|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Product | Organization | Type | Capability | Status |
|---|---|---|---|---|
| Architectural and Design Risk Management | Cigital, Inc. | Software Security Architecture and Design Risk Assessment and Management | CWE Output CWE Searchable |
Available |
| CAST Application Intelligence Platform | CAST | Automated Application Assessment Platform | CWE Output CWE Searchable CWE Coverage |
Available |
| Cenzic Hailstorm Professional | Cenzic, Inc. | Web Application Penetration Testing and Vulnerability Management System | CWE Output CWE Searchable CWE Coverage |
Available |
| Cenzic Hailstrom Enterprise ARC | Cenzic, Inc. | Web Application Security Risk Management Platform | CWE Output CWE Searchable CWE Coverage |
Available |
| Certification of Software Lifecycle Personnel | ISC2 The International Information Systems Security Certification Consortium | Vulnerability Countermeasure Information Database | CWE Output |
Available |
| CodeSecure Enterprise | Armorize Technologies, Inc. | Web Application Source Code Analysis Tool | CWE Output CWE Searchable CWE Coverage |
Available |
| CodeSecure Verifier | Armorize Technologies, Inc. | Web Application Source Code Analysis Suite | CWE Output CWE Searchable CWE Coverage |
Available |
| CodeSecure Workbench | Armorize Technologies, Inc. | Web Application Source Code Analysis Tool | CWE Output CWE Searchable CWE Coverage |
Available |
| CodeSonar | GrammaTech, Inc. | Static Analysis Tool | CWE Output CWE Searchable CWE Coverage |
Available |
| CxSuite | Checkmarx | Static Application Security Testing/Application Security Code Review | CWE Output |
Available |
| DEFENSICS 3 | Codenomicon Ltd. | Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities | CWE Output CWE Searchable CWE Documentation |
Available |
| EMC Product Security Policy (PSP) | EMC Corporation and RSA (The Security Division of EMC) | Enterprise Policy for Secure Product Development | CWE Output CWE Searchable CWE Documentation |
Available |
| EMC Security Development Lifecycle (SDL) | EMC Corporation and RSA (The Security Division of EMC) | Enterprise Secure Development Lifecycle | CWE Output CWE Searchable CWE Documentation |
Available |
| EMC Vulnerability Response Policy (VRP) | EMC Corporation and RSA (The Security Division of EMC) | Enterprise Response Policy for Product Vulnerabilities | CWE Output CWE Searchable CWE Documentation |
Available |
| Fortify Source Code Analysis (SCA) | Fortify Software | Source Code Analysis Tool | CWE Output CWE Searchable CWE Coverage |
Available |
| Jtest | Parasoft Corporation | Java Software Quality Analysis and Testing Solution | CWE Output CWE Searchable CWE Documentation |
Available |
| JVN iPedia | Information-Technology Promotion Agency (IPA), Japan | Vulnerability Countermeasure Information Database | CWE Output CWE Searchable CWE Coverage |
Available |
| MyJVN | Information-Technology Promotion Agency (IPA), Japan | Filtered Vulnerability Countermeasure Information Tool | CWE Output CWE Searchable CWE Coverage |
Available |
| Ounce | Ounce Labs | Static Source Code Analysis Tool | CWE Output CWE Searchable CWE Coverage |
Available |
| Secure Code Review with Automated Tools | Cigital, Inc. | Security Code Assessment | CWE Output CWE Searchable |
Available |
| Secure Development Lifecycle | Apple | Secure Development Lifecycle | CWE Output CWE Coverage |
Available |
| Secure programming class, CS390S | CERIAS/Purdue University | Secure Programming Class and Publicly Available Teaching Materials | CWE Output CWE Searchable |
Available |
| Security Training and Awareness (various courses) | Cigital, Inc. | Software Security Training and Awareness Courses | CWE Output CWE Searchable |
Available |
| Security-Database Web Services | Security-Database | Web Services | CWE Output CWE Searchable CWE Coverage |
Available |
| SecurityAlert | SecurityReason | Web Application Security Risk Management Platform | CWE Output CWE Searchable CWE Coverage |
Available |
| SecurityReview | Veracode, Inc. | Assessment Service | CWE Output CWE Searchable CWE Coverage |
Available |
| SofCheck Inspector for Ada | SofCheck Inc. | Static Analysis and Fault Detection Tool | CWE Searchable |
Available |
| Software Assurance Assessment | KDM Analytics | Software Assurance Assessment Service | CWE Output CWE Searchable CWE Documentation |
Available |
| Coverity Integrity Center | Coverity, Inc. | Static Analysis Tool | CWE Output CWE Searchable CWE Documentation CWE Coverage |
Planned |
| Coverity Prevent | Coverity, Inc. | Static Analysis Tool | CWE Output CWE Searchable CWE Documentation CWE Coverage |
Planned |
| HP Assessment Management Platform software | HP Application Security Center | Enterprise Platform for Managing a Web Application Security Assessment Program | CWE Output CWE Searchable CWE Coverage |
Planned |
| HP DevInspect | HP Application Security Center | Web Application Security Assessment Tool for Developers | CWE Output CWE Searchable CWE Coverage |
Planned |
| HP QAInspect software | HP Application Security Center | Web Application Security Assessment Tool for QA | CWE Output CWE Searchable CWE Coverage |
Planned |
| HP SaaS for ASC | HP Application Security Center | Web Application Security Assessment and AMP delivered through Software-as-a-Service | CWE Output CWE Searchable CWE Coverage |
Planned |
| HP WebInspect software | HP Application Security Center | Web Application Security Assessment Tool | CWE Output CWE Searchable CWE Coverage |
Planned |
| Klocwork Enterprise Development Suite | Klocwork, Inc. | Assessment and Remediation Tool | CWE Output CWE Searchable CWE Coverage |
Planned |
| LDRA Testbed | LDRA | Static and Dynamic Software Analysis Tool Suite | CWE Output CWE Searchable CWE Documentation CWE Coverage |
Planned |
| QA*C - CWE Compliance Module for C Programming Language | Programming Research, Inc. | Source Code Static Analysis Product Suite | CWE Output CWE Searchable CWE Documentation CWE Coverage |
Planned |
| QA*CPP - CWE Compliance Module for C++ Programming Language | Programming Research, Inc. | Source Code Static Analysis Product Suite | CWE Output CWE Searchable CWE Documentation CWE Coverage |
Planned |
| Rational AppScan Build Edition | IBM Rational | Web Application Security Testing Tool For QA | CWE Output CWE Searchable CWE Coverage |
Planned |
| Rational AppScan Developer Edition | IBM Rational | Embedded Build-Time Web Application Security Testing Tool | CWE Output CWE Searchable CWE Coverage |
Planned |
| Rational AppScan Enterprise Edition | IBM Rational | Enterprise Web Application Security Assessment Tool | CWE Output CWE Searchable CWE Coverage |
Planned |
| Rational AppScan Express Edition | IBM Rational | Web Application Security Assessment Tool | CWE Output CWE Searchable CWE Coverage |
Planned |
| Rational AppScan Standard Edition | IBM Rational | Web Application Security Assessment Tool | CWE Output CWE Searchable CWE Coverage |
Planned |
| Rational AppScan Tester Edition | IBM Rational | Development-Time Web Application Security Testing Tool | CWE Output CWE Searchable CWE Coverage |
Planned |
| Secure Application Development Training Courses | SkillBridge, LLC | Instructor Led Training | CWE Output CWE Searchable CWE Coverage |
Planned |
| Secure Programming Exams/Assessments | SANS Institute | Professional Secure Programming Examination | CWE Output CWE Searchable CWE Coverage |
Planned |
|
|
|||