|
|
|
| Country (9) | Organization (34) | Product (61) | Type | Capability | Compatibility Status |
|---|---|---|---|---|---|
| Canada | Klocwork, Inc. | Klocwork Insight | Assessment and Remediation Tool | Output
Searchable Coverage |
|
| Finland | Codenomicon Ltd. | DEFENSICS X | Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities | Output
Searchable Coverage |
Available
Available Planned |
| France | CAST | CAST Application Intelligence Platform | Automated Application Assessment Platform | Output
Searchable Coverage |
Available
Available Available |
| France | NETpeas, SA | COREvidence | Cloud-Based, Multi-Engines Vulnerability Management Service | Output
Coverage Searchable |
Available
Available Planned |
| France | Security-Database | Security-Database Web Services | Web Services | Output
Searchable Coverage |
|
| Israel | Checkmarx | CxSuite | Static Application Security Testing/Application Security Code Review | Output
Searchable Coverage |
Available
Planned Planned |
| Japan | Information-Technology Promotion Agency (IPA), Japan | JVN iPedia | Vulnerability Countermeasure Information Database | Output
Searchable Coverage |
Available
Available Available |
| Japan | Information-Technology Promotion Agency (IPA), Japan | MyJVN | Filtered Vulnerability Countermeasure Information Tool | Output
Searchable Coverage |
Available
Available Available |
| Poland | CXSecurity | World Laboratory of Bugtraq (WLB) 2 | Vulnerability Database | Output
Searchable Coverage |
|
| Poland | SecurityReason | SecurityAlert | Web Application Security Risk Management Platform | Output
Searchable Coverage |
Available
Available Available |
| Singapore | Astyran Pte Ltd. | Secure Code Review | Secure Code Review | Output
Searchable Coverage |
Available
Available Planned |
| Singapore | Astyran Pte Ltd. | Secure Design Review | Secure Design Review | Output
Searchable Coverage |
Available
Available Planned |
| Singapore | Astyran Pte Ltd. | Web Application Vulnerability Assessment | Application Vulnerability Assessment | Output
Searchable Coverage |
Available
Available Available |
| United Kingdom | LDRA | LDRA Testbed | Static and Dynamic Software Analysis Tool Suite | Output
Searchable Coverage |
Available
Available Planned |
| United Kingdom | LDRA | TBvision | Static and Dynamic Software Analysis Tool Suite | Output
Searchable Coverage |
Available
Available Planned |
| United States | Apple | Secure Development Lifecycle | Secure Development Lifecycle | Output
Coverage Searchable |
Available
Available |
| United States | Armorize Technologies, Inc. | CodeSecure Enterprise | Web Application Source Code Analysis Tool | Output
Searchable Coverage |
Available
Available Available |
| United States | Armorize Technologies, Inc. | CodeSecure Verifier | Web Application Source Code Analysis Suite | Output
Searchable Coverage |
Available
Available Available |
| United States | Armorize Technologies, Inc. | CodeSecure Workbench | Web Application Source Code Analysis Tool | Output
Searchable Coverage |
Available
Available Available |
| United States | CERIAS/Purdue University | Secure programming class, CS390S | Secure Programming Class and Publicly Available Teaching Materials | Output
Searchable Coverage |
Available
Available Planned |
| United States | Cenzic, Inc. | Cenzic Hailstorm Professional | Web Application Penetration Testing and Vulnerability Management System | Output
Searchable Coverage |
Available
Available Available |
| United States | Cenzic, Inc. | Cenzic Hailstrom Enterprise ARC | Web Application Security Risk Management Platform | Output
Searchable Coverage |
Available
Available Available |
| United States | Cigital, Inc. | Architectural and Design Risk Management | Software Security Architecture and Design Risk Assessment and Management | Output
Searchable Coverage |
Available
Available Planned |
| United States | Cigital, Inc. | Secure Code Review with Automated Tools | Security Code Assessment | Output
Searchable Coverage |
Available
Available Planned |
| United States | Cigital, Inc. | Security Training and Awareness (various courses) | Software Security Training and Awareness Courses | Output
Searchable Coverage |
Available
Available Planned |
| United States | Coverity, Inc. | Coverity Integrity Center | Static Analysis Tool | Output
Searchable Coverage |
Available
Available Available |
| United States | Coverity, Inc. | Coverity Prevent | Static Analysis Tool | Output
Searchable Coverage |
Available
Available Available |
| United States | EC-Council | EC-Council Certified Secure Programmer | Secure Programmer Certification Program | Output
Searchable Coverage |
Planned
Planned |
| United States | EMC Corporation and RSA (The Security Division of EMC) | EMC Product Security Policy (PSP) | Enterprise Policy for Secure Product Development | Output
Searchable Coverage |
Available
Available |
| United States | EMC Corporation and RSA (The Security Division of EMC) | EMC Security Development Lifecycle (SDL) | Enterprise Secure Development Lifecycle | Output
Searchable Coverage |
Available
Available |
| United States | EMC Corporation and RSA (The Security Division of EMC) | EMC Vulnerability Response Policy (VRP) | Enterprise Response Policy for Product Vulnerabilities | Output
Searchable Coverage |
Available
Available |
| United States | GrammaTech, Inc. | CodeSonar | Static Analysis Tool | Output
Searchable Coverage |
|
| United States | Hewlett-Packard | HP Assessment Management Platform (ASP) | Enterprise Platform for Managing a Web Application Security Assessment Program | Output
Searchable Coverage |
|
| United States | Hewlett-Packard | HP DevInspect | Web Application Security Assessment Tool for Developers | Output
Searchable Coverage |
Planned
Planned Planned |
| United States | Hewlett-Packard | HP Fortify On Demand | Static and Dynamic Analysis and Results Reporting Service | Output
Searchable Coverage |
|
| United States | Hewlett-Packard | HP Fortify Real-Time Analyzer | Real-Time Detection and Prevention of Attacks | Output
Searchable Coverage |
|
| United States | Hewlett-Packard | HP Fortify Software Security Center | Results Reporting | Output
Searchable Coverage |
|
| United States | Hewlett-Packard | HP Fortify Static Code Analyzer | Static Analysis and Results Reporting | Output
Searchable Coverage |
|
| United States | Hewlett-Packard | HP QAInspect | Web Application Security Assessment Tool for QA | Output
Searchable Coverage |
Planned
Planned Planned |
| United States | Hewlett-Packard | HP SaaS for ASC | Web Application Security Assessment and AMP delivered through Software-as-a-Service | Output
Searchable Coverage |
Planned
Planned Planned |
| United States | Hewlett-Packard | HP WebInspect | Dynamic Analysis Web Application Security Assessment Tool | Output
Searchable Coverage |
|
| United States | IBM Rational | Rational AppScan Enterprise Edition | Enterprise Web Application Security Assessment Tool | Output
Searchable Coverage |
Planned
Planned Planned |
| United States | IBM Rational | Rational AppScan Source Edition | Source Code Testing Tool | Output
Searchable Coverage |
Planned
Planned Planned |
| United States | IBM Rational | Rational AppScan Standard Edition | Web Application Security Assessment Tool | Output
Searchable Coverage |
Available
Available Available |
| United States | IBM Rational | Rational AppScan Tester Edition | Development-Time Web Application Security Testing Tool | Output
Searchable Coverage |
Planned
Planned Planned |
| United States | ISC2 The International Information Systems Security Certification Consortium | Certification of Software Lifecycle Personnel | Professional Certification | Output
Searchable Coverage |
Available
Planned Planned |
| United States | KDM Analytics | Software Assurance Assessment | Software Assurance Assessment Service | Output
Searchable Coverage |
Available
Available Planned |
| United States | National Institute of Standards and Technology (NIST) | SAMATE Reference Dataset (SRD) | Web-based Software Security Assurance Application | Output
Searchable Coverage |
|
| United States | Parasoft Corporation | Jtest | Java Software Quality Analysis and Testing Solution | Output
Searchable Coverage |
Available
Available Planned |
| United States | Programming Research, Inc. | QA*C - CWE Compliance Module for C Programming Language | Source Code Static Analysis Product Suite | Output
Searchable Coverage |
Planned
Planned Planned |
| United States | Programming Research, Inc. | QA*CPP - CWE Compliance Module for C++ Programming Language | Source Code Static Analysis Product Suite | Output
Searchable Coverage |
Planned
Planned Planned |
| United States | Red Hat, Inc. | Red Hat Customer Portal | Customer Assessment Service | Output
Searchable Coverage |
Planned
Planned Planned |
| United States | SANS Institute | Secure Programming Exams/Assessments | Professional Secure Programming Examination | Output
Searchable Coverage |
Planned
Planned Planned |
| United States | SkillBridge, LLC | Secure Application Development Training Courses | Instructor Led Training | Output
Searchable Coverage |
Planned
Planned Planned |
| United States | SofCheck Inc. | SofCheck Inspector for Ada | Static Analysis and Fault Detection Tool | Searchable
Output Coverage |
Available
Planned Planned |
| United States | Symantec | Symantec Product Security | Symmunize (Symantec's Secure Development Lifecycle Process) | Output
Searchable Coverage |
Available
Available |
| United States | Veracode, Inc. | Veracode Analytics | SAST, DAST, Manual Penetration Testing | Output
Searchable Coverage |
|
| United States | Veracode, Inc. | Veracode Dynamic Analysis | SAST, DAST, Manual Penetration Testing | Output
Searchable Coverage |
|
| United States | Veracode, Inc. | Veracode Manual Testing | SAST, DAST, Manual Penetration Testing | Output
Searchable Coverage |
|
| United States | Veracode, Inc. | Veracode Static Analysis | SAST, DAST, Manual Penetration Testing | Output
Searchable Coverage |
|
| United States | WebLayers, Inc. | WebLayers Center Security Policy Library | Software Development Lifecycle (SDLC) Governance | Output
Searchable Coverage |
Planned
Planned Planned |
|
|
|||
