CWE
CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > Compatibility > Sort By Category  

Sort By Category
Sort By Category

All organizations participating in the Compatibility Program are listed below.

Assessment and Remediation Tool

Product (39) Organization (22) Type Country (9) Capability Status
CodeSonar GrammaTech, Inc. Static Analysis Tool United States
Output
Searchable
Coverage
CWE Compatible
Coverity Quality Advisor Coverity, Inc. Static Application Security Testing (SAST) United States
Output
Searchable
Coverage
CWE Compatible
Coverity Security Advisor Coverity, Inc. Static Application Security Testing (SAST) United States
Output
Searchable
Coverage
CWE Compatible
HP Assessment Management Platform (ASP) Hewlett-Packard Enterprise Platform for Managing a Web Application Security Assessment Program United States
Output
Searchable
Coverage
CWE Compatible
HP Fortify On Demand Hewlett-Packard Static and Dynamic Analysis and Results Reporting Service United States
Output
Searchable
Coverage
CWE Compatible
HP Fortify Real-Time Analyzer Hewlett-Packard Real-Time Detection and Prevention of Attacks United States
Output
Searchable
Coverage
CWE Compatible
HP Fortify Software Security Center Hewlett-Packard Results Reporting United States
Output
Searchable
Coverage
CWE Compatible
HP Fortify Static Code Analyzer Hewlett-Packard Static Analysis and Results Reporting United States
Output
Searchable
Coverage
CWE Compatible
HP WebInspect Hewlett-Packard Dynamic Analysis Web Application Security Assessment Tool United States
Output
Searchable
Coverage
CWE Compatible
IBM Security AppScan Standard IBM Security Systems Web Application Security Assessment Scanner United States
Output
Searchable
Coverage
CWE Compatible
Klocwork Insight Klocwork, Inc. Assessment and Remediation Tool Canada
Output
Searchable
Coverage
CWE Compatible
SAMATE Reference Dataset (SRD) National Institute of Standards and Technology (NIST) Web-based Software Security Assurance Application United States
Output
Searchable
Coverage
CWE Compatible
ThreadFix Denim Group, Ltd Open Source Vulnerability Management Tool United States
Output
Searchable
Coverage
CWE Compatible
WebLayers Center Security Policy Library WebLayers, Inc. Software Development Lifecycle (SDLC) Governance United States
Output
Searchable
Coverage
CWE Compatible
CAST Application Intelligence Platform CAST Automated Application Assessment Platform France
Output
Searchable
Coverage
Available
Available
Available
Cenzic Hailstorm Enterprise ARC Cenzic, Inc. Application Security Assessment Tool United States
Output
Searchable
Coverage
Available
Available
Available
Cenzic Hailstorm Professional Cenzic, Inc. Application Security Assessment Tool United States
Output
Searchable
Coverage
Available
Available
Available
CodeSecure Enterprise Armorize Technologies, Inc. Web Application Source Code Analysis Tool United States
Output
Searchable
Coverage
Available
Available
Available
CodeSecure Verifier Armorize Technologies, Inc. Web Application Source Code Analysis Suite United States
Output
Searchable
Coverage
Available
Available
Available
CodeSecure Workbench Armorize Technologies, Inc. Web Application Source Code Analysis Tool United States
Output
Searchable
Coverage
Available
Available
Available
Conviso Security Compliance (CSC) Conviso Application Security Vulnerability Identification and Management Brazil
Output
Searchable
Coverage
Available
Available
Available
COREvidence NETpeas, SA Cloud-Based, Multi-Engines Vulnerability Management Service France
Output
Coverage
Searchable
Available
Available
Planned
CxCloud Checkmarx Static Code Analysis On Demand Israel
Output
Searchable
Coverage
Available
Available
Available
CxEnteprise Checkmarx Static Code Analysis On Premise Israel
Output
Searchable
Coverage
Available
Available
Available
CxSuite Checkmarx Static Application Security Testing/Application Security Code Review Israel
Output
Searchable
Coverage
Available
Available
Available
DEFENSICS X Codenomicon Ltd. Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities Finland
Output
Searchable
Coverage
Available
Available
Planned
IBM Security AppScan Enterprise IBM Security Systems Enterprise Web Application Security Assessment Tool United States
Output
Searchable
Coverage
Planned
Planned
Planned
IBM Security AppScan Source IBM Security Systems Source Code Testing Tool United States
Output
Searchable
Coverage
Available
Available
Available
Jtest Parasoft Corporation Java Software Quality Analysis and Testing Solution United States
Output
Searchable
Coverage
Available
Available
Planned
LDRA Testbed LDRA Static and Dynamic Software Analysis Tool Suite United Kingdom
Output
Searchable
Coverage
Available
Available
Planned
MyJVN Information-technology Promotion Agency, Japan (IPA) Filtered Vulnerability Countermeasure Information Tool Japan
Output
Searchable
Coverage
Available
Available
Available
SofCheck Inspector for Ada SofCheck Inc. Static Analysis and Fault Detection Tool United States
Searchable
Output
Coverage
Available
Planned
Planned
SPARROW Fasoo.com, Inc. Semantic-Based Static Program Analysis Engine Korea
Output
Searchable
Coverage
Available
Available
Planned
TBvision LDRA Static and Dynamic Software Analysis Tool Suite United Kingdom
Output
Searchable
Coverage
Available
Available
Planned
HP DevInspect Hewlett-Packard Web Application Security Assessment Tool for Developers United States
Output
Searchable
Coverage
Planned
Planned
Planned
HP QAInspect Hewlett-Packard Web Application Security Assessment Tool for QA United States
Output
Searchable
Coverage
Planned
Planned
Planned
QA*C - CWE Compliance Module for C Programming Language Programming Research, Inc. Source Code Static Analysis Product Suite United States
Output
Searchable
Coverage
Planned
Planned
Planned
QA*CPP - CWE Compliance Module for C++ Programming Language Programming Research, Inc. Source Code Static Analysis Product Suite United States
Output
Searchable
Coverage
Planned
Planned
Planned
Rational AppScan Tester Edition IBM Rational Development-Time Web Application Security Testing Tool United States
Output
Searchable
Coverage
Planned
Planned
Planned

Assessment Service

Product (20) Organization (10) Type Country (4) Capability Status
HP Assessment Management Platform (ASP) Hewlett-Packard Enterprise Platform for Managing a Web Application Security Assessment Program United States
Output
Searchable
Coverage
CWE Compatible
HP Fortify On Demand Hewlett-Packard Static and Dynamic Analysis and Results Reporting Service United States
Output
Searchable
Coverage
CWE Compatible
HP Fortify Software Security Center Hewlett-Packard Results Reporting United States
Output
Searchable
Coverage
CWE Compatible
HP WebInspect Hewlett-Packard Dynamic Analysis Web Application Security Assessment Tool United States
Output
Searchable
Coverage
CWE Compatible
Red Hat Customer Portal Red Hat, Inc. Customer Assessment Service United States
Output
Searchable
Coverage
CWE Compatible
Security-Database Web Services Security-Database Web Services France
Output
Searchable
Coverage
CWE Compatible
Veracode Analytics Veracode, Inc. SAST, DAST, Manual Penetration Testing United States
Output
Searchable
Coverage
CWE Compatible
Veracode Dynamic Analysis Veracode, Inc. SAST, DAST, Manual Penetration Testing United States
Output
Searchable
Coverage
CWE Compatible
Veracode Manual Testing Veracode, Inc. SAST, DAST, Manual Penetration Testing United States
Output
Searchable
Coverage
CWE Compatible
Veracode Static Analysis Veracode, Inc. SAST, DAST, Manual Penetration Testing United States
Output
Searchable
Coverage
CWE Compatible
Architectural and Design Risk Management Cigital, Inc. Software Security Architecture and Design Risk Assessment and Management United States
Output
Searchable
Coverage
Available
Available
Planned
cIFrex CXSecurity Free Security Research Tool Poland
Output
Searchable
Documentation
Coverage
Available
Available
Available
Available
COREvidence NETpeas, SA Cloud-Based, Multi-Engines Vulnerability Management Service France
Output
Coverage
Searchable
Available
Available
Planned
Secure Code Review Astyran Pte Ltd. Secure Code Review Singapore
Output
Searchable
Coverage
Available
Available
Planned
Secure Code Review with Automated Tools Cigital, Inc. Security Code Assessment United States
Output
Searchable
Coverage
Available
Available
Planned
Secure Design Review Astyran Pte Ltd. Secure Design Review Singapore
Output
Searchable
Coverage
Available
Available
Planned
Software Assurance Assessment KDM Analytics Software Assurance Assessment Service United States
Output
Searchable
Coverage
Available
Available
Planned
Web Application Vulnerability Assessment Astyran Pte Ltd. Application Vulnerability Assessment Singapore
Output
Searchable
Coverage
Available
Available
Available
HP SaaS for ASC Hewlett-Packard Web Application Security Assessment and AMP delivered through Software-as-a-Service United States
Output
Searchable
Coverage
Planned
Planned
Planned
Secure Programming Exams/Assessments SANS Institute Professional Secure Programming Examination United States
Output
Searchable
Coverage
Planned
Planned
Planned

Database/Knowledge Repository

Product (12) Organization (11) Type Country (7) Capability Status
High-Tech Bridge Security Advisories High-Tech Bridge SA Security Advisories Switzerland
Output
Searchable
Coverage
CWE Compatible
SAMATE Reference Dataset (SRD) National Institute of Standards and Technology (NIST) Web-based Software Security Assurance Application United States
Output
Searchable
Coverage
CWE Compatible
Security-Database Web Services Security-Database Web Services France
Output
Searchable
Coverage
CWE Compatible
World Laboratory of Bugtraq (WLB) 2 CXSecurity Vulnerability Database Poland
Output
Searchable
Coverage
CWE Compatible
Conviso Security Compliance (CSC) Conviso Application Security Vulnerability Identification and Management Brazil
Output
Searchable
Coverage
Available
Available
Available
JVN iPedia Information-technology Promotion Agency, Japan (IPA) Vulnerability Countermeasure Information Database Japan
Output
Searchable
Coverage
Available
Available
Available
LDRA Testbed LDRA Static and Dynamic Software Analysis Tool Suite United Kingdom
Output
Searchable
Coverage
Available
Available
Planned
SDElements SD Elements Secure Application Lifecycle Management (SALM) Tool United States
Output
Searchable
Coverage
Available
Available
Available
SecurityAlert SecurityReason Security Advisories, Database, and Archive Poland
Output
Searchable
Coverage
Available
Available
Available
SofCheck Inspector for Ada SofCheck Inc. Static Analysis and Fault Detection Tool United States
Searchable
Output
Coverage
Available
Planned
Planned
TBvision LDRA Static and Dynamic Software Analysis Tool Suite United Kingdom
Output
Searchable
Coverage
Available
Available
Planned
Tool Output Integration Framework (TOIF) KDM Analytics Open Source Vulnerability Detection Platform United States
Output
Searchable
Coverage
Available
Available
Available

Education Offering

Product (7) Organization (7) Type Country (1) Capability Status
Certification of Software Lifecycle Personnel ISC2 The International Information Systems Security Certification Consortium Professional Certification United States
Output
Searchable
Coverage
Available
Planned
Planned
SDElements SD Elements Secure Application Lifecycle Management (SALM) Tool United States
Output
Searchable
Coverage
Available
Available
Available
Secure programming class, CS390S CERIAS/Purdue University Secure Programming Class and Publicly Available Teaching Materials United States
Output
Searchable
Coverage
Available
Available
Planned
Security Training and Awareness (various courses) Cigital, Inc. Software Security Training and Awareness Courses United States
Output
Searchable
Coverage
Available
Available
Planned
EC-Council Certified Secure Programmer EC-Council Secure Programmer Certification Program United States
Output
Searchable
Coverage
Planned
Planned
No
Secure Application Development Training Courses SkillBridge, LLC Instructor Led Training United States
Output
Searchable
Coverage
Planned
Planned
Planned
Secure Programming Exams/Assessments SANS Institute Professional Secure Programming Examination United States
Output
Searchable
Coverage
Planned
Planned
Planned

Software Development Practices

Product (10) Organization (7) Type Country (1) Capability Status
HP Assessment Management Platform (ASP) Hewlett-Packard Enterprise Platform for Managing a Web Application Security Assessment Program United States
Output
Searchable
Coverage
CWE Compatible
HP WebInspect Hewlett-Packard Dynamic Analysis Web Application Security Assessment Tool United States
Output
Searchable
Coverage
CWE Compatible
WebLayers Center Security Policy Library WebLayers, Inc. Software Development Lifecycle (SDLC) Governance United States
Output
Searchable
Coverage
CWE Compatible
Certification of Software Lifecycle Personnel ISC2 The International Information Systems Security Certification Consortium Professional Certification United States
Output
Searchable
Coverage
Available
Planned
Planned
EMC Product Security Policy (PSP) EMC Corporation and RSA (The Security Division of EMC) Enterprise Policy for Secure Product Development United States
Output
Searchable
Coverage
Available
Available
No
EMC Security Development Lifecycle (SDL) EMC Corporation and RSA (The Security Division of EMC) Enterprise Secure Development Lifecycle United States
Output
Searchable
Coverage
Available
Available
No
EMC Vulnerability Response Policy (VRP) EMC Corporation and RSA (The Security Division of EMC) Enterprise Response Policy for Product Vulnerabilities United States
Output
Searchable
Coverage
Available
Available
No
Secure Development Lifecycle Apple Computer, Inc. Secure Development Lifecycle United States
Output
Coverage
Searchable
Available
Available
No
Symantec Product Security Symantec Corporation Symmunize (Symantec's Secure Development Lifecycle Process) United States
Output
Searchable
Coverage
Available
Available
No
Tool Output Integration Framework (TOIF) KDM Analytics Open Source Vulnerability Detection Platform United States
Output
Searchable
Coverage
Available
Available
Available
Page Last Updated: May 07, 2013