CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities

New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > Compatibility > Sort By Country  
ID

Sort By Country

NOTICE: As of 4/16/2024, the CWE Compatibility Program has been discontinued. The product listings included in this section have been moved to "archive" status.

MOVING FORWARD: Please follow these CWE Compatibility Requirements to consider your product or service "CWE Compatible."

Archived:

All organizations participating in the Compatibility Program are listed below.

Country (20) Organization (87) Product (148) Type Capability Compatibility Status
Brazil Conviso Application Security Conviso Security Compliance (CSC) Vulnerability Identification and Management
Output
Searchable
Coverage
Canada Klocwork, Inc. Klocwork Insight Assessment and Remediation Tool
Output
Searchable
Coverage
China Anban Information Technology Co., Ltd Yishi Firmware Supply Chain Security Management System TOOL
Coverage
Output
Searchable
China Anhui USTC-Guochuang High-Confidence Software Co.,Ltd USTCHCS high confidence software analysis tool suite Static Analysis Tool and Coding Rules Checker
Coverage
Output
Searchable
China Beijing Anpro Information Technology Co. LTD Xcheck OSS threat management platform Assessment and Remediation Tool
Coverage
Output
Searchable
China Beijing Anpro Information Technology Co. LTD Xcheck Software Composition Analysis Platform Assessment and Remediation Tool
Coverage
Output
Searchable
China Beijing Anpro Information Technology Co. LTD Xfuse ASOC Agile Security Platform Software Development Practices
Coverage
Output
Searchable
China Beijing Anpro Information Technology Co. LTD Xfuse CARTA SDLC Empower ment Platform Software Development Practices
Coverage
Output
Searchable
China Beijing Anpro Information Technology Co. LTD Xmaze AI Pen-Testing Extension Assessment and Remediation Tool
Coverage
Output
Searchable
China Beijing Anpro Information Technology Co. LTD Xmaze Breach and Attack Simulation Platform Assessment and Remediation Tool
Coverage
Output
Searchable
China Beijing Anpro Information Technology Co. LTD Xmaze IAST security testing platform Assessment and Remediation Tool
Coverage
Output
Searchable
China Beijing Anpro Information Technology Co. LTD Xmaze Static Application Security Testing Platform Assessment and Remediation Tool
Coverage
Output
Searchable
China Beijing Anpro Information Technology Co. LTD Xmaze Threat Modeling Automation Platform Assessment and Remediation Tool
Coverage
Output
Searchable
China Beijing Anpro Information Technology Co. LTD Xshark RASP Self-Adaptive Threat Immunity Platform Application-Level Firewall
Coverage
Output
Searchable
China Beijing Moyunsec Technology Co.,Ltd Vackbot CART (Continuous Automated Red Teaming) + BAS (Breach and Attack Simulation)
Coverage
Output
Searchable
China Beijing Moyunsec Technology Co.,Ltd VackScan Vulnerability scanning
Coverage
Output
Searchable
China Beijing RedRocket Technology Co., Ltd RedRocket SAST Static Analysis Tool
Coverage
Output
Searchable
China Beijing RedRocket Technology Co., Ltd RedRocket SCA Software Composition Analysis Tool
Coverage
Output
Searchable
China Beijing Vulinsight Technology Co., Ltd Vulinsight supply chain risk intelligence platform Vulnerability knowledge base system
Coverage
Output
Searchable
China Beijing ZHONGKE TIANQI Information Technology Co.,Ltd. WuKong SAST SAST(Static Application Security Testing)
Coverage
Output
Searchable
China CodeForce(Beijing)Software Technology Co., Ltd ZBG-SAST Static Application Security Testing
Coverage
Output
Searchable
China CodeForce(Beijing)Software Technology Co., Ltd ZBG-SCA Software Composition Analysis
Coverage
Output
Searchable
China GYSecurity Technology Co., Ltd Swift Fuzzer Testing Tool Assessment and Remediation Tool
Coverage
Output
Searchable
China Hangzhou Huawei Cloud Computing Technologies Co., Ltd Code Check CodeCheck/Code static analysis/ SAST(Static Application Security Testing)
Coverage
Output
Searchable
China Hangzhou Huawei Cloud Computing Technologies Co., Ltd CodeArts Check CodeArts Check/Code static analysis/SAST(Static Application Security Testing)
Coverage
Output
Searchable
China Naive Systems Ltd. NaiveSystems Analyze Static Analysis Tool and Coding Rules Checker
Coverage
Output
Searchable
China QI-ANXIN Technology Group Inc. QI-ANXIN Codesafe Assessment Tool
Coverage
Output
Searchable
China QI-ANXIN Technology Group Inc. QI-ANXIN OSS Security Assessment Tool
Coverage
Output
Searchable
China SecZone CodeSec Statically Apply Security Tool
Coverage
Output
Searchable
China SecZone SFuzz SFuzz
Coverage
Output
Searchable
China SecZone SourceCheck Open Source Component Security and Compliance Management Platform
Coverage
Output
Searchable
China SecZone VulHunter Interactive Application Security Testing Platform
Coverage
Output
Searchable
China Shanghai Feiyu Technology Co.,Ltd. Corax Static Application Security Testing
Coverage
Output
Searchable
China Shenzhen Secidea Network Security Technology Co., Ltd Secidea SCAP2000 Static Application Security Testing
Coverage
Output
Searchable
China Software Security SoftSec SCA TOOL
Coverage
Output
Searchable
China Suzhou Lengjingqicai Information Technology Co.,Ltd FOSSCheck Software Composition Analysis Tool
Coverage
Output
Searchable
China Suzhou Lengjingqicai Information Technology Co.,Ltd FossEye Open source security and compliance governance Tool
Coverage
Output
Searchable
China ValiantSec Technology Co.,Ltd BinSearch SCA
Coverage
Output
Searchable
China ValiantSec Technology Co.,Ltd CodeAnt SCA and Development security
Coverage
Output
Searchable
China ValiantSec Technology Co.,Ltd CodeSense SAST
Coverage
Output
Searchable
China ValiantSec Technology Co.,Ltd UniSCA SCA and Development security
Coverage
Output
Searchable
Finland Codenomicon Ltd. DEFENSICS X Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities
Output
Searchable
Coverage
Available
Available
Planned
France Ambionics Security Ambionics Security Security Service
Coverage
Output
Searchable
France CAST CAST Application Intelligence Platform Automated Application Assessment Platform
Output
Searchable
Coverage
France MathWorks, Inc. Polyspace Bug Finder Static Analysis Tool and Coding Rules Checker
Coverage
Output
Searchable
France NETpeas, SA COREvidence Cloud-Based, Multi-Engines Vulnerability Management Service
Output
Coverage
Searchable
Available
Available
Planned
France Security-Database Security-Database Web Services Web Services
Output
Searchable
Coverage
France ToolsWatch vFeed API and Vulnerability Database Community Open Source Correlated and Cross-Linked Vulnerability XML Vulnerability Database
Coverage
Output
Searchable
Germany AbsInt Angewandte Informatik GmbH Astrée Static Analysis Tool and Coding Rules Checker
Coverage
Output
Searchable
Germany Vector Informatik GmbH PC-lint Plus C/C++ Static Code Analysis
Coverage
Output
Searchable
Indonesia Cr0security Cr0security Certified Security Testing Professional Security Testing Certification
Coverage
Output
Searchable
Indonesia Cr0security Cr0security Penetration Testing and Consultant Services Network Penetration Testing and Vulnerability Assessment Services
Coverage
Output
Searchable
Ireland CppCheck Development Team Cppcheck A tool for static C/C++ code analysis
Output
Searchable
Coverage
Available
Available
Planned
Israel Checkmarx Checkmarx Static application security testing (SAST) Static application security testing engine - available both as an on-premises application or in the cloud as part of the Checkmarx One application security suite.
Coverage
Output
Searchable
Israel Checkmarx CxCloud Static Code Analysis On Demand
Output
Searchable
Coverage
Available
Available
Available
Israel Checkmarx CxEnteprise Static Code Analysis On Premise
Output
Searchable
Coverage
Available
Available
Available
Israel Checkmarx CxSuite Static Application Security Testing/Application Security Code Review
Output
Searchable
Coverage
Available
Available
Available
Israel Cybellum
Israel Cybellum Cybellum Product Security Platform Engine that can detect violation of CWEs in dinary files, on the assembly level.
Coverage
Output
Searchable
Israel DerSecur Ltd. DerScanner SAST tool
Coverage
Output
Searchable
Italy Julia S.R.L. Julia Static Program Analysis Tool
Coverage
Output
Searchable
Italy Security Reviewer Static Reviewer Static Application Security Testing (SAST)- Security, Dead Code & Best Practices
Coverage
Output
Searchable
Japan Information-technology Promotion Agency, Japan (IPA) JVN iPedia Vulnerability Countermeasure Information Database
Output
Searchable
Coverage
Available
Available
Available
Japan Information-technology Promotion Agency, Japan (IPA) MyJVN Filtered Vulnerability Countermeasure Information Tool
Output
Searchable
Coverage
Available
Available
Available
Korea Evenstar BigLook Code verification tool for ensuring source code compliance with domestic and international code seucrity guidelines.
Coverage
Output
Searchable
Korea GTONE Co., Ltd. SecurityPrism Semantic Based Static Application Security Testing Tool
Coverage
Output
Searchable
Korea Soft4Soft Co., Ltd. RESORT Code Analysis Static Analysis Tool and Coding Rules Checker
Coverage
Output
Searchable
Korea Sparrow Co., Ltd. SPARROW Semantic-Based Static Program Analysis Tool
Output
Searchable
Coverage
Korea Suresoft Technologies Inc. CodeScroll Code Inspector Code-Based Auto Inspection Tool
Coverage
Output
Searchable
Korea Suresoft Technologies Inc. CodeScroll SNIPER Static Code Analysis Tool
Coverage
Output
Searchable
Korea Suresoft Technologies Inc. CodeScroll STATIC Web-based Static Code Analysis Tool
Coverage
Output
Searchable
Korea TRINITYSOFT Co., Ltd CODE-RAY Source Code Security weakness analysis tool
Coverage
Output
Searchable
P.R. China Beijing Beida Software Engineering Development Co., Ltd. COBOT Program Static Analysis Tool
Coverage
Output
Searchable
P.R. China Beijing Beida Software Engineering Development Co., Ltd. COBOT-SCA Software Composition And Vulnerability Analysis
Coverage
Output
Searchable
P.R. China School of Software, Tsinghua University Tsmart Static Analyzer Static Analysis Tool
Coverage
Output
Searchable
Poland CXSecurity cIFrex Free Security Research Tool
Output
Searchable
Documentation
Coverage
Available
Available
Available
Available
Poland CXSecurity World Laboratory of Bugtraq (WLB) 2 Vulnerability Database
Output
Searchable
Coverage
Poland SecurityReason SecurityAlert Web Application Security Risk Management Platform
Output
Searchable
Coverage
Available
Available
Available
Russia OOO "Program Verification Systems" (Co Ltd) PVS-Studio C/C++/C# static code analyzer Static code analyzer
Output
Searchable
Coverage
Available
Available
Planned
Singapore Astyran Pte Ltd. Secure Code Review Secure Code Review
Output
Searchable
Coverage
Available
Available
Planned
Singapore Astyran Pte Ltd. Secure Design Review Secure Design Review
Output
Searchable
Coverage
Available
Available
Planned
Singapore Astyran Pte Ltd. Web Application Vulnerability Assessment Application Vulnerability Assessment
Output
Searchable
Coverage
Available
Available
Available
Spain Kiuwan Software S.L Kiuwan Application Security platform SaaS Enterprise Software Analytics Platform - Local Static Code Analysis with Emphasis on Security
Coverage
Output
Searchable
Switzerland High-Tech Bridge SA High-Tech Bridge Security Advisories Database/Knowledge Repository Based upon High-Tech Bridge's Proprietary Research
Output
Searchable
Coverage
Switzerland High-Tech Bridge SA ImmuniWeb SaaS Web Application Vulnerability Assessment Service
Coverage
Output
Searchable
Switzerland SonarSource SA SonarQube platform with C/C++ plugin Continuous Inspection, Trending, and Code Quality Management Platform
Coverage
Output
Searchable
Switzerland SonarSource SA SonarQube platform with Java plugin Continuous Inspection, Trending, and Code Quality Management Platform
Coverage
Output
Searchable
Switzerland SonarSource SA SonarQube platform with Objective-C plugin Continuous Inspection, Trending, and Code Quality Management Platform
Coverage
Output
Searchable
United Kingdom LDRA LDRA Testbed Static and Dynamic Software Analysis Tool Suite
Output
Searchable
Coverage
United Kingdom LDRA LDRArules Static Analysis Tool and Coding Rules Checker
Coverage
Output
Searchable
United Kingdom LDRA TBvision Static Analysis Tool and Coding Rules Checker
Output
Searchable
Coverage
United Kingdom Open Web Application Security Project (OWASP) Zed Attack Proxy (ZAP) Integrated Penetration Testing Tool for Finding Vulnerabilities in Web Applications
Coverage
Output
Searchable
Available
Available
Planned
United States AdaCore CodePeer Automated Code Review and Validation Tool
Coverage
Output
Searchable
United States AdaCore SPARK Pro Product
Coverage
Output
Searchable
United States Apple, Inc. Secure Development Lifecycle Secure Development Lifecycle
Output
Coverage
Searchable
Available
Available
No
United States Armorize Technologies, Inc. CodeSecure Enterprise Web Application Source Code Analysis Tool
Output
Searchable
Coverage
Available
Available
Available
United States Armorize Technologies, Inc. CodeSecure Verifier Web Application Source Code Analysis Suite
Output
Searchable
Coverage
Available
Available
Available
United States Armorize Technologies, Inc. CodeSecure Workbench Web Application Source Code Analysis Tool
Output
Searchable
Coverage
Available
Available
Available
United States Cenzic, Inc. Cenzic Hailstorm Enterprise ARC Web Application Security Risk Management Platform
Output
Searchable
Coverage
Available
Available
Available
United States Cenzic, Inc. Cenzic Hailstorm Professional Web Application Penetration Testing and Vulnerability Management System
Output
Searchable
Coverage
Available
Available
Available
United States CERIAS/Purdue University Secure programming class, CS390S Secure Programming Class and Publicly Available Teaching Materials
Output
Searchable
Coverage
Available
Available
Planned
United States Cigital, Inc. Architectural and Design Risk Management Software Security Architecture and Design Risk Assessment and Management
Output
Searchable
Coverage
Available
Available
Planned
United States Cigital, Inc. Secure Code Review with Automated Tools Security Code Assessment
Output
Searchable
Coverage
Available
Available
Planned
United States Cigital, Inc. Security Training and Awareness (various courses) Software Security Training and Awareness Courses
Output
Searchable
Coverage
Available
Available
Planned
United States Code Dx, Inc. Code Dx Enterprise Edition Software Vulnerability Assessment Tool
Output
Searchable
Coverage
Available
Available
Planned
United States Code Dx, Inc. Code Dx Standard Edition Software Vulnerability Assessment Tool
Output
Searchable
Coverage
Available
Available
Planned
United States David A. Wheeler Flawfinder Assessment Tool
Coverage
Output
Searchable
United States Denim Group, Ltd ThreadFix Open Source Vulnerability Management Tool
Output
Searchable
Coverage
United States EC-Council EC-Council Certified Secure Programmer Secure Programmer Certification Program
Output
Searchable
Coverage
Planned
Planned
No
United States EMC Corporation and RSA (The Security Division of EMC) EMC Product Security Policy (PSP) Enterprise Policy for Secure Product Development
Output
Searchable
Coverage
Available
Available
No
United States EMC Corporation and RSA (The Security Division of EMC) EMC Security Development Lifecycle (SDL) Enterprise Secure Development Lifecycle
Output
Searchable
Coverage
Available
Available
No
United States EMC Corporation and RSA (The Security Division of EMC) EMC Vulnerability Response Policy (VRP) Enterprise Response Policy for Product Vulnerabilities
Output
Searchable
Coverage
Available
Available
No
United States GrammaTech, Inc. CodeSonar Static Analysis Tool
Output
Searchable
Coverage
United States IBM Rational Rational AppScan Tester Edition Development-Time Web Application Security Testing Tool
Output
Searchable
Coverage
Planned
Planned
Planned
United States IBM Security Systems IBM Security AppScan Enterprise Enterprise Web Application Security Assessment Tool
Output
Searchable
Coverage
Planned
Planned
Planned
United States IBM Security Systems IBM Security AppScan Source Source Code Testing Tool
Output
Searchable
Coverage
Available
Available
Available
United States IBM Security Systems IBM Security AppScan Standard Web Application Security Assessment Scanner
Output
Searchable
Coverage
United States Imagix Corporation Imagix 4D, with Checklist for CWE Static Analysis and Change Review Tool
Coverage
Output
Searchable
United States IriusRisk IriusRisk SaaS Enterprise Threat Modeling platform
Coverage
Output
Searchable
United States ISC2 The International Information Systems Security Certification Consortium Certification of Software Lifecycle Personnel Professional Certification
Output
Searchable
Coverage
Available
Planned
Planned
United States KDM Analytics Software Assurance Assessment Software Assurance Assessment Service
Output
Searchable
Coverage
Available
Available
Planned
United States KDM Analytics Tool Output Integration Framework (TOIF) Open Source Vulnerability Detection Platform
Output
Searchable
Coverage
Available
Available
Available
United States Lucent Sky Corporation Lucent Sky Application Vulnerability Mitigation (AVM) Application Vulnerability Mitigation
Coverage
Output
Searchable
United States Micro Focus Fortify Micro Focus Application Defender Real-Time Detection and Prevention of Attacks
Output
Searchable
Coverage
United States Micro Focus Fortify Micro Focus Fortify On Demand Static and Dynamic Analysis and Results Reporting Service
Output
Searchable
Coverage
United States Micro Focus Fortify Micro Focus Software Security Center Results Reporting
Output
Searchable
Coverage
United States Micro Focus Fortify Micro Focus Static Code Analyzer Static Analysis and Results Reporting
Output
Searchable
Coverage
United States Micro Focus Fortify Micro Focus WebInspect Dynamic Analysis Web Application Security Assessment Tool
Output
Searchable
Coverage
United States National Institute of Standards and Technology (NIST) Software Assurance Reference Dataset (SARD) Web-based Software Security Assurance Application
Output
Searchable
Coverage
United States Oversecured Inc Oversecured A SaaS-based mobile app vulnerability scanner
Coverage
Output
Searchable
United States Parasoft Corporation C/C++test Static Code Analysis
Coverage
Output
Searchable
United States Parasoft Corporation dotTEST Static Code Analysis
Coverage
Output
Searchable
United States Parasoft Corporation Jtest Static Code Analysis
Coverage
Output
Searchable
United States Programming Research, Inc. QA*C - CWE Compliance Module for C Programming Language Static Analysis of C code with advanced Data-flow/Control-flow/Cross-project and Multilanguage capabilities
Coverage
Output
Searchable
United States Programming Research, Inc. QA*CPP - CWE Compliance Module for C++ Programming Language Source Code Static Analysis Product Suite
Output
Searchable
Coverage
Planned
Planned
Planned
United States Red Hat, Inc. Red Hat Customer Portal Customer Assessment Service
Output
Searchable
Coverage
United States SANS Institute Secure Programming Exams/Assessments Professional Secure Programming Examination
Output
Searchable
Coverage
Planned
Planned
Planned
United States SD Elements SDElements Secure Application Lifecycle Management (SALM) Tool
Output
Searchable
Coverage
Available
Available
Available
United States SkillBridge, LLC Secure Application Development Training Courses Instructor Led Training
Output
Searchable
Coverage
Planned
Planned
Planned
United States SofCheck Inc. SofCheck Inspector for Ada Static Analysis and Fault Detection Tool
Searchable
Output
Coverage
Available
Planned
Planned
United States Symantec Corporation Symantec Product Security Symmunize (Symantec's Secure Development Lifecycle Process)
Output
Searchable
Coverage
Available
Available
No
United States Synopsys Inc. Coverity Static Application Security Testing
Coverage
Output
Searchable
United States Synopsys Inc. Seeker Interactive Application Security Testing (IAST) Interactive Application Security Testing
Coverage
Output
Searchable
United States Veracode, Inc. Veracode Analytics SAST, DAST, Manual Penetration Testing
Output
Searchable
Coverage
United States Veracode, Inc. Veracode Dynamic Analysis SAST, DAST, Manual Penetration Testing
Output
Searchable
Coverage
United States Veracode, Inc. Veracode Manual Testing SAST, DAST, Manual Penetration Testing
Output
Searchable
Coverage
United States Veracode, Inc. Veracode Static Analysis SAST, DAST, Manual Penetration Testing
Output
Searchable
Coverage
United States WebLayers, Inc. WebLayers Center Security Policy Library Software Development Lifecycle (SDLC) Governance
Output
Searchable
Coverage
Page Last Updated: June 03, 2024