CWE - Declarations to Be CWE-Compatible

Home > Compatibility > Declarations to Be CWE-Compatible

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

Section Contents
Compatibility
Program
Requirements
Make a Declaration
Declarations to be Compatible
Organizations Participating
Sort by Product
Sort by Category
Sort by Capability

Declarations to Be CWE-Compatible

Declarations to Be CWE-Compatible

TOTALS
Organizations with Declarations: 28
Products & Services with Declarations: 47

The organizations listed below have declared their intent to make their information security product or services CWE-compatible.

You may also Make a Declaration for your product or service.

A product or service may be CWE-compatible with one or more of the following:

Declarations

Products are listed alphabetically by organization name under each status level: Available or Planned.

Available Status

Organization	Product	Type	Capability	Compatibility Status
Apple	Secure Development Lifecycle	Secure Development Lifecycle	CWE Output CWE Coverage	Available Available
Armorize Technologies, Inc.	CodeSecure Enterprise	Web Application Source Code Analysis Tool	CWE Output CWE Searchable CWE Coverage	Available Available Available
Armorize Technologies, Inc.	CodeSecure Verifier	Web Application Source Code Analysis Suite	CWE Output CWE Searchable CWE Coverage	Available Available Available
Armorize Technologies, Inc.	CodeSecure Workbench	Web Application Source Code Analysis Tool	CWE Output CWE Searchable CWE Coverage	Available Available Available
CAST	CAST Application Intelligence Platform	Automated Application Assessment Platform	CWE Output CWE Searchable CWE Coverage	Available Available Available
Cenzic, Inc.	Cenzic Hailstorm Professional	Web Application Penetration Testing and Vulnerability Management System	CWE Output CWE Searchable CWE Coverage	Available Available Available
Cenzic, Inc.	Cenzic Hailstrom Enterprise ARC	Web Application Security Risk Management Platform	CWE Output CWE Searchable CWE Coverage	Available Available Available
CERIAS/Purdue University	Secure programming class, CS390S	Secure Programming Class and Publicly Available Teaching Materials	CWE Output CWE Searchable	Available Available
Checkmarx	CxSuite	Static Application Security Testing/Application Security Code Review	CWE Output	Available
Cigital, Inc.	Architectural and Design Risk Management	Software Security Architecture and Design Risk Assessment and Management	CWE Output CWE Searchable	Available Available
Cigital, Inc.	Secure Code Review with Automated Tools	Security Code Assessment	CWE Output CWE Searchable	Available Available
Cigital, Inc.	Security Training and Awareness (various courses)	Software Security Training and Awareness Courses	CWE Output CWE Searchable	Available Available
Codenomicon Ltd.	DEFENSICS 3	Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities	CWE Output CWE Searchable CWE Documentation	Available Available Available
EMC Corporation and RSA (The Security Division of EMC)	EMC Product Security Policy (PSP)	Enterprise Policy for Secure Product Development	CWE Output CWE Searchable CWE Documentation	Available Available Available
EMC Corporation and RSA (The Security Division of EMC)	EMC Security Development Lifecycle (SDL)	Enterprise Secure Development Lifecycle	CWE Output CWE Searchable CWE Documentation	Available Available Available
EMC Corporation and RSA (The Security Division of EMC)	EMC Vulnerability Response Policy (VRP)	Enterprise Response Policy for Product Vulnerabilities	CWE Output CWE Searchable CWE Documentation	Available Available Available
Fortify Software	Fortify Source Code Analysis (SCA)	Source Code Analysis Tool	CWE Output CWE Searchable CWE Coverage	Available Available Available
GrammaTech, Inc.	CodeSonar	Static Analysis Tool	CWE Output CWE Searchable CWE Coverage	Available Available Available
Information-Technology Promotion Agency (IPA), Japan	JVN iPedia	Vulnerability Countermeasure Information Database	CWE Output CWE Searchable CWE Coverage	Available Available Available
Information-Technology Promotion Agency (IPA), Japan	MyJVN	Filtered Vulnerability Countermeasure Information Tool	CWE Output CWE Searchable CWE Coverage	Available Available Available
ISC2 The International Information Systems Security Certification Consortium	Certification of Software Lifecycle Personnel	Vulnerability Countermeasure Information Database	CWE Output	Available
KDM Analytics	Software Assurance Assessment	Software Assurance Assessment Service	CWE Output CWE Searchable CWE Documentation	Available Available Available
Ounce Labs	Ounce	Static Source Code Analysis Tool	CWE Output CWE Searchable CWE Coverage	Available Available Available
Parasoft Corporation	Jtest	Java Software Quality Analysis and Testing Solution	CWE Output CWE Searchable CWE Documentation	Available Available Available
Security-Database	Security-Database Web Services	Web Services	CWE Output CWE Searchable CWE Coverage	Available Available Available
SecurityReason	SecurityAlert	Web Application Security Risk Management Platform	CWE Output CWE Searchable CWE Coverage	Available Available Available
SofCheck Inc.	SofCheck Inspector for Ada	Static Analysis and Fault Detection Tool	CWE Searchable	Available
Veracode, Inc.	SecurityReview	Assessment Service	CWE Output CWE Searchable CWE Coverage	Available Available Available

Planned Status

Organization	Product	Type	Capability	Compatibility Status
Coverity, Inc.	Coverity Integrity Center	Static Analysis Tool	CWE Output CWE Searchable CWE Documentation CWE Coverage	Planned Planned Planned Planned
Coverity, Inc.	Coverity Prevent	Static Analysis Tool	CWE Output CWE Searchable CWE Documentation CWE Coverage	Planned Planned Planned Planned
HP Application Security Center	HP Assessment Management Platform software	Enterprise Platform for Managing a Web Application Security Assessment Program	CWE Output CWE Searchable CWE Coverage	Planned Planned Planned
HP Application Security Center	HP DevInspect	Web Application Security Assessment Tool for Developers	CWE Output CWE Searchable CWE Coverage	Planned Planned Planned
HP Application Security Center	HP QAInspect software	Web Application Security Assessment Tool for QA	CWE Output CWE Searchable CWE Coverage	Planned Planned Planned
HP Application Security Center	HP SaaS for ASC	Web Application Security Assessment and AMP delivered through Software-as-a-Service	CWE Output CWE Searchable CWE Coverage	Planned Planned Planned
HP Application Security Center	HP WebInspect software	Web Application Security Assessment Tool	CWE Output CWE Searchable CWE Coverage	Planned Planned Planned
IBM Rational	Rational AppScan Build Edition	Web Application Security Testing Tool For QA	CWE Output CWE Searchable CWE Coverage	Planned Planned Planned
IBM Rational	Rational AppScan Developer Edition	Embedded Build-Time Web Application Security Testing Tool	CWE Output CWE Searchable CWE Coverage	Planned Planned Planned
IBM Rational	Rational AppScan Enterprise Edition	Enterprise Web Application Security Assessment Tool	CWE Output CWE Searchable CWE Coverage	Planned Planned Planned
IBM Rational	Rational AppScan Express Edition	Web Application Security Assessment Tool	CWE Output CWE Searchable CWE Coverage	Planned Planned Planned
IBM Rational	Rational AppScan Standard Edition	Web Application Security Assessment Tool	CWE Output CWE Searchable CWE Coverage	Planned Planned Planned
IBM Rational	Rational AppScan Tester Edition	Development-Time Web Application Security Testing Tool	CWE Output CWE Searchable CWE Coverage	Planned Planned Planned
Klocwork, Inc.	Klocwork Enterprise Development Suite	Assessment and Remediation Tool	CWE Output CWE Searchable CWE Coverage	Planned Planned Planned
LDRA	LDRA Testbed	Static and Dynamic Software Analysis Tool Suite	CWE Output CWE Searchable CWE Documentation CWE Coverage	Planned Planned Planned Planned
Programming Research, Inc.	QA*C - CWE Compliance Module for C Programming Language	Source Code Static Analysis Product Suite	CWE Output CWE Searchable CWE Documentation CWE Coverage	Planned Planned Planned Planned
Programming Research, Inc.	QA*CPP - CWE Compliance Module for C++ Programming Language	Source Code Static Analysis Product Suite	CWE Output CWE Searchable CWE Documentation CWE Coverage	Planned Planned Planned Planned
SANS Institute	Secure Programming Exams/Assessments	Professional Secure Programming Examination	CWE Output CWE Searchable CWE Coverage	Planned Planned Planned
SkillBridge, LLC	Secure Application Development Training Courses	Instructor Led Training	CWE Output CWE Searchable CWE Coverage	Planned Planned Planned

Page Last Updated: October 05, 2009


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us