CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > Compatibility > Declarations to Be CWE-Compatible  
ID

CWE Community

Declarations to Be CWE-Compatible

TOTALS
Organizations with Declarations: 30
Products & Services with Declarations: 52

The organizations listed below have declared their intent to make their information security product or services CWE-compatible.

You may also Make a Declaration for your product or service.


A product or service may be CWE-compatible with one or more of the following:


Declarations

Products are listed alphabetically by organization name under each status level: Available or Planned.

Available Status

Product (44) Organization (24) Type Country (9) Capability Status
Ambionics Security Ambionics Security Security Service France
Coverage
Output
Searchable
Available
Available
Available
Architectural and Design Risk Management Cigital, Inc. Software Security Architecture and Design Risk Assessment and Management United States
Output
Searchable
Coverage
Available
Available
Planned
C/C++test Versions 10.x Parasoft Corporation Static Code Analysis United States
Coverage
Output
Searchable
Available
Available
Available
C/C++test Versions 9.x Parasoft Corporation Static Code Analysis United States
Output
Searchable
Coverage
Available
Available
Available
Cenzic Hailstorm Enterprise ARC Cenzic, Inc. Web Application Security Risk Management Platform United States
Output
Searchable
Coverage
Available
Available
Available
Cenzic Hailstorm Professional Cenzic, Inc. Web Application Penetration Testing and Vulnerability Management System United States
Output
Searchable
Coverage
Available
Available
Available
Certification of Software Lifecycle Personnel ISC2 The International Information Systems Security Certification Consortium Professional Certification United States
Output
Searchable
Coverage
Available
Planned
Planned
cIFrex CXSecurity Free Security Research Tool Poland
Output
Searchable
Documentation
Coverage
Available
Available
Available
Available
Code Dx Enterprise Edition Code Dx, Inc. Software Vulnerability Assessment Tool United States
Output
Searchable
Coverage
Available
Available
Planned
Code Dx Standard Edition Code Dx, Inc. Software Vulnerability Assessment Tool United States
Output
Searchable
Coverage
Available
Available
Planned
CodeSecure Enterprise Armorize Technologies, Inc. Web Application Source Code Analysis Tool United States
Output
Searchable
Coverage
Available
Available
Available
CodeSecure Verifier Armorize Technologies, Inc. Web Application Source Code Analysis Suite United States
Output
Searchable
Coverage
Available
Available
Available
CodeSecure Workbench Armorize Technologies, Inc. Web Application Source Code Analysis Tool United States
Output
Searchable
Coverage
Available
Available
Available
COREvidence NETpeas, SA Cloud-Based, Multi-Engines Vulnerability Management Service France
Output
Coverage
Searchable
Available
Available
Planned
Cppcheck CppCheck Development Team A tool for static C/C++ code analysis Ireland
Output
Searchable
Coverage
Available
Available
Planned
CxCloud Checkmarx Static Code Analysis On Demand Israel
Output
Searchable
Coverage
Available
Available
Available
CxEnteprise Checkmarx Static Code Analysis On Premise Israel
Output
Searchable
Coverage
Available
Available
Available
CxSuite Checkmarx Static Application Security Testing/Application Security Code Review Israel
Output
Searchable
Coverage
Available
Available
Available
DEFENSICS X Codenomicon Ltd. Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities Finland
Output
Searchable
Coverage
Available
Available
Planned
dotTEST Versions 10.x Parasoft Corporation Static Code Analysis United States
Coverage
Output
Searchable
Available
Available
Available
dotTEST Versions 9.x Parasoft Corporation Static Code Analysis United States
Coverage
Output
Searchable
Available
Available
Available
EMC Product Security Policy (PSP) EMC Corporation and RSA (The Security Division of EMC) Enterprise Policy for Secure Product Development United States
Output
Searchable
Coverage
Available
Available
No
EMC Security Development Lifecycle (SDL) EMC Corporation and RSA (The Security Division of EMC) Enterprise Secure Development Lifecycle United States
Output
Searchable
Coverage
Available
Available
No
EMC Vulnerability Response Policy (VRP) EMC Corporation and RSA (The Security Division of EMC) Enterprise Response Policy for Product Vulnerabilities United States
Output
Searchable
Coverage
Available
Available
No
IBM Security AppScan Enterprise IBM Security Systems Enterprise Web Application Security Assessment Tool United States
Output
Searchable
Coverage
Planned
Planned
Planned
IBM Security AppScan Source IBM Security Systems Source Code Testing Tool United States
Output
Searchable
Coverage
Available
Available
Available
Jtest Version 9.x Parasoft Corporation Static Code Analysis United States
Coverage
Output
Searchable
Available
Available
Available
Jtest Versions 10.x Parasoft Corporation Static Code Analysis United States
Coverage
Output
Searchable
Available
Available
Available
JVN iPedia Information-technology Promotion Agency, Japan (IPA) Vulnerability Countermeasure Information Database Japan
Output
Searchable
Coverage
Available
Available
Available
MyJVN Information-technology Promotion Agency, Japan (IPA) Filtered Vulnerability Countermeasure Information Tool Japan
Output
Searchable
Coverage
Available
Available
Available
SDElements SD Elements Secure Application Lifecycle Management (SALM) Tool United States
Output
Searchable
Coverage
Available
Available
Available
Secure Code Review Astyran Pte Ltd. Secure Code Review Singapore
Output
Searchable
Coverage
Available
Available
Planned
Secure Code Review with Automated Tools Cigital, Inc. Security Code Assessment United States
Output
Searchable
Coverage
Available
Available
Planned
Secure Design Review Astyran Pte Ltd. Secure Design Review Singapore
Output
Searchable
Coverage
Available
Available
Planned
Secure Development Lifecycle Apple, Inc. Secure Development Lifecycle United States
Output
Coverage
Searchable
Available
Available
No
Secure programming class, CS390S CERIAS/Purdue University Secure Programming Class and Publicly Available Teaching Materials United States
Output
Searchable
Coverage
Available
Available
Planned
Security Training and Awareness (various courses) Cigital, Inc. Software Security Training and Awareness Courses United States
Output
Searchable
Coverage
Available
Available
Planned
SecurityAlert SecurityReason Web Application Security Risk Management Platform Poland
Output
Searchable
Coverage
Available
Available
Available
SofCheck Inspector for Ada SofCheck Inc. Static Analysis and Fault Detection Tool United States
Searchable
Output
Coverage
Available
Planned
Planned
Software Assurance Assessment KDM Analytics Software Assurance Assessment Service United States
Output
Searchable
Coverage
Available
Available
Planned
Symantec Product Security Symantec Corporation Symmunize (Symantec's Secure Development Lifecycle Process) United States
Output
Searchable
Coverage
Available
Available
No
Tool Output Integration Framework (TOIF) KDM Analytics Open Source Vulnerability Detection Platform United States
Output
Searchable
Coverage
Available
Available
Available
Web Application Vulnerability Assessment Astyran Pte Ltd. Application Vulnerability Assessment Singapore
Output
Searchable
Coverage
Available
Available
Available
Zed Attack Proxy (ZAP) Open Web Application Security Project (OWASP) Integrated Penetration Testing Tool for Finding Vulnerabilities in Web Applications United Kingdom
Coverage
Output
Searchable
Available
Available
Planned

Planned Status

Product (8) Organization (6) Type Country (1) Capability Status
EC-Council Certified Secure Programmer EC-Council Secure Programmer Certification Program United States
Output
Searchable
Coverage
Planned
Planned
No
HP DevInspect Hewlett-Packard Development Company, L.P. Web Application Security Assessment Tool for Developers United States
Output
Searchable
Coverage
Planned
Planned
Planned
HP QAInspect Hewlett-Packard Development Company, L.P. Web Application Security Assessment Tool for QA United States
Output
Searchable
Coverage
Planned
Planned
Planned
HP SaaS for ASC Hewlett-Packard Development Company, L.P. Web Application Security Assessment and AMP delivered through Software-as-a-Service United States
Output
Searchable
Coverage
Planned
Planned
Planned
QA*CPP - CWE Compliance Module for C++ Programming Language Programming Research, Inc. Source Code Static Analysis Product Suite United States
Output
Searchable
Coverage
Planned
Planned
Planned
Rational AppScan Tester Edition IBM Rational Development-Time Web Application Security Testing Tool United States
Output
Searchable
Coverage
Planned
Planned
Planned
Secure Application Development Training Courses SkillBridge, LLC Instructor Led Training United States
Output
Searchable
Coverage
Planned
Planned
Planned
Secure Programming Exams/Assessments SANS Institute Professional Secure Programming Examination United States
Output
Searchable
Coverage
Planned
Planned
Planned

More information is available — Please select a different filter.
Page Last Updated: May 19, 2017