CWE - Declarations to Be CWE-Compatible

NOTICE: As of 4/16/2024, the CWE Compatibility Program has been discontinued. The product listings included in this section have been moved to "archive" status.

MOVING FORWARD: Please follow these CWE Compatibility Requirements to consider your product or service "CWE Compatible."

Archived:

TOTALS
Organizations with Declarations: 29
Products & Services with Declarations: 44

The organizations listed below have declared their intent to make their information security product or services CWE-compatible.

You may also Make a Declaration for your product or service.

A product or service may be CWE-compatible with one or more of the following:

Declarations

Products are listed alphabetically by organization name under each status level: Available or Planned.

Available Status

Product (38)	Organization (23)	Type	Country (10)	Capability	Status
Architectural and Design Risk Management	Cigital, Inc.	Software Security Architecture and Design Risk Assessment and Management	United States	Output Searchable Coverage	Available Available Planned
Cenzic Hailstorm Enterprise ARC	Cenzic, Inc.	Web Application Security Risk Management Platform	United States	Output Searchable Coverage	Available Available Available
Cenzic Hailstorm Professional	Cenzic, Inc.	Web Application Penetration Testing and Vulnerability Management System	United States	Output Searchable Coverage	Available Available Available
Certification of Software Lifecycle Personnel	ISC2 The International Information Systems Security Certification Consortium	Professional Certification	United States	Output Searchable Coverage	Available Planned Planned
cIFrex	CXSecurity	Free Security Research Tool	Poland	Output Searchable Documentation Coverage	Available Available Available Available
Code Dx Enterprise Edition	Code Dx, Inc.	Software Vulnerability Assessment Tool	United States	Output Searchable Coverage	Available Available Planned
Code Dx Standard Edition	Code Dx, Inc.	Software Vulnerability Assessment Tool	United States	Output Searchable Coverage	Available Available Planned
CodeSecure Enterprise	Armorize Technologies, Inc.	Web Application Source Code Analysis Tool	United States	Output Searchable Coverage	Available Available Available
CodeSecure Verifier	Armorize Technologies, Inc.	Web Application Source Code Analysis Suite	United States	Output Searchable Coverage	Available Available Available
CodeSecure Workbench	Armorize Technologies, Inc.	Web Application Source Code Analysis Tool	United States	Output Searchable Coverage	Available Available Available
COREvidence	NETpeas, SA	Cloud-Based, Multi-Engines Vulnerability Management Service	France	Output Coverage Searchable	Available Available Planned
Cppcheck	CppCheck Development Team	A tool for static C/C++ code analysis	Ireland	Output Searchable Coverage	Available Available Planned
CxCloud	Checkmarx	Static Code Analysis On Demand	Israel	Output Searchable Coverage	Available Available Available
CxEnteprise	Checkmarx	Static Code Analysis On Premise	Israel	Output Searchable Coverage	Available Available Available
CxSuite	Checkmarx	Static Application Security Testing/Application Security Code Review	Israel	Output Searchable Coverage	Available Available Available
DEFENSICS X	Codenomicon Ltd.	Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities	Finland	Output Searchable Coverage	Available Available Planned
EMC Product Security Policy (PSP)	EMC Corporation and RSA (The Security Division of EMC)	Enterprise Policy for Secure Product Development	United States	Output Searchable Coverage	Available Available No
EMC Security Development Lifecycle (SDL)	EMC Corporation and RSA (The Security Division of EMC)	Enterprise Secure Development Lifecycle	United States	Output Searchable Coverage	Available Available No
EMC Vulnerability Response Policy (VRP)	EMC Corporation and RSA (The Security Division of EMC)	Enterprise Response Policy for Product Vulnerabilities	United States	Output Searchable Coverage	Available Available No
IBM Security AppScan Enterprise	IBM Security Systems	Enterprise Web Application Security Assessment Tool	United States	Output Searchable Coverage	Planned Planned Planned
IBM Security AppScan Source	IBM Security Systems	Source Code Testing Tool	United States	Output Searchable Coverage	Available Available Available
JVN iPedia	Information-technology Promotion Agency, Japan (IPA)	Vulnerability Countermeasure Information Database	Japan	Output Searchable Coverage	Available Available Available
MyJVN	Information-technology Promotion Agency, Japan (IPA)	Filtered Vulnerability Countermeasure Information Tool	Japan	Output Searchable Coverage	Available Available Available
PVS-Studio C/C++/C# static code analyzer	OOO "Program Verification Systems" (Co Ltd)	Static code analyzer	Russia	Output Searchable Coverage	Available Available Planned
SDElements	SD Elements	Secure Application Lifecycle Management (SALM) Tool	United States	Output Searchable Coverage	Available Available Available
Secure Code Review	Astyran Pte Ltd.	Secure Code Review	Singapore	Output Searchable Coverage	Available Available Planned
Secure Code Review with Automated Tools	Cigital, Inc.	Security Code Assessment	United States	Output Searchable Coverage	Available Available Planned
Secure Design Review	Astyran Pte Ltd.	Secure Design Review	Singapore	Output Searchable Coverage	Available Available Planned
Secure Development Lifecycle	Apple, Inc.	Secure Development Lifecycle	United States	Output Coverage Searchable	Available Available No
Secure programming class, CS390S	CERIAS/Purdue University	Secure Programming Class and Publicly Available Teaching Materials	United States	Output Searchable Coverage	Available Available Planned
Security Training and Awareness (various courses)	Cigital, Inc.	Software Security Training and Awareness Courses	United States	Output Searchable Coverage	Available Available Planned
SecurityAlert	SecurityReason	Web Application Security Risk Management Platform	Poland	Output Searchable Coverage	Available Available Available
SofCheck Inspector for Ada	SofCheck Inc.	Static Analysis and Fault Detection Tool	United States	Searchable Output Coverage	Available Planned Planned
Software Assurance Assessment	KDM Analytics	Software Assurance Assessment Service	United States	Output Searchable Coverage	Available Available Planned
Symantec Product Security	Symantec Corporation	Symmunize (Symantec's Secure Development Lifecycle Process)	United States	Output Searchable Coverage	Available Available No
Tool Output Integration Framework (TOIF)	KDM Analytics	Open Source Vulnerability Detection Platform	United States	Output Searchable Coverage	Available Available Available
Web Application Vulnerability Assessment	Astyran Pte Ltd.	Application Vulnerability Assessment	Singapore	Output Searchable Coverage	Available Available Available
Zed Attack Proxy (ZAP)	Open Web Application Security Project (OWASP)	Integrated Penetration Testing Tool for Finding Vulnerabilities in Web Applications	United Kingdom	Coverage Output Searchable	Available Available Planned

Planned Status

Product (5)	Organization (5)	Type	Country (1)	Capability	Status
EC-Council Certified Secure Programmer	EC-Council	Secure Programmer Certification Program	United States	Output Searchable Coverage	Planned Planned No
QA*CPP - CWE Compliance Module for C++ Programming Language	Programming Research, Inc.	Source Code Static Analysis Product Suite	United States	Output Searchable Coverage	Planned Planned Planned
Rational AppScan Tester Edition	IBM Rational	Development-Time Web Application Security Testing Tool	United States	Output Searchable Coverage	Planned Planned Planned
Secure Application Development Training Courses	SkillBridge, LLC	Instructor Led Training	United States	Output Searchable Coverage	Planned Planned Planned
Secure Programming Exams/Assessments	SANS Institute	Professional Secure Programming Examination	United States	Output Searchable Coverage	Planned Planned Planned


	Site Map \| Terms of Use \| Manage Cookies \| Cookie Notice \| Privacy Policy \| Contact Us \| Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2024, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

Common Weakness Enumeration

Declarations to Be CWE-Compatible

Archived:

Declarations

Available Status

Planned Status