A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

Armorize Technologies, Inc. Armorize Technologies, Inc.	Date Declared: March 09, 2007

Web Site:  www.armorize.com
Quote/Declaration: Armorize appreciates the CWE initiative in assisting organizations in their evaluation of automated static analysis tools and is pleased to support this industry standard naming scheme for all Armorize Technologies' products and services to best served our customers.

Name: CodeSecure Enterprise
Type: Web Application Source Code Analysis Tool
CWE Output: Yes CWE Searchable: Yes CWE Coverage: Planned

Name: CodeSecure Verifier
Type: Web Application Source Code Analysis Suite
CWE Output: Yes CWE Searchable: Yes CWE Coverage: Planned

Name: CodeSecure Workbench
Type: Web Application Source Code Analysis Tool
CWE Output: Yes CWE Searchable: Yes CWE Coverage: Planned

CERIAS/Purdue University CERIAS/Purdue University	Date Declared: February 20, 2007

Web Site:  www.cerias.purdue.edu
Quote/Declaration: The exhaustiveness and organization of the CWE coverage is attractive both as an educational tool, and to make sure that students are exposed to secure programming issues in a systematic way that is representative of the most frequent and important problems. I have started revising the secure programming slides with CWE content, and expect to be done midway through Fall 2007.

Name: Secure programming class, CS390S
Type: Secure Programming Class and Publicly Available Teaching Materials
CWE Output: Yes CWE Searchable: Yes CWE Coverage: Planned

Checkmarx Checkmarx	Date Declared: March 19, 2008

Web Site:  www.checkmarx.com
Quote/Declaration: Checkmarx is an enthusiastic supporter of CWE standards and best practices. The combination of Checkmarx new generation Static Analysis Security Testing technology, together with CWE's industry's leading standards, provides the programming community a more secure and vulnerability free environment. Exposing CWE's standards to our rapidly growing customer base, both in the US and the rest of the world, has proven to be effective in identifying vulnerabilities and contributing to a more secure cyber world.

Name: CxSuite
Type: Static Application Security Testing/Application Security Code Review
CWE Output: Yes CWE Searchable: Planned CWE Coverage: Planned

Cigital, Inc. Cigital, Inc.	Date Declared: February 05, 2007

Web Site:  www.cigital.com

Name: Architectural and Design Risk Management
Type: Software Security Architecture and Design Risk Assessment and Management
CWE Output: Yes CWE Searchable: Yes CWE Coverage: Planned

Name: Secure Code Review with Automated Tools
Type: Security Code Assessment
CWE Output: Yes CWE Searchable: Yes CWE Coverage: Planned

Name: Security Training and Awareness (various courses)
Type: Software Security Training and Awareness Courses
CWE Output: Yes CWE Searchable: Yes CWE Coverage: Planned

Fortify Software Fortify Software	Date Declared: January 25, 2007

Web Site:  www.fortifysoftware.com
Quote/Declaration: Fortify has been a strong supporter of CWE since its inception and our Security Research Group contributes new vulnerabilities on an ongoing basis. We believe that a strong industry standard will empower the industry to become more effective at identifying and eliminating vulnerabilities in software and we design our tools to support the adoption of CWE among our customers.

Name: Fortify Source Code Analysis (SCA)
Type: Source Code Analysis Tool
CWE Output: Yes CWE Searchable: Planned CWE Coverage: Planned

GrammaTech, Inc. GrammaTech, Inc.	Date Declared: March 13, 2007

Web Site:  www.grammatech.com
Quote/Declaration: GrammaTech's CodeSonar is a static analysis tool for finding programming flaws and security vulnerabilities in C/C++ code. The CWE is an important and valuable initiative that will help CodeSonar users understand the state of their code more effectively. GrammaTech is pleased to participate in this effort.

Name: CodeSonar
Type: Static Analysis Tool
CWE Output: Yes CWE Searchable: Yes CWE Coverage: Yes

Klocwork, Inc. Klocwork, Inc.	Date Declared: February 05, 2007

Web Site:  www.klocwork.com

Name: Klocwork Enterprise Development Suite
Type: Assessment and Remediation Tool
CWE Output: Planned CWE Searchable: Planned CWE Coverage: Planned

Ounce Labs Ounce Labs	Date Declared: January 25, 2007

Web Site:  www.ouncelabs.com
Quote/Declaration: Ounce Labs is happy to participate in the CWE initiative, and to continue to support its effort by providing new, unique, and emerging vulnerability information. This initiative will empower organizations to seek out the best products for their needs using a common definition and description of security vulnerabilities.

Name: Ounce
Type: Static Source Code Analysis Tool
CWE Output: Planned CWE Searchable: Planned CWE Coverage: Planned

SANS Institute SANS Institute	Date Declared: July 02, 2007

Web Site:  www.sans.org
Quote/Declaration: Working closely with CWE will help SANS ensure that questions for the Secure Programming Exams will have the broadest coverage for each language, at a level of detail that is appropriate for programmers. By monitoring additions to CWE, we will be able to stay up-to-date with the most recently discovered types of weaknesses, along with real-world CVE examples that show how these issues can manifest themselves. By using CWE identifiers, we can avoid the ambiguity in terminology that still exists, giving clear guidance to programmers about the mistakes that they must know how to avoid.

Name: Secure Programming Exams/Assessments
Type: Professional Secure Programming Examination
CWE Output: Planned CWE Searchable: Planned CWE Coverage: Planned

Security-Database Security-Database	Date Declared: May 5, 2008

Web Site:  www.security-database.com
Quote/Declaration: CWE is great effort to empower organizations to better identify and eliminate programming flaws. Security-Database is pleased to support this initiative by supplying CWE information along with vulnerability information. We are also planning to ensure CWE compatibility with our next vulnerability management software.

Name: Security-Database Web Services
Type: Web Services
CWE Output: Yes CWE Searchable: Yes CWE Coverage: Yes

SkillBridge, LLC SkillBridge, LLC	Date Declared: January 11, 2008

Web Site:  www.skillbridgetraining.com
Quote/Declaration: SkillBridge is pursuing CWE compatibility for its Secure Programming training offerings to better incorporate industry standards and best practices into the solutions we provide to our client base.

Name: Secure Application Development Training Courses
Type: Instructor Led Training
CWE Output: Planned CWE Searchable: Planned CWE Coverage: Planned

SofCheck Inc. SofCheck Inc.	Date Declared: March 02, 2007

Web Site:  www.sofcheck.com
Quote/Declaration: SofCheck Inspector is a new Static Analysis and fault detection Tool. It uses static control-flow, data-flow, and possible-value-set propagation techniques to identify places where run-time errors could occur. Since 50%+ of all Vulnerabilities instances result from errors in the application code this automated software quality technique allows vulnerabilities to be identified and eliminated very early in the software life cycle.

Name: SofCheck Inspector for Ada
Type: Static Analysis and Fault Detection Tool
CWE Searchable: Yes CWE Output: Planned CWE Coverage: Planned

SPI Dynamics SPI Dynamics	Date Declared: February 05, 2007

Web Site:  www.spidynamics.com
Quote/Declaration: SPI Dynamics recognizes the importance of establishing industry standard terminology and classification with regard to weaknesses in software and is pleased to support the efforts of Mitre to establish the CWE standard by ensuring CWE compatibility for all SPI Dynamics' products and services.

Name: AMP
Type: Software Application
CWE Output: Planned CWE Searchable: Planned CWE Coverage: Planned

Name: DevInspect
Type: Software Application
CWE Output: Planned CWE Searchable: Planned CWE Coverage: Planned

Name: QAInspect
Type: Software Application
CWE Output: Planned CWE Searchable: Planned CWE Coverage: Planned

Name: WebInspect
Type: Software Application
CWE Output: Planned CWE Searchable: Planned CWE Coverage: Planned

Name: WebInspect Direct
Type: Software Application
CWE Output: Planned CWE Searchable: Planned CWE Coverage: Planned

Veracode, Inc. Veracode, Inc.	Date Declared: February 05, 2007

Web Site:  www.veracode.com
Quote/Declaration: Veracode feels strongly that standards in naming and measurement are required to advance the state of software assurance. We have built our technology and service offering with CWE IDs as our base identifier as we feel our customers are best served by this industry standard naming scheme. We also look forward to completing the effectiveness phase as soon as possible so we can showcase our security analysis capabilities to potential customers without the requirement of time consuming evaluations.

Name: SecurityReview
Type: Assessment Service
CWE Output: Yes CWE Searchable: Yes CWE Coverage: Yes

Watchfire Watchfire	Date Declared: February 05, 2007

Web Site:  www.watchfire.com

Name: AppScan
Type: Web Application Security Assessment Tool
CWE Output: Planned CWE Searchable: Planned CWE Coverage: Planned

Name: AppScan Enterprise
Type: Enterprise Web Application Security Assessment Tool
CWE Output: Planned CWE Searchable: Planned CWE Coverage: Planned

Name: AppScan Enterprise OnDemand
Type: Web Application Security Assessment Service
CWE Output: Planned CWE Searchable: Planned CWE Coverage: Planned