|
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Product (39) | Organization (22) | Type | Country (9) | Capability | Status |
|---|---|---|---|---|---|
| CodeSonar | GrammaTech, Inc. | Static Analysis Tool | United States |
Output
Searchable
Coverage
|
 |
| Coverity Quality Advisor | Coverity, Inc. | Static Application Security Testing (SAST) | United States |
Output
Searchable
Coverage
|
 |
| Coverity Security Advisor | Coverity, Inc. | Static Application Security Testing (SAST) | United States |
Output
Searchable
Coverage
|
 |
| HP Assessment Management Platform (ASP) | Hewlett-Packard | Enterprise Platform for Managing a Web Application Security Assessment Program | United States |
Output
Searchable
Coverage
|
 |
| HP Fortify On Demand | Hewlett-Packard | Static and Dynamic Analysis and Results Reporting Service | United States |
Output
Searchable
Coverage
|
 |
| HP Fortify Real-Time Analyzer | Hewlett-Packard | Real-Time Detection and Prevention of Attacks | United States |
Output
Searchable
Coverage
|
 |
| HP Fortify Software Security Center | Hewlett-Packard | Results Reporting | United States |
Output
Searchable
Coverage
|
 |
| HP Fortify Static Code Analyzer | Hewlett-Packard | Static Analysis and Results Reporting | United States |
Output
Searchable
Coverage
|
 |
| HP WebInspect | Hewlett-Packard | Dynamic Analysis Web Application Security Assessment Tool | United States |
Output
Searchable
Coverage
|
 |
| IBM Security AppScan Standard | IBM Security Systems | Web Application Security Assessment Scanner | United States |
Output
Searchable
Coverage
|
 |
| Klocwork Insight | Klocwork, Inc. | Assessment and Remediation Tool | Canada |
Output
Searchable
Coverage
|
 |
| SAMATE Reference Dataset (SRD) | National Institute of Standards and Technology (NIST) | Web-based Software Security Assurance Application | United States |
Output
Searchable
Coverage
|
 |
| ThreadFix | Denim Group, Ltd | Open Source Vulnerability Management Tool | United States |
Output
Searchable
Coverage
|
 |
| WebLayers Center Security Policy Library | WebLayers, Inc. | Software Development Lifecycle (SDLC) Governance | United States |
Output
Searchable
Coverage
|
 |
| CAST Application Intelligence Platform | CAST | Automated Application Assessment Platform | France |
Output
Searchable
Coverage
|
Available
Available
Available
|
| Cenzic Hailstorm Enterprise ARC | Cenzic, Inc. | Application Security Assessment Tool | United States |
Output
Searchable
Coverage
|
Available
Available
Available
|
| Cenzic Hailstorm Professional | Cenzic, Inc. | Application Security Assessment Tool | United States |
Output
Searchable
Coverage
|
Available
Available
Available
|
| CodeSecure Enterprise | Armorize Technologies, Inc. | Web Application Source Code Analysis Tool | United States |
Output
Searchable
Coverage
|
Available
Available
Available
|
| CodeSecure Verifier | Armorize Technologies, Inc. | Web Application Source Code Analysis Suite | United States |
Output
Searchable
Coverage
|
Available
Available
Available
|
| CodeSecure Workbench | Armorize Technologies, Inc. | Web Application Source Code Analysis Tool | United States |
Output
Searchable
Coverage
|
Available
Available
Available
|
| Conviso Security Compliance (CSC) | Conviso Application Security | Vulnerability Identification and Management | Brazil |
Output
Searchable
Coverage
|
Available
Available
Available
|
| COREvidence | NETpeas, SA | Cloud-Based, Multi-Engines Vulnerability Management Service | France |
Output
Coverage
Searchable
|
Available
Available
Planned
|
| CxCloud | Checkmarx | Static Code Analysis On Demand | Israel |
Output
Searchable
Coverage
|
Available
Available
Available
|
| CxEnteprise | Checkmarx | Static Code Analysis On Premise | Israel |
Output
Searchable
Coverage
|
Available
Available
Available
|
| CxSuite | Checkmarx | Static Application Security Testing/Application Security Code Review | Israel |
Output
Searchable
Coverage
|
Available
Available
Available
|
| DEFENSICS X | Codenomicon Ltd. | Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities | Finland |
Output
Searchable
Coverage
|
Available
Available
Planned
|
| IBM Security AppScan Enterprise | IBM Security Systems | Enterprise Web Application Security Assessment Tool | United States |
Output
Searchable
Coverage
|
Planned
Planned
Planned
|
| IBM Security AppScan Source | IBM Security Systems | Source Code Testing Tool | United States |
Output
Searchable
Coverage
|
Available
Available
Available
|
| Jtest | Parasoft Corporation | Java Software Quality Analysis and Testing Solution | United States |
Output
Searchable
Coverage
|
Available
Available
Planned
|
| LDRA Testbed | LDRA | Static and Dynamic Software Analysis Tool Suite | United Kingdom |
Output
Searchable
Coverage
|
Available
Available
Planned
|
| MyJVN | Information-technology Promotion Agency, Japan (IPA) | Filtered Vulnerability Countermeasure Information Tool | Japan |
Output
Searchable
Coverage
|
Available
Available
Available
|
| SofCheck Inspector for Ada | SofCheck Inc. | Static Analysis and Fault Detection Tool | United States |
Searchable
Output
Coverage
|
Available
Planned
Planned
|
| SPARROW | Fasoo.com, Inc. | Semantic-Based Static Program Analysis Engine | Korea |
Output
Searchable
Coverage
|
Available
Available
Planned
|
| TBvision | LDRA | Static and Dynamic Software Analysis Tool Suite | United Kingdom |
Output
Searchable
Coverage
|
Available
Available
Planned
|
| HP DevInspect | Hewlett-Packard | Web Application Security Assessment Tool for Developers | United States |
Output
Searchable
Coverage
|
Planned
Planned
Planned
|
| HP QAInspect | Hewlett-Packard | Web Application Security Assessment Tool for QA | United States |
Output
Searchable
Coverage
|
Planned
Planned
Planned
|
| QA*C - CWE Compliance Module for C Programming Language | Programming Research, Inc. | Source Code Static Analysis Product Suite | United States |
Output
Searchable
Coverage
|
Planned
Planned
Planned
|
| QA*CPP - CWE Compliance Module for C++ Programming Language | Programming Research, Inc. | Source Code Static Analysis Product Suite | United States |
Output
Searchable
Coverage
|
Planned
Planned
Planned
|
| Rational AppScan Tester Edition | IBM Rational | Development-Time Web Application Security Testing Tool | United States |
Output
Searchable
Coverage
|
Planned
Planned
Planned
|
Assessment Service
| Product (20) | Organization (10) | Type | Country (4) | Capability | Status |
|---|---|---|---|---|---|
| HP Assessment Management Platform (ASP) | Hewlett-Packard | Enterprise Platform for Managing a Web Application Security Assessment Program | United States |
Output
Searchable
Coverage
|
|
| HP Fortify On Demand | Hewlett-Packard | Static and Dynamic Analysis and Results Reporting Service | United States |
Output
Searchable
Coverage
|
|
| HP Fortify Software Security Center | Hewlett-Packard | Results Reporting | United States |
Output
Searchable
Coverage
|
|
| HP WebInspect | Hewlett-Packard | Dynamic Analysis Web Application Security Assessment Tool | United States |
Output
Searchable
Coverage
|
|
| Red Hat Customer Portal | Red Hat, Inc. | Customer Assessment Service | United States |
Output
Searchable
Coverage
|
 |
| Security-Database Web Services | Security-Database | Web Services | France |
Output
Searchable
Coverage
|
 |
| Veracode Analytics | Veracode, Inc. | SAST, DAST, Manual Penetration Testing | United States |
Output
Searchable
Coverage
|
 |
| Veracode Dynamic Analysis | Veracode, Inc. | SAST, DAST, Manual Penetration Testing | United States |
Output
Searchable
Coverage
|
 |
| Veracode Manual Testing | Veracode, Inc. | SAST, DAST, Manual Penetration Testing | United States |
Output
Searchable
Coverage
|
 |
| Veracode Static Analysis | Veracode, Inc. | SAST, DAST, Manual Penetration Testing | United States |
Output
Searchable
Coverage
|
 |
| Architectural and Design Risk Management | Cigital, Inc. | Software Security Architecture and Design Risk Assessment and Management | United States |
Output
Searchable
Coverage
|
Available
Available
Planned
|
| cIFrex | CXSecurity | Free Security Research Tool | Poland |
Output
Searchable
Documentation
Coverage
|
Available
Available
Available
Available
|
| COREvidence | NETpeas, SA | Cloud-Based, Multi-Engines Vulnerability Management Service | France |
Output
Coverage
Searchable
|
Available
Available
Planned
|
| Secure Code Review | Astyran Pte Ltd. | Secure Code Review | Singapore |
Output
Searchable
Coverage
|
Available
Available
Planned
|
| Secure Code Review with Automated Tools | Cigital, Inc. | Security Code Assessment | United States |
Output
Searchable
Coverage
|
Available
Available
Planned
|
| Secure Design Review | Astyran Pte Ltd. | Secure Design Review | Singapore |
Output
Searchable
Coverage
|
Available
Available
Planned
|
| Software Assurance Assessment | KDM Analytics | Software Assurance Assessment Service | United States |
Output
Searchable
Coverage
|
Available
Available
Planned
|
| Web Application Vulnerability Assessment | Astyran Pte Ltd. | Application Vulnerability Assessment | Singapore |
Output
Searchable
Coverage
|
Available
Available
Available
|
| HP SaaS for ASC | Hewlett-Packard | Web Application Security Assessment and AMP delivered through Software-as-a-Service | United States |
Output
Searchable
Coverage
|
Planned
Planned
Planned
|
| Secure Programming Exams/Assessments | SANS Institute | Professional Secure Programming Examination | United States |
Output
Searchable
Coverage
|
Planned
Planned
Planned
|
Database/Knowledge Repository
| Product (12) | Organization (11) | Type | Country (7) | Capability | Status |
|---|---|---|---|---|---|
| High-Tech Bridge Security Advisories | High-Tech Bridge SA | Security Advisories | Switzerland |
Output
Searchable
Coverage
|
 |
| SAMATE Reference Dataset (SRD) | National Institute of Standards and Technology (NIST) | Web-based Software Security Assurance Application | United States |
Output
Searchable
Coverage
|
|
| Security-Database Web Services | Security-Database | Web Services | France |
Output
Searchable
Coverage
|
|
| World Laboratory of Bugtraq (WLB) 2 | CXSecurity | Vulnerability Database | Poland |
Output
Searchable
Coverage
|
 |
| Conviso Security Compliance (CSC) | Conviso Application Security | Vulnerability Identification and Management | Brazil |
Output
Searchable
Coverage
|
Available
Available
Available
|
| JVN iPedia | Information-technology Promotion Agency, Japan (IPA) | Vulnerability Countermeasure Information Database | Japan |
Output
Searchable
Coverage
|
Available
Available
Available
|
| LDRA Testbed | LDRA | Static and Dynamic Software Analysis Tool Suite | United Kingdom |
Output
Searchable
Coverage
|
Available
Available
Planned
|
| SDElements | SD Elements | Secure Application Lifecycle Management (SALM) Tool | United States |
Output
Searchable
Coverage
|
Available
Available
Available
|
| SecurityAlert | SecurityReason | Security Advisories, Database, and Archive | Poland |
Output
Searchable
Coverage
|
Available
Available
Available
|
| SofCheck Inspector for Ada | SofCheck Inc. | Static Analysis and Fault Detection Tool | United States |
Searchable
Output
Coverage
|
Available
Planned
Planned
|
| TBvision | LDRA | Static and Dynamic Software Analysis Tool Suite | United Kingdom |
Output
Searchable
Coverage
|
Available
Available
Planned
|
| Tool Output Integration Framework (TOIF) | KDM Analytics | Open Source Vulnerability Detection Platform | United States |
Output
Searchable
Coverage
|
Available
Available
Available
|
Education Offering
| Product (7) | Organization (7) | Type | Country (1) | Capability | Status |
|---|---|---|---|---|---|
| Certification of Software Lifecycle Personnel | ISC2 The International Information Systems Security Certification Consortium | Professional Certification | United States |
Output
Searchable
Coverage
|
Available
Planned
Planned
|
| SDElements | SD Elements | Secure Application Lifecycle Management (SALM) Tool | United States |
Output
Searchable
Coverage
|
Available
Available
Available
|
| Secure programming class, CS390S | CERIAS/Purdue University | Secure Programming Class and Publicly Available Teaching Materials | United States |
Output
Searchable
Coverage
|
Available
Available
Planned
|
| Security Training and Awareness (various courses) | Cigital, Inc. | Software Security Training and Awareness Courses | United States |
Output
Searchable
Coverage
|
Available
Available
Planned
|
| EC-Council Certified Secure Programmer | EC-Council | Secure Programmer Certification Program | United States |
Output
Searchable
Coverage
|
Planned
Planned
No
|
| Secure Application Development Training Courses | SkillBridge, LLC | Instructor Led Training | United States |
Output
Searchable
Coverage
|
Planned
Planned
Planned
|
| Secure Programming Exams/Assessments | SANS Institute | Professional Secure Programming Examination | United States |
Output
Searchable
Coverage
|
Planned
Planned
Planned
|
Software Development Practices
| Product (10) | Organization (7) | Type | Country (1) | Capability | Status |
|---|---|---|---|---|---|
| HP Assessment Management Platform (ASP) | Hewlett-Packard | Enterprise Platform for Managing a Web Application Security Assessment Program | United States |
Output
Searchable
Coverage
|
|
| HP WebInspect | Hewlett-Packard | Dynamic Analysis Web Application Security Assessment Tool | United States |
Output
Searchable
Coverage
|
|
| WebLayers Center Security Policy Library | WebLayers, Inc. | Software Development Lifecycle (SDLC) Governance | United States |
Output
Searchable
Coverage
|
|
| Certification of Software Lifecycle Personnel | ISC2 The International Information Systems Security Certification Consortium | Professional Certification | United States |
Output
Searchable
Coverage
|
Available
Planned
Planned
|
| EMC Product Security Policy (PSP) | EMC Corporation and RSA (The Security Division of EMC) | Enterprise Policy for Secure Product Development | United States |
Output
Searchable
Coverage
|
Available
Available
No
|
| EMC Security Development Lifecycle (SDL) | EMC Corporation and RSA (The Security Division of EMC) | Enterprise Secure Development Lifecycle | United States |
Output
Searchable
Coverage
|
Available
Available
No
|
| EMC Vulnerability Response Policy (VRP) | EMC Corporation and RSA (The Security Division of EMC) | Enterprise Response Policy for Product Vulnerabilities | United States |
Output
Searchable
Coverage
|
Available
Available
No
|
| Secure Development Lifecycle | Apple Computer, Inc. | Secure Development Lifecycle | United States |
Output
Coverage
Searchable
|
Available
Available
No
|
| Symantec Product Security | Symantec Corporation | Symmunize (Symantec's Secure Development Lifecycle Process) | United States |
Output
Searchable
Coverage
|
Available
Available
No
|
| Tool Output Integration Framework (TOIF) | KDM Analytics | Open Source Vulnerability Detection Platform | United States |
Output
Searchable
Coverage
|
Available
Available
Available
|
|
|
|||
