor Led Training	Planned
Secure Code Review with Automated Tools	Cigital, Inc.	Security Code Assessment	Planned
Secure Programming Exams/Assessments	SANS Institute	Professional Secure Programming Examination	Planned
Secure programming class, CS390S	CERIAS/Purdue University	Secure Programming Class and Publicly Available Teaching Materials	Planned
Security Training and Awareness (various courses)	Cigital, Inc.	Software Security Training and Awareness Courses	Planned
SofCheck Inspector for Ada	SofCheck Inc.	Static Analysis and Fault Detection Tool	Planned
Software Assurance Assessment	KDM Analytics	Software Assurance Assessment Service	Planned

CWE Documentation

Product	Organization	Type	Status

EMC Security Development Lifecycle (SDL)	EMC Corporation and RSA (The Security Division of EMC)	Enterprise Secure Development Lifecycle	Available
EMC Product Security Policy (PSP)	EMC Corporation and RSA (The Security Division of EMC)	Enterprise Policy for Secure Product Development	Available
EMC Vulnerability Response Policy (VRP)	EMC Corporation and RSA (The Security Division of EMC)	Enterprise Response Policy for Product Vulnerabilities	Available
DEFENSICS 3	Codenomicon Ltd.	Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities	Available
Jtest	Parasoft Corporation	Java Software Quality Analysis and Testing Solution	Available
Software Assurance Assessment	KDM Analytics	Software Assurance Assessment Service	Available

CAST Application Intelligence Platform	CAST	Automated Application Assessment Platform	Planned
Coverity Integrity Center	Coverity, Inc.	Static Analysis Tool	Planned
Coverity Prevent	Coverity, Inc.	Static Analysis Tool	Planned
LDRA Testbed	LDRA	Static and Dynamic Software Analysis Tool Suite	Planned
QA*C - CWE Compliance Module for C Programming Language	Programming Research, Inc.	Source Code Static Analysis Product Suite	Planned
QA*CPP - CWE Compliance Module for C++ Programming Language	Programming Research, Inc.	Source Code Static Analysis Product Suite	Planned

Page Last Updated: October 05, 2009


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us