CWE - Sort By Category

Home > Compatibility > Sort By Category

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents
FAQs

Community
SwA On-Ramp
T-Shirt
Discussion List
Discussion Archives

Scoring
CWSS
CWRAF
CWE/SANS Top 25

Compatibility
Requirements
Coverage Claims Representation
Compatible Products
Make a Declaration

News
Calendar
Free Newsletter

Contact Us
Search the Site

Section Contents
Compatibility
Program
Requirements
CCR
FAQs
Compatible Products and Services
Declarations to be Compatible
Organizations Participating
Sort by Product
Sort by Country
Sort by Category
Sort by Capability
Make a Declaration

Sort By Category

Sort By Category

Assessment and Remediation Tool | Assessment Service | Database/Knowledge Repository | Education Offering | Software Development Practices

All organizations participating in the Compatibility Program are listed below.

Assessment and Remediation Tool

Product (34)	Organization (18)	Type	Country (7)	Capability	Status

CodeSonar	GrammaTech, Inc.	Static Analysis Tool	United States	Output Searchable Coverage
HP Assessment Management Platform (ASP)	Hewlett-Packard	Enterprise Platform for Managing a Web Application Security Assessment Program	United States	Output Searchable Coverage
HP Fortify On Demand	Hewlett-Packard	Static and Dynamic Analysis and Results Reporting Service	United States	Output Searchable Coverage
HP Fortify Real-Time Analyzer	Hewlett-Packard	Real-Time Detection and Prevention of Attacks	United States	Output Searchable Coverage
HP Fortify Software Security Center	Hewlett-Packard	Results Reporting	United States	Output Searchable Coverage
HP Fortify Static Code Analyzer	Hewlett-Packard	Static Analysis and Results Reporting	United States	Output Searchable Coverage
HP WebInspect	Hewlett-Packard	Dynamic Analysis Web Application Security Assessment Tool	United States	Output Searchable Coverage
Klocwork Insight	Klocwork, Inc.	Assessment and Remediation Tool	Canada	Output Searchable Coverage
SAMATE Reference Dataset (SRD)	National Institute of Standards and Technology (NIST)	Web-based Software Security Assurance Application	United States	Output Searchable Coverage

CAST Application Intelligence Platform	CAST	Automated Application Assessment Platform	France	Output Searchable Coverage	Available Available Available
Cenzic Hailstorm Professional	Cenzic, Inc.	Web Application Penetration Testing and Vulnerability Management System	United States	Output Searchable Coverage	Available Available Available
Cenzic Hailstrom Enterprise ARC	Cenzic, Inc.	Web Application Security Risk Management Platform	United States	Output Searchable Coverage	Available Available Available
CodeSecure Enterprise	Armorize Technologies, Inc.	Web Application Source Code Analysis Tool	United States	Output Searchable Coverage	Available Available Available
CodeSecure Verifier	Armorize Technologies, Inc.	Web Application Source Code Analysis Suite	United States	Output Searchable Coverage	Available Available Available
CodeSecure Workbench	Armorize Technologies, Inc.	Web Application Source Code Analysis Tool	United States	Output Searchable Coverage	Available Available Available
COREvidence	NETpeas, SA	Cloud-Based, Multi-Engines Vulnerability Management Service	France	Output Coverage Searchable	Available Available Planned
Coverity Integrity Center	Coverity, Inc.	Static Analysis Tool	United States	Output Searchable Coverage	Available Available Available
Coverity Prevent	Coverity, Inc.	Static Analysis Tool	United States	Output Searchable Coverage	Available Available Available
CxSuite	Checkmarx	Static Application Security Testing/Application Security Code Review	Israel	Output Searchable Coverage	Available Planned Planned
DEFENSICS X	Codenomicon Ltd.	Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities	Finland	Output Searchable Coverage	Available Available Planned
Jtest	Parasoft Corporation	Java Software Quality Analysis and Testing Solution	United States	Output Searchable Coverage	Available Available Planned
LDRA Testbed	LDRA	Static and Dynamic Software Analysis Tool Suite	United Kingdom	Output Searchable Coverage	Available Available Planned
MyJVN	Information-Technology Promotion Agency (IPA), Japan	Filtered Vulnerability Countermeasure Information Tool	Japan	Output Searchable Coverage	Available Available Available
Rational AppScan Standard Edition	IBM Rational	Web Application Security Assessment Tool	United States	Output Searchable Coverage	Available Available Available
SofCheck Inspector for Ada	SofCheck Inc.	Static Analysis and Fault Detection Tool	United States	Searchable Output Coverage	Available Planned Planned
TBvision	LDRA	Static and Dynamic Software Analysis Tool Suite	United Kingdom	Output Searchable Coverage	Available Available Planned

HP DevInspect	Hewlett-Packard	Web Application Security Assessment Tool for Developers	United States	Output Searchable Coverage	Planned Planned Planned
HP QAInspect	Hewlett-Packard	Web Application Security Assessment Tool for QA	United States	Output Searchable Coverage	Planned Planned Planned
QA*C - CWE Compliance Module for C Programming Language	Programming Research, Inc.	Source Code Static Analysis Product Suite	United States	Output Searchable Coverage	Planned Planned Planned
QA*CPP - CWE Compliance Module for C++ Programming Language	Programming Research, Inc.	Source Code Static Analysis Product Suite	United States	Output Searchable Coverage	Planned Planned Planned
Rational AppScan Enterprise Edition	IBM Rational	Enterprise Web Application Security Assessment Tool	United States	Output Searchable Coverage	Planned Planned Planned
Rational AppScan Source Edition	IBM Rational	Source Code Testing Tool	United States	Output Searchable Coverage	Planned Planned Planned
Rational AppScan Tester Edition	IBM Rational	Development-Time Web Application Security Testing Tool	United States	Output Searchable Coverage	Planned Planned Planned
WebLayers Center Security Policy Library	WebLayers, Inc.	Software Development Lifecycle (SDLC) Governance	United States	Output Searchable Coverage	Planned Planned Planned

Application-Level Firewall

Product (0)	Organization (0)	Type	Country (0)	Capability	Status

Assessment Service

Product (19)	Organization (9)	Type	Country (3)	Capability	Status

HP Assessment Management Platform (ASP)	Hewlett-Packard	Enterprise Platform for Managing a Web Application Security Assessment Program	United States	Output Searchable Coverage
HP Fortify On Demand	Hewlett-Packard	Static and Dynamic Analysis and Results Reporting Service	United States	Output Searchable Coverage
HP Fortify Software Security Center	Hewlett-Packard	Results Reporting	United States	Output Searchable Coverage
HP WebInspect	Hewlett-Packard	Dynamic Analysis Web Application Security Assessment Tool	United States	Output Searchable Coverage
Security-Database Web Services	Security-Database	Web Services	France	Output Searchable Coverage
Veracode Analytics	Veracode, Inc.	SAST, DAST, Manual Penetration Testing	United States	Output Searchable Coverage
Veracode Dynamic Analysis	Veracode, Inc.	SAST, DAST, Manual Penetration Testing	United States	Output Searchable Coverage
Veracode Manual Testing	Veracode, Inc.	SAST, DAST, Manual Penetration Testing	United States	Output Searchable Coverage
Veracode Static Analysis	Veracode, Inc.	SAST, DAST, Manual Penetration Testing	United States	Output Searchable Coverage

Architectural and Design Risk Management	Cigital, Inc.	Software Security Architecture and Design Risk Assessment and Management	United States	Output Searchable Coverage	Available Available Planned
COREvidence	NETpeas, SA	Cloud-Based, Multi-Engines Vulnerability Management Service	France	Output Coverage Searchable	Available Available Planned
Secure Code Review	Astyran Pte Ltd.	Secure Code Review	Singapore	Output Searchable Coverage	Available Available Planned
Secure Code Review with Automated Tools	Cigital, Inc.	Security Code Assessment	United States	Output Searchable Coverage	Available Available Planned
Secure Design Review	Astyran Pte Ltd.	Secure Design Review	Singapore	Output Searchable Coverage	Available Available Planned
Software Assurance Assessment	KDM Analytics	Software Assurance Assessment Service	United States	Output Searchable Coverage	Available Available Planned
Web Application Vulnerability Assessment	Astyran Pte Ltd.	Application Vulnerability Assessment	Singapore	Output Searchable Coverage	Available Available Available

HP SaaS for ASC	Hewlett-Packard	Web Application Security Assessment and AMP delivered through Software-as-a-Service	United States	Output Searchable Coverage	Planned Planned Planned
Red Hat Customer Portal	Red Hat, Inc.	Customer Assessment Service	United States	Output Searchable Coverage	Planned Planned Planned
Secure Programming Exams/Assessments	SANS Institute	Professional Secure Programming Examination	United States	Output Searchable Coverage	Planned Planned Planned

Database/Knowledge Repository

Product (8)	Organization (7)	Type	Country (5)	Capability	Status

SAMATE Reference Dataset (SRD)	National Institute of Standards and Technology (NIST)	Web-based Software Security Assurance Application	United States	Output Searchable Coverage
Security-Database Web Services	Security-Database	Web Services	France	Output Searchable Coverage
World Laboratory of Bugtraq (WLB) 2	CXSecurity	Vulnerability Database	Poland	Output Searchable Coverage

JVN iPedia	Information-Technology Promotion Agency (IPA), Japan	Vulnerability Countermeasure Information Database	Japan	Output Searchable Coverage	Available Available Available
LDRA Testbed	LDRA	Static and Dynamic Software Analysis Tool Suite	United Kingdom	Output Searchable Coverage	Available Available Planned
SecurityAlert	SecurityReason	Web Application Security Risk Management Platform	Poland	Output Searchable Coverage	Available Available Available
SofCheck Inspector for Ada	SofCheck Inc.	Static Analysis and Fault Detection Tool	United States	Searchable Output Coverage	Available Planned Planned
TBvision	LDRA	Static and Dynamic Software Analysis Tool Suite	United Kingdom	Output Searchable Coverage	Available Available Planned

Education Offering

Product (6)	Organization (6)	Type	Country (1)	Capability	Status

Certification of Software Lifecycle Personnel	ISC2 The International Information Systems Security Certification Consortium	Professional Certification	United States	Output Searchable Coverage	Available Planned Planned
Secure programming class, CS390S	CERIAS/Purdue University	Secure Programming Class and Publicly Available Teaching Materials	United States	Output Searchable Coverage	Available Available Planned
Security Training and Awareness (various courses)	Cigital, Inc.	Software Security Training and Awareness Courses	United States	Output Searchable Coverage	Available Available Planned

EC-Council Certified Secure Programmer	EC-Council	Secure Programmer Certification Program	United States	Output Searchable	Planned Planned
Secure Application Development Training Courses	SkillBridge, LLC	Instructor Led Training	United States	Output Searchable Coverage	Planned Planned Planned
Secure Programming Exams/Assessments	SANS Institute	Professional Secure Programming Examination	United States	Output Searchable Coverage	Planned Planned Planned

Software Development Practices

Product (9)	Organization (6)	Type	Country (1)	Capability	Status

HP Assessment Management Platform (ASP)	Hewlett-Packard	Enterprise Platform for Managing a Web Application Security Assessment Program	United States	Output Searchable Coverage
HP WebInspect	Hewlett-Packard	Dynamic Analysis Web Application Security Assessment Tool	United States	Output Searchable Coverage

Certification of Software Lifecycle Personnel	ISC2 The International Information Systems Security Certification Consortium	Professional Certification	United States	Output Searchable Coverage	Available Planned Planned
EMC Product Security Policy (PSP)	EMC Corporation and RSA (The Security Division of EMC)	Enterprise Policy for Secure Product Development	United States	Output Searchable	Available Available
EMC Security Development Lifecycle (SDL)	EMC Corporation and RSA (The Security Division of EMC)	Enterprise Secure Development Lifecycle	United States	Output Searchable	Available Available
EMC Vulnerability Response Policy (VRP)	EMC Corporation and RSA (The Security Division of EMC)	Enterprise Response Policy for Product Vulnerabilities	United States	Output Searchable	Available Available
Secure Development Lifecycle	Apple	Secure Development Lifecycle	United States	Output Coverage	Available Available
Symantec Product Security	Symantec	Symmunize (Symantec's Secure Development Lifecycle Process)	United States	Output Searchable	Available Available

WebLayers Center Security Policy Library	WebLayers, Inc.	Software Development Lifecycle (SDLC) Governance	United States	Output Searchable Coverage	Planned Planned Planned

Page Last Updated: May 03, 2012


	CWE is co-sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2012, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us