CWE - Sort By Category

NOTICE: As of 4/16/2024, the CWE Compatibility Program has been discontinued. The product listings included in this section have been moved to "archive" status.

MOVING FORWARD: Please follow these CWE Compatibility Requirements to consider your product or service "CWE Compatible."

Archived:

All organizations participating in the Compatibility Program are inlcuded below within the six (6) categories listed.

Application-Level Firewall

Product (1)	Organization (1)	Type	Country (1)	Capability	Status

Xshark RASP Self-Adaptive Threat Immunity Platform	Beijing Anpro Information Technology Co. LTD	Application-Level Firewall	China	Coverage Output Searchable

Assessment and Remediation Tool

Product (106)	Organization (65)	Type	Country (18)	Capability	Status

Astrée	AbsInt Angewandte Informatik GmbH	Static Analysis Tool and Coding Rules Checker	Germany	Coverage Output Searchable
BigLook	Evenstar	Code verification tool for ensuring source code compliance with domestic and international code seucrity guidelines.	Korea	Coverage Output Searchable
BinSearch	ValiantSec Technology Co.,Ltd	SCA	China	Coverage Output Searchable
C/C++test	Parasoft Corporation	Static Code Analysis	United States	Coverage Output Searchable
CAST Application Intelligence Platform	CAST	Automated Application Assessment Platform	France	Output Searchable Coverage
Checkmarx Static application security testing (SAST)	Checkmarx	Static application security testing engine - available both as an on-premises application or in the cloud as part of the Checkmarx One application security suite.	Israel	Coverage Output Searchable
COBOT	Beijing Beida Software Engineering Development Co., Ltd.	Program Static Analysis Tool	P.R. China	Coverage Output Searchable
COBOT-SCA	Beijing Beida Software Engineering Development Co., Ltd.	Software Composition And Vulnerability Analysis	P.R. China	Coverage Output Searchable
CODE-RAY	TRINITYSOFT Co., Ltd	Source Code Security weakness analysis tool	Korea	Coverage Output Searchable
CodeAnt	ValiantSec Technology Co.,Ltd	SCA and Development security	China	Coverage Output Searchable
CodeArts Check	Hangzhou Huawei Cloud Computing Technologies Co., Ltd	CodeArts Check/Code static analysis/SAST(Static Application Security Testing)	China	Coverage Output Searchable
CodePeer	AdaCore	Automated Code Review and Validation Tool	United States	Coverage Output Searchable
CodeScroll Code Inspector	Suresoft Technologies Inc.	Code-Based Auto Inspection Tool	Korea	Coverage Output Searchable
CodeScroll SNIPER	Suresoft Technologies Inc.	Static Code Analysis Tool	Korea	Coverage Output Searchable
CodeScroll STATIC	Suresoft Technologies Inc.	Web-based Static Code Analysis Tool	Korea	Coverage Output Searchable
CodeSec	SecZone	Statically Apply Security Tool	China	Coverage Output Searchable
CodeSense	ValiantSec Technology Co.,Ltd	SAST	China	Coverage Output Searchable
CodeSonar	GrammaTech, Inc.	Static Analysis Tool	United States	Output Searchable Coverage
Conviso Security Compliance (CSC)	Conviso Application Security	Vulnerability Identification and Management	Brazil	Output Searchable Coverage
Corax	Shanghai Feiyu Technology Co.,Ltd.	Static Application Security Testing	China	Coverage Output Searchable
Coverity	Synopsys Inc.	Static Application Security Testing	United States	Coverage Output Searchable
Cr0security Penetration Testing and Consultant Services	Cr0security	Network Penetration Testing and Vulnerability Assessment Services	Indonesia	Coverage Output Searchable
Cybellum Product Security Platform	Cybellum	Engine that can detect violation of CWEs in dinary files, on the assembly level.	Israel	Coverage Output Searchable
DerScanner	DerSecur Ltd.	SAST tool	Israel	Coverage Output Searchable
dotTEST	Parasoft Corporation	Static Code Analysis	United States	Coverage Output Searchable
Flawfinder	David A. Wheeler	Assessment Tool	United States	Coverage Output Searchable
FOSSCheck	Suzhou Lengjingqicai Information Technology Co.,Ltd	Software Composition Analysis Tool	China	Coverage Output Searchable
FossEye	Suzhou Lengjingqicai Information Technology Co.,Ltd	Open source security and compliance governance Tool	China	Coverage Output Searchable
IBM Security AppScan Standard	IBM Security Systems	Web Application Security Assessment Scanner	United States	Output Searchable Coverage
Imagix 4D, with Checklist for CWE	Imagix Corporation	Static Analysis and Change Review Tool	United States	Coverage Output Searchable
Jtest	Parasoft Corporation	Static Code Analysis	United States	Coverage Output Searchable
Julia	Julia S.R.L.	Static Program Analysis Tool	Italy	Coverage Output Searchable
Kiuwan Application Security platform	Kiuwan Software S.L	SaaS Enterprise Software Analytics Platform - Local Static Code Analysis with Emphasis on Security	Spain	Coverage Output Searchable
Klocwork Insight	Klocwork, Inc.	Assessment and Remediation Tool	Canada	Output Searchable Coverage
LDRA Testbed	LDRA	Static and Dynamic Software Analysis Tool Suite	United Kingdom	Output Searchable Coverage
LDRArules	LDRA	Static Analysis Tool and Coding Rules Checker	United Kingdom	Coverage Output Searchable
Lucent Sky Application Vulnerability Mitigation (AVM)	Lucent Sky Corporation	Application Vulnerability Mitigation	United States	Coverage Output Searchable
Micro Focus Application Defender	Micro Focus Fortify	Real-Time Detection and Prevention of Attacks	United States	Output Searchable Coverage
Micro Focus Fortify On Demand	Micro Focus Fortify	Static and Dynamic Analysis and Results Reporting Service	United States	Output Searchable Coverage
Micro Focus Software Security Center	Micro Focus Fortify	Results Reporting	United States	Output Searchable Coverage
Micro Focus Static Code Analyzer	Micro Focus Fortify	Static Analysis and Results Reporting	United States	Output Searchable Coverage
Micro Focus WebInspect	Micro Focus Fortify	Dynamic Analysis Web Application Security Assessment Tool	United States	Output Searchable Coverage
NaiveSystems Analyze	Naive Systems Ltd.	Static Analysis Tool and Coding Rules Checker	China	Coverage Output Searchable
Oversecured	Oversecured Inc	A SaaS-based mobile app vulnerability scanner	United States	Coverage Output Searchable
PC-lint Plus	Vector Informatik GmbH	C/C++ Static Code Analysis	Germany	Coverage Output Searchable
Polyspace Bug Finder	MathWorks, Inc.	Static Analysis Tool and Coding Rules Checker	France	Coverage Output Searchable
QA*C - CWE Compliance Module for C Programming Language	Programming Research, Inc.	Static Analysis of C code with advanced Data-flow/Control-flow/Cross-project and Multilanguage capabilities	United States	Coverage Output Searchable
QI-ANXIN Codesafe	QI-ANXIN Technology Group Inc.	Assessment Tool	China	Coverage Output Searchable
QI-ANXIN OSS Security	QI-ANXIN Technology Group Inc.	Assessment Tool	China	Coverage Output Searchable
RedRocket SAST	Beijing RedRocket Technology Co., Ltd	Static Analysis Tool	China	Coverage Output Searchable
RedRocket SCA	Beijing RedRocket Technology Co., Ltd	Software Composition Analysis Tool	China	Coverage Output Searchable
RESORT Code Analysis	Soft4Soft Co., Ltd.	Static Analysis Tool and Coding Rules Checker	Korea	Coverage Output Searchable
Secidea SCAP2000	Shenzhen Secidea Network Security Technology Co., Ltd	Static Application Security Testing	China	Coverage Output Searchable
SecurityPrism	GTONE Co., Ltd.	Semantic Based Static Application Security Testing Tool	Korea	Coverage Output Searchable
Seeker Interactive Application Security Testing (IAST)	Synopsys Inc.	Interactive Application Security Testing	United States	Coverage Output Searchable
SFuzz	SecZone	SFuzz	China	Coverage Output Searchable
Software Assurance Reference Dataset (SARD)	National Institute of Standards and Technology (NIST)	Web-based Software Security Assurance Application	United States	Output Searchable Coverage
SonarQube platform with C/C++ plugin	SonarSource SA	Continuous Inspection, Trending, and Code Quality Management Platform	Switzerland	Coverage Output Searchable
SonarQube platform with Java plugin	SonarSource SA	Continuous Inspection, Trending, and Code Quality Management Platform	Switzerland	Coverage Output Searchable
SonarQube platform with Objective-C plugin	SonarSource SA	Continuous Inspection, Trending, and Code Quality Management Platform	Switzerland	Coverage Output Searchable
SourceCheck	SecZone	Open Source Component Security and Compliance Management Platform	China	Coverage Output Searchable
SPARK Pro	AdaCore	Product	United States	Coverage Output Searchable
SPARROW	Sparrow Co., Ltd.	Semantic-Based Static Program Analysis Tool	Korea	Output Searchable Coverage
Static Reviewer	Security Reviewer	Static Application Security Testing (SAST)- Security, Dead Code & Best Practices	Italy	Coverage Output Searchable
Swift Fuzzer Testing Tool	GYSecurity Technology Co., Ltd	Assessment and Remediation Tool	China	Coverage Output Searchable
TBvision	LDRA	Static Analysis Tool and Coding Rules Checker	United Kingdom	Output Searchable Coverage
ThreadFix	Denim Group, Ltd	Open Source Vulnerability Management Tool	United States	Output Searchable Coverage
Tsmart Static Analyzer	School of Software, Tsinghua University	Static Analysis Tool	P.R. China	Coverage Output Searchable
UniSCA	ValiantSec Technology Co.,Ltd	SCA and Development security	China	Coverage Output Searchable
USTCHCS high confidence software analysis tool suite	Anhui USTC-Guochuang High-Confidence Software Co.,Ltd	Static Analysis Tool and Coding Rules Checker	China	Coverage Output Searchable
Vackbot	Beijing Moyunsec Technology Co.,Ltd	CART (Continuous Automated Red Teaming) + BAS (Breach and Attack Simulation)	China	Coverage Output Searchable
vFeed API and Vulnerability Database Community	ToolsWatch	Open Source Correlated and Cross-Linked Vulnerability XML Vulnerability Database	France	Coverage Output Searchable
VulHunter	SecZone	Interactive Application Security Testing Platform	China	Coverage Output Searchable
WebLayers Center Security Policy Library	WebLayers, Inc.	Software Development Lifecycle (SDLC) Governance	United States	Output Searchable Coverage
WuKong SAST	Beijing ZHONGKE TIANQI Information Technology Co.,Ltd.	SAST(Static Application Security Testing)	China	Coverage Output Searchable
Xcheck OSS threat management platform	Beijing Anpro Information Technology Co. LTD	Assessment and Remediation Tool	China	Coverage Output Searchable
Xcheck Software Composition Analysis Platform	Beijing Anpro Information Technology Co. LTD	Assessment and Remediation Tool	China	Coverage Output Searchable
Xmaze AI Pen-Testing Extension	Beijing Anpro Information Technology Co. LTD	Assessment and Remediation Tool	China	Coverage Output Searchable
Xmaze Breach and Attack Simulation Platform	Beijing Anpro Information Technology Co. LTD	Assessment and Remediation Tool	China	Coverage Output Searchable
Xmaze IAST security testing platform	Beijing Anpro Information Technology Co. LTD	Assessment and Remediation Tool	China	Coverage Output Searchable
Xmaze Static Application Security Testing Platform	Beijing Anpro Information Technology Co. LTD	Assessment and Remediation Tool	China	Coverage Output Searchable
Xmaze Threat Modeling Automation Platform	Beijing Anpro Information Technology Co. LTD	Assessment and Remediation Tool	China	Coverage Output Searchable
Yishi Firmware Supply Chain Security Management System	Anban Information Technology Co., Ltd	TOOL	China	Coverage Output Searchable
ZBG-SAST	CodeForce(Beijing)Software Technology Co., Ltd	Static Application Security Testing	China	Coverage Output Searchable
ZBG-SCA	CodeForce(Beijing)Software Technology Co., Ltd	Software Composition Analysis	China	Coverage Output Searchable

Cenzic Hailstorm Enterprise ARC	Cenzic, Inc.	Web Application Security Risk Management Platform	United States	Output Searchable Coverage	Available Available Available
Cenzic Hailstorm Professional	Cenzic, Inc.	Web Application Penetration Testing and Vulnerability Management System	United States	Output Searchable Coverage	Available Available Available
Code Dx Enterprise Edition	Code Dx, Inc.	Software Vulnerability Assessment Tool	United States	Output Searchable Coverage	Available Available Planned
Code Dx Standard Edition	Code Dx, Inc.	Software Vulnerability Assessment Tool	United States	Output Searchable Coverage	Available Available Planned
CodeSecure Enterprise	Armorize Technologies, Inc.	Web Application Source Code Analysis Tool	United States	Output Searchable Coverage	Available Available Available
CodeSecure Verifier	Armorize Technologies, Inc.	Web Application Source Code Analysis Suite	United States	Output Searchable Coverage	Available Available Available
CodeSecure Workbench	Armorize Technologies, Inc.	Web Application Source Code Analysis Tool	United States	Output Searchable Coverage	Available Available Available
COREvidence	NETpeas, SA	Cloud-Based, Multi-Engines Vulnerability Management Service	France	Output Coverage Searchable	Available Available Planned
Cppcheck	CppCheck Development Team	A tool for static C/C++ code analysis	Ireland	Output Searchable Coverage	Available Available Planned
CxCloud	Checkmarx	Static Code Analysis On Demand	Israel	Output Searchable Coverage	Available Available Available
CxEnteprise	Checkmarx	Static Code Analysis On Premise	Israel	Output Searchable Coverage	Available Available Available
CxSuite	Checkmarx	Static Application Security Testing/Application Security Code Review	Israel	Output Searchable Coverage	Available Available Available
DEFENSICS X	Codenomicon Ltd.	Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities	Finland	Output Searchable Coverage	Available Available Planned
IBM Security AppScan Enterprise	IBM Security Systems	Enterprise Web Application Security Assessment Tool	United States	Output Searchable Coverage	Planned Planned Planned
IBM Security AppScan Source	IBM Security Systems	Source Code Testing Tool	United States	Output Searchable Coverage	Available Available Available
MyJVN	Information-technology Promotion Agency, Japan (IPA)	Filtered Vulnerability Countermeasure Information Tool	Japan	Output Searchable Coverage	Available Available Available
PVS-Studio C/C++/C# static code analyzer	OOO "Program Verification Systems" (Co Ltd)	Static code analyzer	Russia	Output Searchable Coverage	Available Available Planned
SofCheck Inspector for Ada	SofCheck Inc.	Static Analysis and Fault Detection Tool	United States	Searchable Output Coverage	Available Planned Planned
Zed Attack Proxy (ZAP)	Open Web Application Security Project (OWASP)	Integrated Penetration Testing Tool for Finding Vulnerabilities in Web Applications	United Kingdom	Coverage Output Searchable	Available Available Planned

QA*CPP - CWE Compliance Module for C++ Programming Language	Programming Research, Inc.	Source Code Static Analysis Product Suite	United States	Output Searchable Coverage	Planned Planned Planned
Rational AppScan Tester Edition	IBM Rational	Development-Time Web Application Security Testing Tool	United States	Output Searchable Coverage	Planned Planned Planned

Assessment Service

Product (35)	Organization (20)	Type	Country (7)	Capability	Status

Ambionics Security	Ambionics Security	Security Service	France	Coverage Output Searchable
Cr0security Penetration Testing and Consultant Services	Cr0security	Network Penetration Testing and Vulnerability Assessment Services	Indonesia	Coverage Output Searchable
FOSSCheck	Suzhou Lengjingqicai Information Technology Co.,Ltd	Software Composition Analysis Tool	China	Coverage Output Searchable
FossEye	Suzhou Lengjingqicai Information Technology Co.,Ltd	Open source security and compliance governance Tool	China	Coverage Output Searchable
ImmuniWeb	High-Tech Bridge SA	SaaS Web Application Vulnerability Assessment Service	Switzerland	Coverage Output Searchable
IriusRisk	IriusRisk	SaaS Enterprise Threat Modeling platform	United States	Coverage Output Searchable
Micro Focus Fortify On Demand	Micro Focus Fortify	Static and Dynamic Analysis and Results Reporting Service	United States	Output Searchable Coverage
Micro Focus Software Security Center	Micro Focus Fortify	Results Reporting	United States	Output Searchable Coverage
Micro Focus WebInspect	Micro Focus Fortify	Dynamic Analysis Web Application Security Assessment Tool	United States	Output Searchable Coverage
Oversecured	Oversecured Inc	A SaaS-based mobile app vulnerability scanner	United States	Coverage Output Searchable
QI-ANXIN Codesafe	QI-ANXIN Technology Group Inc.	Assessment Tool	China	Coverage Output Searchable
QI-ANXIN OSS Security	QI-ANXIN Technology Group Inc.	Assessment Tool	China	Coverage Output Searchable
Red Hat Customer Portal	Red Hat, Inc.	Customer Assessment Service	United States	Output Searchable Coverage
Security-Database Web Services	Security-Database	Web Services	France	Output Searchable Coverage
Vackbot	Beijing Moyunsec Technology Co.,Ltd	CART (Continuous Automated Red Teaming) + BAS (Breach and Attack Simulation)	China	Coverage Output Searchable
VackScan	Beijing Moyunsec Technology Co.,Ltd	Vulnerability scanning	China	Coverage Output Searchable
Veracode Analytics	Veracode, Inc.	SAST, DAST, Manual Penetration Testing	United States	Output Searchable Coverage
Veracode Dynamic Analysis	Veracode, Inc.	SAST, DAST, Manual Penetration Testing	United States	Output Searchable Coverage
Veracode Manual Testing	Veracode, Inc.	SAST, DAST, Manual Penetration Testing	United States	Output Searchable Coverage
Veracode Static Analysis	Veracode, Inc.	SAST, DAST, Manual Penetration Testing	United States	Output Searchable Coverage
WuKong SAST	Beijing ZHONGKE TIANQI Information Technology Co.,Ltd.	SAST(Static Application Security Testing)	China	Coverage Output Searchable
Xcheck OSS threat management platform	Beijing Anpro Information Technology Co. LTD	Assessment and Remediation Tool	China	Coverage Output Searchable
Xmaze AI Pen-Testing Extension	Beijing Anpro Information Technology Co. LTD	Assessment and Remediation Tool	China	Coverage Output Searchable
Xmaze Breach and Attack Simulation Platform	Beijing Anpro Information Technology Co. LTD	Assessment and Remediation Tool	China	Coverage Output Searchable
Xmaze IAST security testing platform	Beijing Anpro Information Technology Co. LTD	Assessment and Remediation Tool	China	Coverage Output Searchable
Xmaze Static Application Security Testing Platform	Beijing Anpro Information Technology Co. LTD	Assessment and Remediation Tool	China	Coverage Output Searchable

Architectural and Design Risk Management	Cigital, Inc.	Software Security Architecture and Design Risk Assessment and Management	United States	Output Searchable Coverage	Available Available Planned
cIFrex	CXSecurity	Free Security Research Tool	Poland	Output Searchable Documentation Coverage	Available Available Available Available
COREvidence	NETpeas, SA	Cloud-Based, Multi-Engines Vulnerability Management Service	France	Output Coverage Searchable	Available Available Planned
Secure Code Review	Astyran Pte Ltd.	Secure Code Review	Singapore	Output Searchable Coverage	Available Available Planned
Secure Code Review with Automated Tools	Cigital, Inc.	Security Code Assessment	United States	Output Searchable Coverage	Available Available Planned
Secure Design Review	Astyran Pte Ltd.	Secure Design Review	Singapore	Output Searchable Coverage	Available Available Planned
Software Assurance Assessment	KDM Analytics	Software Assurance Assessment Service	United States	Output Searchable Coverage	Available Available Planned
Web Application Vulnerability Assessment	Astyran Pte Ltd.	Application Vulnerability Assessment	Singapore	Output Searchable Coverage	Available Available Available

Secure Programming Exams/Assessments	SANS Institute	Professional Secure Programming Examination	United States	Output Searchable Coverage	Planned Planned Planned

Database/Knowledge Repository

Product (19)	Organization (18)	Type	Country (9)	Capability	Status

Conviso Security Compliance (CSC)	Conviso Application Security	Vulnerability Identification and Management	Brazil	Output Searchable Coverage
High-Tech Bridge Security Advisories	High-Tech Bridge SA	Database/Knowledge Repository Based upon High-Tech Bridge's Proprietary Research	Switzerland	Output Searchable Coverage
IriusRisk	IriusRisk	SaaS Enterprise Threat Modeling platform	United States	Coverage Output Searchable
LDRA Testbed	LDRA	Static and Dynamic Software Analysis Tool Suite	United Kingdom	Output Searchable Coverage
Security-Database Web Services	Security-Database	Web Services	France	Output Searchable Coverage
Software Assurance Reference Dataset (SARD)	National Institute of Standards and Technology (NIST)	Web-based Software Security Assurance Application	United States	Output Searchable Coverage
TBvision	LDRA	Static Analysis Tool and Coding Rules Checker	United Kingdom	Output Searchable Coverage
VackScan	Beijing Moyunsec Technology Co.,Ltd	Vulnerability scanning	China	Coverage Output Searchable
vFeed API and Vulnerability Database Community	ToolsWatch	Open Source Correlated and Cross-Linked Vulnerability XML Vulnerability Database	France	Coverage Output Searchable
Vulinsight supply chain risk intelligence platform	Beijing Vulinsight Technology Co., Ltd	Vulnerability knowledge base system	China	Coverage Output Searchable
World Laboratory of Bugtraq (WLB) 2	CXSecurity	Vulnerability Database	Poland	Output Searchable Coverage
Xfuse ASOC Agile Security Platform	Beijing Anpro Information Technology Co. LTD	Software Development Practices	China	Coverage Output Searchable
Xfuse CARTA SDLC Empower ment Platform	Beijing Anpro Information Technology Co. LTD	Software Development Practices	China	Coverage Output Searchable
Yishi Firmware Supply Chain Security Management System	Anban Information Technology Co., Ltd	TOOL	China	Coverage Output Searchable

JVN iPedia	Information-technology Promotion Agency, Japan (IPA)	Vulnerability Countermeasure Information Database	Japan	Output Searchable Coverage	Available Available Available
SDElements	SD Elements	Secure Application Lifecycle Management (SALM) Tool	United States	Output Searchable Coverage	Available Available Available
SecurityAlert	SecurityReason	Web Application Security Risk Management Platform	Poland	Output Searchable Coverage	Available Available Available
SofCheck Inspector for Ada	SofCheck Inc.	Static Analysis and Fault Detection Tool	United States	Searchable Output Coverage	Available Planned Planned
Tool Output Integration Framework (TOIF)	KDM Analytics	Open Source Vulnerability Detection Platform	United States	Output Searchable Coverage	Available Available Available

Education Offering

Product (8)	Organization (8)	Type	Country (2)	Capability	Status

Cr0security Certified Security Testing	Cr0security	Professional Security Testing Certification	Indonesia	Coverage Output Searchable

Certification of Software Lifecycle Personnel	ISC2 The International Information Systems Security Certification Consortium	Professional Certification	United States	Output Searchable Coverage	Available Planned Planned
SDElements	SD Elements	Secure Application Lifecycle Management (SALM) Tool	United States	Output Searchable Coverage	Available Available Available
Secure programming class, CS390S	CERIAS/Purdue University	Secure Programming Class and Publicly Available Teaching Materials	United States	Output Searchable Coverage	Available Available Planned
Security Training and Awareness (various courses)	Cigital, Inc.	Software Security Training and Awareness Courses	United States	Output Searchable Coverage	Available Available Planned

EC-Council Certified Secure Programmer	EC-Council	Secure Programmer Certification Program	United States	Output Searchable Coverage	Planned Planned No
Secure Application Development Training Courses	SkillBridge, LLC	Instructor Led Training	United States	Output Searchable Coverage	Planned Planned Planned
Secure Programming Exams/Assessments	SANS Institute	Professional Secure Programming Examination	United States	Output Searchable Coverage	Planned Planned Planned

Software Development Practices

Product (24)	Organization (17)	Type	Country (6)	Capability	Status

BinSearch	ValiantSec Technology Co.,Ltd	SCA	China	Coverage Output Searchable
Code Check	Hangzhou Huawei Cloud Computing Technologies Co., Ltd	CodeCheck/Code static analysis/ SAST(Static Application Security Testing)	China	Coverage Output Searchable
CODE-RAY	TRINITYSOFT Co., Ltd	Source Code Security weakness analysis tool	Korea	Coverage Output Searchable
CodeAnt	ValiantSec Technology Co.,Ltd	SCA and Development security	China	Coverage Output Searchable
CodeSense	ValiantSec Technology Co.,Ltd	SAST	China	Coverage Output Searchable
Cr0security Certified Security Testing	Cr0security	Professional Security Testing Certification	Indonesia	Coverage Output Searchable
Kiuwan Application Security platform	Kiuwan Software S.L	SaaS Enterprise Software Analytics Platform - Local Static Code Analysis with Emphasis on Security	Spain	Coverage Output Searchable
Micro Focus WebInspect	Micro Focus Fortify	Dynamic Analysis Web Application Security Assessment Tool	United States	Output Searchable Coverage
QA*C - CWE Compliance Module for C Programming Language	Programming Research, Inc.	Static Analysis of C code with advanced Data-flow/Control-flow/Cross-project and Multilanguage capabilities	United States	Coverage Output Searchable
SoftSec SCA	Software Security	TOOL	China	Coverage Output Searchable
UniSCA	ValiantSec Technology Co.,Ltd	SCA and Development security	China	Coverage Output Searchable
WebLayers Center Security Policy Library	WebLayers, Inc.	Software Development Lifecycle (SDLC) Governance	United States	Output Searchable Coverage
Xfuse ASOC Agile Security Platform	Beijing Anpro Information Technology Co. LTD	Software Development Practices	China	Coverage Output Searchable
Xfuse CARTA SDLC Empower ment Platform	Beijing Anpro Information Technology Co. LTD	Software Development Practices	China	Coverage Output Searchable
ZBG-SAST	CodeForce(Beijing)Software Technology Co., Ltd	Static Application Security Testing	China	Coverage Output Searchable
ZBG-SCA	CodeForce(Beijing)Software Technology Co., Ltd	Software Composition Analysis	China	Coverage Output Searchable

Certification of Software Lifecycle Personnel	ISC2 The International Information Systems Security Certification Consortium	Professional Certification	United States	Output Searchable Coverage	Available Planned Planned
Cppcheck	CppCheck Development Team	A tool for static C/C++ code analysis	Ireland	Output Searchable Coverage	Available Available Planned
EMC Product Security Policy (PSP)	EMC Corporation and RSA (The Security Division of EMC)	Enterprise Policy for Secure Product Development	United States	Output Searchable Coverage	Available Available No
EMC Security Development Lifecycle (SDL)	EMC Corporation and RSA (The Security Division of EMC)	Enterprise Secure Development Lifecycle	United States	Output Searchable Coverage	Available Available No
EMC Vulnerability Response Policy (VRP)	EMC Corporation and RSA (The Security Division of EMC)	Enterprise Response Policy for Product Vulnerabilities	United States	Output Searchable Coverage	Available Available No
Secure Development Lifecycle	Apple, Inc.	Secure Development Lifecycle	United States	Output Coverage Searchable	Available Available No
Symantec Product Security	Symantec Corporation	Symmunize (Symantec's Secure Development Lifecycle Process)	United States	Output Searchable Coverage	Available Available No
Tool Output Integration Framework (TOIF)	KDM Analytics	Open Source Vulnerability Detection Platform	United States	Output Searchable Coverage	Available Available Available


	Site Map \| Terms of Use \| Manage Cookies \| Cookie Notice \| Privacy Policy \| Contact Us \| Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

Common Weakness Enumeration

Sort By Category