|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| TOTALS | |
| Organizations Participating: 15 | |
| Products & Services: 25 | |
All organizations participating in the CWE Compatibility and Effectiveness Program are listed below.
Products are listed alphabetically by organization name:
|
Armorize Technologies, Inc.
Armorize Technologies, Inc.
|
Date Declared: March 09, 2007 |
|---|
Web Site:
www.armorize.com
Quote/Declaration: Armorize appreciates the CWE initiative in assisting
organizations in their evaluation of automated static analysis tools
and is pleased to support this industry standard naming scheme for
all Armorize Technologies' products and services to best served our
customers.
| Name: CodeSecure Enterprise | ||
| Type: Web Application Source Code Analysis Tool | ||
| CWE Output: Yes
CWE Searchable: Yes CWE Coverage: Planned |
||
| Name: CodeSecure Verifier | ||
| Type: Web Application Source Code Analysis Suite | ||
| CWE Output: Yes
CWE Searchable: Yes CWE Coverage: Planned |
||
| Name: CodeSecure Workbench | ||
| Type: Web Application Source Code Analysis Tool | ||
| CWE Output: Yes
CWE Searchable: Yes CWE Coverage: Planned |
||
|
CERIAS/Purdue University
CERIAS/Purdue University
|
Date Declared: February 20, 2007 |
|---|
Web Site:
www.cerias.purdue.edu
Quote/Declaration: The exhaustiveness and organization of the CWE coverage is attractive
both as an educational tool, and to make sure that students are
exposed to secure programming issues in a systematic way that is
representative of the most frequent and important problems. I have
started revising the secure programming slides with CWE content, and
expect to be done midway through Fall 2007.
| Name: Secure programming class, CS390S | ||
| Type: Secure Programming Class and Publicly Available Teaching Materials | ||
| CWE Output: Yes
CWE Searchable: Yes CWE Coverage: Planned |
||
|
Checkmarx
Checkmarx
|
Date Declared: March 19, 2008 |
|---|
Web Site:
www.checkmarx.com
Quote/Declaration: Checkmarx is an enthusiastic supporter of CWE standards and best practices. The combination of Checkmarx new generation Static Analysis Security Testing technology, together with CWE's industry's leading standards, provides the programming community a more secure and vulnerability free environment. Exposing CWE's standards to our rapidly growing customer base, both in the US and the rest of the world, has proven to be effective in identifying vulnerabilities and contributing to a more secure cyber world.
| Name: CxSuite | ||
| Type: Static Application Security Testing/Application Security Code Review | ||
| CWE Output: Yes
CWE Searchable: Planned CWE Coverage: Planned |
||
|
Cigital, Inc.
Cigital, Inc.
|
Date Declared: February 05, 2007 |
|---|
Web Site:
www.cigital.com
| Name: Architectural and Design Risk Management | ||
| Type: Software Security Architecture and Design Risk Assessment and Management | ||
| CWE Output: Yes
CWE Searchable: Yes CWE Coverage: Planned |
||
| Name: Secure Code Review with Automated Tools | ||
| Type: Security Code Assessment | ||
| CWE Output: Yes
CWE Searchable: Yes CWE Coverage: Planned |
||
| Name: Security Training and Awareness (various courses) | ||
| Type: Software Security Training and Awareness Courses | ||
| CWE Output: Yes
CWE Searchable: Yes CWE Coverage: Planned |
||
|
Fortify Software
Fortify Software
|
Date Declared: January 25, 2007 |
|---|
Web Site:
www.fortifysoftware.com
Quote/Declaration: Fortify has been a strong supporter of CWE since its inception and our
Security Research Group contributes new vulnerabilities on an ongoing
basis. We believe that a strong industry standard will empower the
industry to become more effective at identifying and eliminating
vulnerabilities in software and we design our tools to support the
adoption of CWE among our customers.
| Name: Fortify Source Code Analysis (SCA) | ||
| Type: Source Code Analysis Tool | ||
| CWE Output: Yes
CWE Searchable: Planned CWE Coverage: Planned |
||
|
GrammaTech, Inc.
GrammaTech, Inc.
|
Date Declared: March 13, 2007 |
|---|
Web Site:
www.grammatech.com
Quote/Declaration: GrammaTech's CodeSonar is a static analysis tool for finding programming flaws and security vulnerabilities in C/C++ code. The CWE is an important and valuable initiative that will help CodeSonar users understand the state of their code more effectively. GrammaTech is pleased to participate in this effort.
| Name: CodeSonar | ||
| Type: Static Analysis Tool | ||
| CWE Output: Yes
CWE Searchable: Yes CWE Coverage: Yes |
||
|
Klocwork, Inc.
Klocwork, Inc.
|
Date Declared: February 05, 2007 |
|---|
Web Site:
www.klocwork.com
| Name: Klocwork Enterprise Development Suite | ||
| Type: Assessment and Remediation Tool | ||
| CWE Output: Planned
CWE Searchable: Planned CWE Coverage: Planned |
||
|
Ounce Labs
Ounce Labs
|
Date Declared: January 25, 2007 |
|---|
Web Site:
www.ouncelabs.com
Quote/Declaration: Ounce Labs is happy to participate in the CWE initiative, and to continue to support its effort by providing new, unique, and emerging vulnerability information. This initiative will empower organizations to seek out the best products for their needs using a common definition and description of security vulnerabilities.
| Name: Ounce | ||
| Type: Static Source Code Analysis Tool | ||
| CWE Output: Planned
CWE Searchable: Planned CWE Coverage: Planned |
||
|
SANS Institute
SANS Institute
|
Date Declared: July 02, 2007 |
|---|
Web Site:
www.sans.org
Quote/Declaration: Working closely with CWE will help SANS ensure that questions for the Secure
Programming Exams will have the broadest coverage for each language, at a
level of detail that is appropriate for programmers. By monitoring additions
to CWE, we will be able to stay up-to-date with the most recently discovered
types of weaknesses, along with real-world CVE examples that show how these
issues can manifest themselves. By using CWE identifiers, we can avoid the
ambiguity in terminology that still exists, giving clear guidance to
programmers about the mistakes that they must know how to avoid.
| Name: Secure Programming Exams/Assessments | ||
| Type: Professional Secure Programming Examination | ||
| CWE Output: Planned
CWE Searchable: Planned CWE Coverage: Planned |
||
|
Security-Database
Security-Database
|
Date Declared: May 5, 2008 |
|---|
Web Site:
www.security-database.com
Quote/Declaration: CWE is great effort to empower organizations to better identify and eliminate programming flaws. Security-Database is pleased to support this initiative by supplying CWE information along with vulnerability information. We are also planning to ensure CWE compatibility with our next vulnerability management software.
| Name: Security-Database Web Services | ||
| Type: Web Services | ||
| CWE Output: Yes
CWE Searchable: Yes CWE Coverage: Yes |
||
|
SkillBridge, LLC
SkillBridge, LLC
|
Date Declared: January 11, 2008 |
|---|
Web Site:
www.skillbridgetraining.com
Quote/Declaration: SkillBridge is pursuing CWE compatibility for its Secure Programming training offerings to better incorporate industry standards and best practices into the solutions we provide to our client base.
| Name: Secure Application Development Training Courses | ||
| Type: Instructor Led Training | ||
| CWE Output: Planned
CWE Searchable: Planned CWE Coverage: Planned |
||
|
SofCheck Inc.
SofCheck Inc.
|
Date Declared: March 02, 2007 |
|---|
Web Site:
www.sofcheck.com
Quote/Declaration: SofCheck Inspector is a new Static Analysis and fault detection Tool.
It uses static control-flow, data-flow, and possible-value-set
propagation techniques to identify places where run-time errors could
occur. Since 50%+ of all Vulnerabilities instances result from errors
in the application code this automated software quality technique
allows vulnerabilities to be identified and eliminated very early in
the software life cycle.
| Name: SofCheck Inspector for Ada | ||
| Type: Static Analysis and Fault Detection Tool | ||
| CWE Searchable: Yes
CWE Output: Planned CWE Coverage: Planned |
||
|
SPI Dynamics
SPI Dynamics
|
Date Declared: February 05, 2007 |
|---|
Web Site:
www.spidynamics.com
Quote/Declaration: SPI Dynamics recognizes the importance of establishing industry
standard terminology and classification with regard to weaknesses in
software and is pleased to support the efforts of Mitre to establish the CWE
standard by ensuring CWE compatibility for all SPI Dynamics' products and
services.
| Name: AMP | ||
| Type: Software Application | ||
| CWE Output: Planned
CWE Searchable: Planned CWE Coverage: Planned |
||
| Name: DevInspect | ||
| Type: Software Application | ||
| CWE Output: Planned
CWE Searchable: Planned CWE Coverage: Planned |
||
| Name: QAInspect | ||
| Type: Software Application | ||
| CWE Output: Planned
CWE Searchable: Planned CWE Coverage: Planned |
||
| Name: WebInspect | ||
| Type: Software Application | ||
| CWE Output: Planned
CWE Searchable: Planned CWE Coverage: Planned |
||
| Name: WebInspect Direct | ||
| Type: Software Application | ||
| CWE Output: Planned
CWE Searchable: Planned CWE Coverage: Planned |
||
|
Veracode, Inc.
Veracode, Inc.
|
Date Declared: February 05, 2007 |
|---|
Web Site:
www.veracode.com
Quote/Declaration: Veracode feels strongly that standards in naming and measurement are required to advance the state of software assurance. We have built our technology and service offering with CWE IDs as our base identifier as we feel our customers are best served by this industry standard naming scheme. We also look forward to completing the effectiveness phase as soon as possible so we can showcase our security analysis capabilities to potential customers without the requirement of time consuming evaluations.
| Name: SecurityReview | ||
| Type: Assessment Service | ||
| CWE Output: Yes
CWE Searchable: Yes CWE Coverage: Yes |
||
|
Watchfire
Watchfire
|
Date Declared: February 05, 2007 |
|---|
Web Site:
www.watchfire.com
| Name: AppScan | ||
| Type: Web Application Security Assessment Tool | ||
| CWE Output: Planned
CWE Searchable: Planned CWE Coverage: Planned |
||
| Name: AppScan Enterprise | ||
| Type: Enterprise Web Application Security Assessment Tool | ||
| CWE Output: Planned
CWE Searchable: Planned CWE Coverage: Planned |
||
| Name: AppScan Enterprise OnDemand | ||
| Type: Web Application Security Assessment Service | ||
| CWE Output: Planned
CWE Searchable: Planned CWE Coverage: Planned |
||
|
|
|||