CWE Compatibility
CWE Compatibility
The CWE Compatibility and Effectiveness Program provides for a product or service to be reviewed and registered as officially "CWE-Compatible" and "CWE-Effective," thereby assisting organizations in their selection and evaluation of tools and/or services for assessing their acquired software for known types of weaknesses and flaws, for learning about the various weaknesses and their possible impact, or to obtain training and education about these issues. Organizations
with products and services still working towards compatibility and effectiveness are also listed.
CWE-Compatible Products and Services must meet the first four (4) of the six (6) requirements below, while CWE-Effective Products and Services must meet all six (6) requirements. Please review the complete set of requirements to fully understand CWE compatibility and effectiveness.
| CWE Searchable |
— |
users may search security elements using CWE identifiers |
| CWE Output |
— |
security elements presented to users includes, or allows users to obtain, associated CWE identifiers |
| Mapping Accuracy |
— |
security elements accurately link to the appropriate CWE identifiers |
| CWE Documentation |
— |
capability's documentation describes CWE, CWE compatibility, and how CWE-related functionality in the capability is used |
| CWE Coverage |
— |
for CWE-Effectiveness, capability's documentation explicitly lists the CWE identifiers that the capability is effective at locating in software |
| CWE Test Results |
— |
for CWE-Effectiveness, test results from the capability showing the results of assessing software for the CWEs are posted on the CWE Web site |
|
|
|
See the CWE Compatibility and Effectiveness
Program or email cwe@mitre.org for information on how to register your product(s) or services(s) as CWE-compatible or CWE-effective.
|
