CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities

New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > Compatibility > Organizations Participating  
ID

Organizations Participating

NOTICE: As of 4/16/2024, the CWE Compatibility Program has been discontinued. The product listings included in this section have been moved to "archive" status.

MOVING FORWARD: Please follow these CWE Compatibility Requirements to consider your product or service "CWE Compatible."

Archived:

TOTALS
Organizations Participating: 87
Products & Services: 148

All organizations participating in the CWE Compatibility Program are listed below.

Products are listed alphabetically by organization name:

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
AbsInt Angewandte Informatik GmbH Date Declared: Aug 18, 2018

Web Site:

Quote/Declaration: Astrée is a sound static analyzer capable of proving the absence of runtime errors and other programming defects in C code as well as verifying the code's compliance to coding guidelines. We are pleased to support the efforts of MITRE by adding CWE as a coding guideline that can be automatically checked and verified by Astrée.

Name: Astrée
Type: Static Analysis Tool and Coding Rules Checker  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Oct 5, 2018
AdaCore Date Declared: Aug 20, 2015

Web Site:

Quote/Declaration: AdaCore has decades of experience providing tools and services to customers in industries with the most demanding requirements for software safety, security and reliability. AdaCore technologies, such as SPARK Pro and CodePeer generate verifiable evidence that the job is done right, beyond the usual "tested it lots". The Ada programming language has always placed an emphasis on software quality and security by its very design. Our approach takes that further, with the most advanced compilers and verification tools on the market. Through the Ada language and AdaCore tools, a number of the most dangerous SANS Top 25 CWE can be detected and corrected early in the software development cycle before they become active vulnerabilities.

Name: CodePeer
Type: Automated Code Review and Validation Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: SPARK Pro
Type: Product  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Oct 9, 2018
Ambionics Security Date Declared: May 17, 2017

Web Site:

Name: Ambionics Security
Type: Security Service  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Jun 12, 2018
Anban Information Technology Co., Ltd Date Declared: April 30, 2024

Web Site:

Name: Yishi Firmware Supply Chain Security Management System
Type: TOOL  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Jun 3, 2024
Anhui USTC-Guochuang High-Confidence Software Co.,Ltd Date Declared: September 6, 2022

Web Site:

Name: USTCHCS high confidence software analysis tool suite
Type: Static Analysis Tool and Coding Rules Checker  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Oct 20, 2022
Apple, Inc. Date Declared: September 10, 2009

Web Site:

Name: Secure Development Lifecycle
Type: Secure Development Lifecycle    
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: No
  Last Updated: Jun 11, 2018
Armorize Technologies, Inc. Date Declared: March 09, 2007

Web Site:

Quote/Declaration: Armorize appreciates the CWE initiative in assisting organizations in their evaluation of automated static analysis tools and is pleased to support this industry standard naming scheme for all Armorize Technologies' products and services to best served our customers.

Name: CodeSecure Enterprise
Type: Web Application Source Code Analysis Tool    
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Name: CodeSecure Verifier
Type: Web Application Source Code Analysis Suite    
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Name: CodeSecure Workbench
Type: Web Application Source Code Analysis Tool    
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
 
Astyran Pte Ltd. Date Declared: August 10, 2011

Web Site:

Quote/Declaration: Astyran uses CWE in all of its vulnerability assessment reports and code or design review reports in order to have a common language and industry standard classification to discuss issues found with stakeholders.

Name: Secure Code Review
Type: Secure Code Review    
CWE Coverage: Planned
CWE Output: Yes
CWE Searchable: Yes
Name: Secure Design Review
Type: Secure Design Review    
CWE Coverage: Planned
CWE Output: Yes
CWE Searchable: Yes
Name: Web Application Vulnerability Assessment
Type: Application Vulnerability Assessment    
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
 
Beijing Anpro Information Technology Co. LTD Date Declared: September 30, 2020

Web Site:

Name: Xcheck OSS threat management platform
Type: Assessment and Remediation Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: Xcheck Software Composition Analysis Platform
Type: Assessment and Remediation Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: Xfuse ASOC Agile Security Platform
Type: Software Development Practices  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: Xfuse CARTA SDLC Empower ment Platform
Type: Software Development Practices  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: Xmaze AI Pen-Testing Extension
Type: Assessment and Remediation Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: Xmaze Breach and Attack Simulation Platform
Type: Assessment and Remediation Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: Xmaze IAST security testing platform
Type: Assessment and Remediation Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: Xmaze Static Application Security Testing Platform
Type: Assessment and Remediation Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: Xmaze Threat Modeling Automation Platform
Type: Assessment and Remediation Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: Xshark RASP Self-Adaptive Threat Immunity Platform
Type: Application-Level Firewall  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Dec 4, 2023
Beijing Beida Software Engineering Development Co., Ltd. Date Declared: November 11, 2015

Web Site:

Quote/Declaration: COBOT focuses on detecting more and more bugs with high accuracy. The foundation of designing a good static analysis tool is defect patterns. Therefore COBOT is pleased to support the efforts of MITRE to establish the CWE standard by ensuring CWE Compatibility for the development of our product.

Name: COBOT
Type: Program Static Analysis Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: COBOT-SCA
Type: Software Composition And Vulnerability Analysis  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Apr 19, 2022
Beijing Moyunsec Technology Co.,Ltd Date Declared: February 28, 2022

Web Site:

Name: VackScan
Type: Vulnerability scanning  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: Vackbot
Type: CART (Continuous Automated Red Teaming) + BAS (Breach and Attack Simulation)  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Mar 6, 2023
Beijing RedRocket Technology Co., Ltd Date Declared: September 22, 2021

Web Site:

Quote/Declaration: CWE is a famous general security vulnerability dictionary in the field of security. "CWE compatibility" is one of the important symbols of software security products. We hope to make our own contribution in the field of code security. In addition, if we successfully apply for CWE compatibility and effectiveness, our products will be favored by more users.

Name: RedRocket SAST
Type: Static Analysis Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: RedRocket SCA
Type: Software Composition Analysis Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Oct 8, 2021
Beijing Vulinsight Technology Co., Ltd Date Declared: March 18, 2024

Web Site:

Name: Vulinsight supply chain risk intelligence platform
Type: Vulnerability knowledge base system  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Apr 16, 2024
Beijing ZHONGKE TIANQI Information Technology Co.,Ltd. Date Declared: October 9, 2021

Web Site:

Name: WuKong SAST
Type: SAST(Static Application Security Testing)  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Mar 1, 2022
CAST Date Declared: September 17, 2009

Web Site:

Quote/Declaration: CAST's mission for 18 years has been to enable IT organizations to manage non-functional software risk, quality and measurement issues for better business outcomes. CAST has always believed in an industry-led, standards-based approach to ensure proper coverage. Along with ISO, SEI and de facto quality & measurement standards, CAST views CWE as an important new contribution to the canon that can be brought to bear on business issues.

Name: CAST Application Intelligence Platform
Type: Automated Application Assessment Platform  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Dec 1, 2015
Cenzic, Inc. Date Declared: August 27, 2008

Web Site:

Quote/Declaration: Cenzic delivers a suite of software applications and services that will discover true web security vulnerabilities. Mapping these vulnerabilities to the CWE standard will provide additional vulnerability details and enable our customers to prioritize their remediation activities and meet compliance requirements.

Name: Cenzic Hailstorm Enterprise ARC
Type: Web Application Security Risk Management Platform    
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Name: Cenzic Hailstorm Professional
Type: Web Application Penetration Testing and Vulnerability Management System    
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
 
CERIAS/Purdue University Date Declared: February 20, 2007

Web Site:

Quote/Declaration: The exhaustiveness and organization of the CWE coverage is attractive both as an educational tool, and to make sure that students are exposed to secure programming issues in a systematic way that is representative of the most frequent and important problems. I have started revising the secure programming slides with CWE content, and expect to be done midway through Fall 2007.

Name: Secure programming class, CS390S
Type: Secure Programming Class and Publicly Available Teaching Materials    
CWE Coverage: Planned
CWE Output: Yes
CWE Searchable: Yes
 
Checkmarx Date Declared: March 19, 2008

Web Site:

Quote/Declaration: Checkmarx is an enthusiastic supporter of CWE standards and best practices. The combination of Checkmarx new generation Static Analysis Security Testing technology for all major coding languages including mobile (Android/iOS) and localization to various languages, together with CWE's industry leading standards, provides the programming community a more secure and vulnerability free environment. Exposing CWE's standards to our rapidly growing customer base, both in the U.S. and the rest of the world, has proven to be effective in identifying vulnerabilities and contributing to a more secure cyber world.

Name: Checkmarx Static application security testing (SAST)
Type: Static application security testing engine - available both as an on-premises application or in the cloud as part of the Checkmarx One application security suite.  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: CxCloud
Type: Static Code Analysis On Demand    
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Name: CxEnteprise
Type: Static Code Analysis On Premise    
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Name: CxSuite
Type: Static Application Security Testing/Application Security Code Review    
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
  Last Updated: Mar 15, 2023
Cigital, Inc. Date Declared: February 05, 2007

Web Site:

Name: Architectural and Design Risk Management
Type: Software Security Architecture and Design Risk Assessment and Management    
CWE Coverage: Planned
CWE Output: Yes
CWE Searchable: Yes
Name: Secure Code Review with Automated Tools
Type: Security Code Assessment    
CWE Coverage: Planned
CWE Output: Yes
CWE Searchable: Yes
Name: Security Training and Awareness (various courses)
Type: Software Security Training and Awareness Courses    
CWE Coverage: Planned
CWE Output: Yes
CWE Searchable: Yes
 
Code Dx, Inc. Date Declared: November 9, 2015

Web Site:

Quote/Declaration: Code Dx is a software vulnerability management system that brings together a variety of code analysis tools to help you find and fix potential vulnerabilities in the code you write, in the languages you use, and at a low cost. It saves users significant time in software testing and reporting by automatically correlating the results from static, dynamic, third-party component analysis, and manual analysis, removing duplicate results and providing a centralized view of all your security testing activities. CWE plays a critical role in enabling this correlation of disparate tools. With Code Dx's visual analytics interface users can rapidly view, triage and prioritize results for remediation and integration into SDLC tools such as IDEs, continuous integration environments, and issue tracking systems.

Name: Code Dx Enterprise Edition
Type: Software Vulnerability Assessment Tool    
CWE Coverage: Planned
CWE Output: Yes
CWE Searchable: Yes
Name: Code Dx Standard Edition
Type: Software Vulnerability Assessment Tool    
CWE Coverage: Planned
CWE Output: Yes
CWE Searchable: Yes
  Last Updated: Nov 18, 2015
CodeForce(Beijing)Software Technology Co., Ltd Date Declared: February 21, 2022

Web Site:

Name: ZBG-SAST
Type: Static Application Security Testing  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: ZBG-SCA
Type: Software Composition Analysis  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Mar 1, 2022
Codenomicon Ltd. Date Declared: Feb 15 2014

Web Site:

Quote/Declaration: DEFENSICS X is a fuzzing solution that tests devices and services for implementation level vulnerabilities. CWE categorization is used as a part of root cause analysis that helps end user to understand the potential impacts and the nature of discovered vulnerabilities.

Name: DEFENSICS X
Type: Fuzz Testing Tool with Integrated Capability to Report CWE Identifiers and Descriptions for Found Vulnerabilities    
CWE Coverage: Planned
CWE Output: Yes
CWE Searchable: Yes
  Last Updated: Mar 14, 2014
Conviso Application Security Date Declared: April 12, 2013

Web Site:

Quote/Declaration: Because just finding bugs isn't enough!

Name: Conviso Security Compliance (CSC)
Type: Vulnerability Identification and Management  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Sep 5, 2013
CppCheck Development Team

Web Site:

Quote/Declaration: Cppcheck - A tool for static C/C++ code analysis. The tool can detect more than 300 weakness and all of them are mapped using the CWE dictionary.

Name: Cppcheck
Type: A tool for static C/C++ code analysis    
CWE Coverage: Planned
CWE Output: Yes
CWE Searchable: Yes
  Last Updated: Nov 16, 2018
Cr0security Date Declared: December 11, 2013

Web Site:

Quote/Declaration: Cr0security focuses on software application security and professional security services and supports the CWE standard.

— Yuda Prawira, COO and Founder, Cr0security
Name: Cr0security Certified Security Testing
Type: Professional Security Testing Certification  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: Cr0security Penetration Testing and Consultant Services
Type: Network Penetration Testing and Vulnerability Assessment Services  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Dec 11, 2013
CXSecurity Date Declared: January 3, 2012

Web Site:

Name: World Laboratory of Bugtraq (WLB) 2
Type: Vulnerability Database  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: cIFrex
Type: Free Security Research Tool    
CWE Coverage: Yes
CWE Documentation: Yes
CWE Output: Yes
CWE Searchable: Yes
 
Cybellum Date Declared: June 18, 2023

Web Site:

Quote/Declaration: Empowering security for a hyper-connected world, we proactively manage cyber risk and compliance from design to operational use, keeping our products and customers secure today and into the future.

Name:
Type:    
Name: Cybellum Product Security Platform
Type: Engine that can detect violation of CWEs in dinary files, on the assembly level.  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Sep 13, 2023
David A. Wheeler Date Declared: Jul 25, 2014

Web Site:

Name: Flawfinder
Type: Assessment Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Jul 25, 2014
Denim Group, Ltd Date Declared: March 12, 2013

Web Site:

Quote/Declaration: ThreadFix is a software vulnerability aggregation and management solution that imports results from static, dynamic, and manual software security testing tools, providing a centralized view of defects across development projects. CWE is an important and valuable initiative that will help ThreadFix users better understand the security posture of their code.

Name: ThreadFix
Type: Open Source Vulnerability Management Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
 
DerSecur Ltd. Date Declared: June 7, 2022

Web Site:

Quote/Declaration: DerSecur provides system integration, software development and cybersecurity solutions & services by focusing on client’s current needs and long-term strategy. DerSecur has a team of professionals, located in offices around the world. Our long-term partner relationships with industry leaders cover B2B solutions and IT infrastructure.

Name: DerScanner
Type: SAST tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Jul 18, 2022
EC-Council Date Declared: July 17, 2011

Web Site:

Quote/Declaration: EC-Council delivers a secure software coding course that will help individuals discover and plug serious web security vulnerabilities. Mapping these vulnerabilities to the CWE standard will provide additional vulnerability details and enable our customers to prioritize their remediation activities and meet compliance requirements. Through this initiative, users can search vulnerability information by CWE-ID and software type. Developers can utilize CWE as a means to understand and prevent vulnerabilities.

Name: EC-Council Certified Secure Programmer
Type: Secure Programmer Certification Program    
CWE Coverage: No
CWE Output: Planned
CWE Searchable: Planned
  Last Updated: Apr 29, 2020
EMC Corporation and RSA (The Security Division of EMC) Date Declared: April 19, 2009

Web Site:

Quote/Declaration: As part of the EMC Security Development Lifecycle (SDL), CWE provides us with a common framework for linking our internal practices for securing our products with other industry initiatives and standards and to leverage the work done by other members of the security industry.

Name: EMC Product Security Policy (PSP)
Type: Enterprise Policy for Secure Product Development    
CWE Coverage: No
CWE Output: Yes
CWE Searchable: Yes
Name: EMC Security Development Lifecycle (SDL)
Type: Enterprise Secure Development Lifecycle    
CWE Coverage: No
CWE Output: Yes
CWE Searchable: Yes
Name: EMC Vulnerability Response Policy (VRP)
Type: Enterprise Response Policy for Product Vulnerabilities    
CWE Coverage: No
CWE Output: Yes
CWE Searchable: Yes
  Last Updated: Feb 25, 2014
Evenstar Date Declared: January 15, 2016

Web Site:

Quote/Declaration: Our company offers the most up-to-date information on security and secure coding to customers, The CWE list of standardized software vulnerabilities is to be consulted when developing software for providing security and quality enhancement.

Name: BigLook
Type: Code verification tool for ensuring source code compliance with domestic and international code seucrity guidelines.  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Apr 28, 2020
GrammaTech, Inc. Date Declared: March 13, 2007

Web Site:

Quote/Declaration: GrammaTech's CodeSonar is a static analysis tool for finding programming flaws and security vulnerabilities in C/C++ code. CWE is an important and valuable initiative that will help CodeSonar users understand the state of their code more effectively. GrammaTech is pleased to participate in this effort.

Name: CodeSonar
Type: Static Analysis Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
 
GTONE Co., Ltd. Date Declared: Aug 20, 2015

Web Site:

Name: SecurityPrism
Type: Semantic Based Static Application Security Testing Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Aug 26, 2015
GYSecurity Technology Co., Ltd Date Declared: January 11, 2024

Web Site:

Name: Swift Fuzzer Testing Tool
Type: Assessment and Remediation Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Jan 22, 2024
Hangzhou Huawei Cloud Computing Technologies Co., Ltd Date Declared: August 23, 2022

Web Site:

Name: Code Check
Type: CodeCheck/Code static analysis/ SAST(Static Application Security Testing)  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: CodeArts Check
Type: CodeArts Check/Code static analysis/SAST(Static Application Security Testing)  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Nov 15, 2023
High-Tech Bridge SA Date Declared: August 20, 2012

Web Site:

Quote/Declaration: At High-Tech Bridge we strongly believe that CWE information security standard makes security measurable and universal, from which customers, vendors and security researchers benefit. We are grateful to the efforts of MITRE Corporation for continuous CWE standard development and support.

Name: High-Tech Bridge Security Advisories
Type: Database/Knowledge Repository Based upon High-Tech Bridge's Proprietary Research  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: ImmuniWeb
Type: SaaS Web Application Vulnerability Assessment Service  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Jun 11, 2013
IBM Rational Date Declared: February 05, 2007

Web Site:

Name: Rational AppScan Tester Edition
Type: Development-Time Web Application Security Testing Tool    
CWE Coverage: Planned
CWE Output: Planned
CWE Searchable: Planned
 
IBM Security Systems Date Declared: July 10, 2012

Web Site:

Quote/Declaration: IBM actively promotes, supports, and contributes to the emerging open systems standards such as CVE that enable technology management software in the IBM Security portfolio of intrusion detection, vulnerability assessment, end point management, and security management components to inter-operate and share management information. We know that open system standards are a critical step in this direction. We support CVE as the first and the most complete naming convention for vulnerability mapping in the industry and we are committed to using CVE within our product in a tightly integrated fashion.

Name: IBM Security AppScan Enterprise
Type: Enterprise Web Application Security Assessment Tool    
CWE Coverage: Planned
CWE Output: Planned
CWE Searchable: Planned
Name: IBM Security AppScan Source
Type: Source Code Testing Tool    
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Name: IBM Security AppScan Standard
Type: Web Application Security Assessment Scanner  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Feb 25, 2014
Imagix Corporation Date Declared: Jun 12, 2018

Web Site:

Quote/Declaration: Through use of Imagix 4D's source and dataflow analysis and visualization, the Imagix CWE Checklist specifically identifies and assesses over 200 CWE weaknesses. Particular focus is on weaknesses that can't be easily resolved through static analysis alone. This guided code review supports C and C++, generating an audit trail and supporting repeated reviews across software revisions.

Name: Imagix 4D, with Checklist for CWE
Type: Static Analysis and Change Review Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Apr 7, 2022
Information-technology Promotion Agency, Japan (IPA) Date Declared: October 3, 2008

Web Site:

Quote/Declaration: IPA is including CWE vulnerability type information in JVN iPedia to enhance the quality of JVN iPedia and to strengthen international collaboration. Users can search vulnerability information by CWE-ID and software type. Developers can utilize CWE as a means to understand and prevent vulnerabilities.

Name: JVN iPedia
Type: Vulnerability Countermeasure Information Database    
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Name: MyJVN
Type: Filtered Vulnerability Countermeasure Information Tool    
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
  Last Updated: Mar 3, 2014
IriusRisk Date Declared: July 31, 2020

Web Site:

Quote/Declaration: Iriusrisk is a threat modeling tool with architectural diagramming capabilities and an adaptive questionnaire driven by an expert system which guides the user through straight forward questions about the technical architecture, the planned features and security context of the application. The questionnaire modifies itself in real-time based on the supplied answers. As it learns more about the architecture, it asks more specific questions in order to accurately identify the inherent risks. This questionnaire is 100% editable through our graphical rules editor, so that you can customise the questions to your environment and common architectures.

Name: IriusRisk
Type: SaaS Enterprise Threat Modeling platform  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Sep 4, 2020
ISC2 The International Information Systems Security Certification Consortium Date Declared: September 8, 2009

Web Site:

Quote/Declaration: (ISC)2® created the Certified Secure Software Lifecycle Professional (CSSLPCM) education and certification program with the assistance of individuals from organizations including The Department of Homeland Security, Microsoft, Cisco, Xerox, and Symantec. The CSSLP Education and Certification program assists organizations in building security initiatives throughout the software development lifecycle and establishes a baseline of competency for individuals and organizations committed to reducing application vulnerability much like CWE.

Name: Certification of Software Lifecycle Personnel
Type: Professional Certification    
CWE Coverage: Planned
CWE Output: Yes
CWE Searchable: Planned
 
Julia S.R.L.

Web Site:

Quote/Declaration: Julia is a sound semantic static analyzer of Java bytecode. We consider CWE standard as the lingua franca to communicate what capabilities our tool offers, to measure what it covers, and to compare our results with the ones of our competitors.

Name: Julia
Type: Static Program Analysis Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Feb 8, 2017
KDM Analytics Date Declared: September 17, 2009

Web Site:

Quote/Declaration: KDM Analytics supports and uses CWE because it makes perfect sense to have vulnerability/weakness reporting standard.

Name: Software Assurance Assessment
Type: Software Assurance Assessment Service    
CWE Coverage: Planned
CWE Output: Yes
CWE Searchable: Yes
Name: Tool Output Integration Framework (TOIF)
Type: Open Source Vulnerability Detection Platform    
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
  Last Updated: May 7, 2013
Kiuwan Software S.L Date Declared: February 17, 2017

Web Site:

Quote/Declaration: Enterprise Software Analytics platform. Based on static code analysis, Kiuwan gathers evidence from application source code to exploit them in a cloud (SaaS) platform at all levels to drive ALM decisions based on objective information. Application security is a key aspect to measure and control to avoid associated risk. Kiuwan provides not only high level indicators of application security, but all the detailed information of the found vulnerabilities with a clear mapping to CWE weaknesses, so stakeholders in the application development life cycle can take the appropriate action to mitigate vulnerabilities and associated risk.

Name: Kiuwan Application Security platform
Type: SaaS Enterprise Software Analytics Platform - Local Static Code Analysis with Emphasis on Security  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Jun 13, 2018
Klocwork, Inc. Date Declared: February 05, 2007

Web Site:

Quote/Declaration: We see CWE as an important collaboration between academia, government, and industry to help mainstream the principles of secure coding. Klocwork is pleased to contribute to this initiative and have made our source code analysis tools compliant with the second level of the CWE Compatibility Program.

Name: Klocwork Insight
Type: Assessment and Remediation Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
 
LDRA Date Declared: September 16, 2009

Web Site:

Quote/Declaration: LDRA has been a valuable contributor to the software security industry and its standardization process. The next step in this endeavor is establishing CWE compatibility and effectiveness as a top priority for the LDRA Tool Suite.

Name: LDRA Testbed
Type: Static and Dynamic Software Analysis Tool Suite  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: LDRArules
Type: Static Analysis Tool and Coding Rules Checker  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: TBvision
Type: Static Analysis Tool and Coding Rules Checker  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Apr 28, 2020
Lucent Sky Corporation Date Declared: November 30, 2015

Web Site:

Name: Lucent Sky Application Vulnerability Mitigation (AVM)
Type: Application Vulnerability Mitigation  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Dec 6, 2015
MathWorks, Inc. Date Declared: January 15, 2014

Web Site:

Quote/Declaration: MathWorks has a long commitment to help its users creating more reliable software. The MITRE initiative to establish a classification of software weaknesses is in line with our support of developing reliable and high quality software. We are pleased to support the CWE Compatibility Program with our Polyspace code verification products.

Name: Polyspace Bug Finder
Type: Static Analysis Tool and Coding Rules Checker  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Aug 26, 2015
Micro Focus Fortify Date Declared: February 05, 2007

Web Site:

Quote/Declaration: Micro Focus Fortify recognizes the importance of establishing industry standard terminology and classification with regard to weaknesses in software and is pleased to support the efforts of MITRE to establish the CWE standard by ensuring CWE compatibility for all Micro Focus Application Security Center products and services.

— Scott Johnson, GM, Micro Focus Fortify
Name: Micro Focus Application Defender
Type: Real-Time Detection and Prevention of Attacks  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: Micro Focus Fortify On Demand
Type: Static and Dynamic Analysis and Results Reporting Service  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: Micro Focus Software Security Center
Type: Results Reporting  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: Micro Focus Static Code Analyzer
Type: Static Analysis and Results Reporting  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: Micro Focus WebInspect
Type: Dynamic Analysis Web Application Security Assessment Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Mar 27, 2020
Naive Systems Ltd. Date Declared: November 8, 2023

Web Site:

Name: NaiveSystems Analyze
Type: Static Analysis Tool and Coding Rules Checker  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Dec 4, 2023
National Institute of Standards and Technology (NIST) Date Declared: March 2, 2012

Web Site:

Quote/Declaration: The purpose of the Software Assurance Reference Dataset (SARD) is to provide a public repository of test cases to measure the accuracy and breadth of software assurance tools; to improve tools and techniques; and to increase adoption and use of software tools, higher quality software. The CWE compatibility and effectiveness will enhance the usability of SRD among software assurance tools and users.

Name: Software Assurance Reference Dataset (SARD)
Type: Web-based Software Security Assurance Application  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: May 8, 2014
NETpeas, SA Date Declared: January 19, 2012

Web Site:

Quote/Declaration: COREvidence initiates, correlates, and aggregates different results from multi-engines and APIs Vulnerability and malware scanners providing dashboards and deliverable with relevant CWE information combined with other open standards. COREvidence is also able to tag vulnerability with The CWE/SANS Top 25 Most Dangerous Software Errors.

Name: COREvidence
Type: Cloud-Based, Multi-Engines Vulnerability Management Service    
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Planned
 
OOO "Program Verification Systems" (Co Ltd) Date Declared: Aug 18, 2018

Web Site:

Quote/Declaration: PVS-Studio is a tool for detecting bugs and security weaknesses in the source code of programs, written in C, C++, and C#. It works in Windows, Linux, and macOS environments. To help its users focus on potential security-related issues, PVS-Studio provides a mapping of its C++ and C# diagnostic rules to CWE (Common Weakness Enumeration) and SEI CERT Secure Coding standard.

Name: PVS-Studio C/C++/C# static code analyzer
Type: Static code analyzer    
CWE Coverage: Planned
CWE Output: Yes
CWE Searchable: Yes
  Last Updated: Oct 5, 2018
Open Web Application Security Project (OWASP) Date Declared: March 12, 2014

Web Site:

Name: Zed Attack Proxy (ZAP)
Type: Integrated Penetration Testing Tool for Finding Vulnerabilities in Web Applications    
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Planned
  Last Updated: Mar 12, 2014
Oversecured Inc Date Declared: September 23, 2020

Web Site:

Quote/Declaration: A static SaaS-based vulnerability scanner for Android apps (APK files), supports apps written on Java and Kotlin. Allows integrations into DevOps processes. Contains 90+ vulnerability categories.

Name: Oversecured
Type: A SaaS-based mobile app vulnerability scanner  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Nov 19, 2020
Parasoft Corporation Date Declared: September 14, 2009

Web Site:

Quote/Declaration: Parasoft enables development teams to build security into their applications by facilitating code-hardening practices based on accepted industry standards.

Name: C/C++test
Type: Static Code Analysis  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: Jtest
Type: Static Code Analysis  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: dotTEST
Type: Static Code Analysis  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Jun 12, 2018
Programming Research, Inc. Date Declared: September 17, 2009

Web Site:

Quote/Declaration: PRQA is the leader in automated coding standards enforcement and defect prevention in C and C++ source code. Our support of CWE enhances our ability to close security vulnerabilities. We are committed to the safety and security of our client's source pools by supporting CWE on an ongoing basis.

Name: QA*C - CWE Compliance Module for C Programming Language
Type: Static Analysis of C code with advanced Data-flow/Control-flow/Cross-project and Multilanguage capabilities  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: QA*CPP - CWE Compliance Module for C++ Programming Language
Type: Source Code Static Analysis Product Suite    
CWE Coverage: Planned
CWE Output: Planned
CWE Searchable: Planned
  Last Updated: Nov 30, 2016
QI-ANXIN Technology Group Inc. Date Declared: December 29, 2022

Web Site:

Name: QI-ANXIN Codesafe
Type: Assessment Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: QI-ANXIN OSS Security
Type: Assessment Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Feb 8, 2023
Red Hat, Inc. Date Declared: February 8, 2012

Web Site:

Quote/Declaration: Red Hat is engaged in CWE Compatibility for providing a common language for discussing, identifying, and dealing with the causes of vulnerabilities in its products as part of its assessment services, knowledge repositories, software development practices, and education offerings.

Name: Red Hat Customer Portal
Type: Customer Assessment Service  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: October 24, 2012
SANS Institute Date Declared: July 02, 2007

Web Site:

Quote/Declaration: Working closely with CWE will help SANS ensure that questions for the Secure Programming Exams will have the broadest coverage for each language, at a level of detail that is appropriate for programmers. By monitoring additions to CWE, we will be able to stay up-to-date with the most recently discovered types of weaknesses, along with real-world CVE examples that show how these issues can manifest themselves. By using CWE identifiers, we can avoid the ambiguity in terminology that still exists, giving clear guidance to programmers about the mistakes that they must know how to avoid.

Name: Secure Programming Exams/Assessments
Type: Professional Secure Programming Examination    
CWE Coverage: Planned
CWE Output: Planned
CWE Searchable: Planned
 
School of Software, Tsinghua University Date Declared: Jun 12, 2018

Web Site:

Name: Tsmart Static Analyzer
Type: Static Analysis Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Jun 12, 2018
SD Elements Date Declared: March 22, 2012

Web Site:

Quote/Declaration: SDElements uses CWE to identify potential problems and correlate the requirements and security audits. SDElements is CWE-searchable, CWE-friendly, and intends to use the CWE traits as a standard to be able to integrate and work with other security product such as static analysis tools.

— Ehsan Foroughi, Director of Research
Name: SDElements
Type: Secure Application Lifecycle Management (SALM) Tool    
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
 
Security Reviewer Date Declared: September 22, 2021

Web Site:

Quote/Declaration: To ensure accurate risk severity, Security Reviewer Suite correlates the results from across its multiple analyzers (SAST, DAST, IAST, Software Composition Analysis and Firmware Analysis). This provides an accurate picture of your Application's security and ensures development is addressing the most significant issues first.

Name: Static Reviewer
Type: Static Application Security Testing (SAST)- Security, Dead Code & Best Practices  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Oct 6, 2021
Security-Database Date Declared: May 5, 2008

Web Site:

Quote/Declaration: CWE is great effort to empower organizations to better identify and eliminate programming flaws. Security-Database is pleased to support this initiative by supplying CWE information along with vulnerability information. We are also planning to ensure CWE compatibility with our next vulnerability management software.

Name: Security-Database Web Services
Type: Web Services  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Mar 3, 2014
SecurityReason Date Declared: October 13, 2008

Web Site:

Quote/Declaration: Mapping vulnerabilities in SecurityAlert Database to the CWE standard will provide additional vulnerability details and give our costumers industry standard terminology and classification. We are pleased to support the CWE Initiative.

Name: SecurityAlert
Type: Web Application Security Risk Management Platform    
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
 
SecZone Date Declared: January 27, 2022

Web Site:

Name: CodeSec
Type: Statically Apply Security Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: SFuzz
Type: SFuzz  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: SourceCheck
Type: Open Source Component Security and Compliance Management Platform  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: VulHunter
Type: Interactive Application Security Testing Platform  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Sep 13, 2023
Shanghai Feiyu Technology Co.,Ltd. Date Declared: August 12, 2022

Web Site:

Name: Corax
Type: Static Application Security Testing  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Sep 1, 2022
Shenzhen Secidea Network Security Technology Co., Ltd Date Declared: January 13, 2022

Web Site:

Quote/Declaration: Secidea is an application security company that focuses on making tools and platforms to help developers procedure high quality software. Making our products compatible with CWE standard provides great benefits to the users of our products.

Name: Secidea SCAP2000
Type: Static Application Security Testing  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Mar 1, 2022
SkillBridge, LLC Date Declared: January 11, 2008

Web Site:

Quote/Declaration: SkillBridge is pursuing CWE compatibility for its Secure Programming training offerings to better incorporate industry standards and best practices into the solutions we provide to our client base.

Name: Secure Application Development Training Courses
Type: Instructor Led Training    
CWE Coverage: Planned
CWE Output: Planned
CWE Searchable: Planned
 
SofCheck Inc. Date Declared: March 02, 2007

Web Site:

Quote/Declaration: SofCheck Inspector is a new Static Analysis and fault detection Tool. It uses static control-flow, data-flow, and possible-value-set propagation techniques to identify places where run-time errors could occur. Since 50%+ of all Vulnerabilities instances result from errors in the application code this automated software quality technique allows vulnerabilities to be identified and eliminated very early in the software life cycle.

Name: SofCheck Inspector for Ada
Type: Static Analysis and Fault Detection Tool    
CWE Coverage: Planned
CWE Output: Planned
CWE Searchable: Yes
 
Soft4Soft Co., Ltd. Date Declared: January 3, 2016

Web Site:

Name: RESORT Code Analysis
Type: Static Analysis Tool and Coding Rules Checker  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Apr 28, 2020
Software Security Date Declared: March 16, 2023

Web Site:

Quote/Declaration: SoftSec SCA is an open source software governance tool that provides open source software asset identification (SBOM), security risk analysis, license compliance detection, vulnerability alerts and open source software security management by leveraging multiple detection technologies, an autonomous controllable analysis engine and a powerful security gene library to help enterprises continuously reduce security, compliance and operational risks associated with open source software, and help enterprises build a secure software supply chain system.

Name: SoftSec SCA
Type: TOOL  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Jun 30, 2023
SonarSource SA Date Declared: Aug 20, 2015

Web Site:

Quote/Declaration: The SonarQube platform is an open source, multi-language, extensible tool for Continuous Inspection of code quality. In combination with the Java plugin, it offers full-featured code quality management for Java code. In combination with the C/C++ plugin, it offers full-featured code quality management for C and C++ code. In combination with the Objective-C plugin, it offers full-featured code quality management for Objective-C code.

Name: SonarQube platform with C/C++ plugin
Type: Continuous Inspection, Trending, and Code Quality Management Platform  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: SonarQube platform with Java plugin
Type: Continuous Inspection, Trending, and Code Quality Management Platform  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: SonarQube platform with Objective-C plugin
Type: Continuous Inspection, Trending, and Code Quality Management Platform  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Aug 30, 2015
Sparrow Co., Ltd. Date Declared: August 8, 2012

Web Site:

Quote/Declaration: SPARROW is a source code analysis tool that has both semantic and syntactic analysis engines. SPARROW detects runtime errors, security vulnerabilities, and coding convention violations in various programming languages (C/C++/Java/JSP/Android Java). SparrowFasoo.com is pleased to support the efforts of MITRE to establish the CWE standard by ensuring CWE Compatibility for our product.

Name: SPARROW
Type: Semantic-Based Static Program Analysis Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Jun 21, 2018
Suresoft Technologies Inc. Date Declared: November 17, 2015

Web Site:

Name: CodeScroll Code Inspector
Type: Code-Based Auto Inspection Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: CodeScroll SNIPER
Type: Static Code Analysis Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: CodeScroll STATIC
Type: Web-based Static Code Analysis Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Sep 19, 2019
Suzhou Lengjingqicai Information Technology Co.,Ltd Date Declared: September 6, 2022

Web Site:

Name: FOSSCheck
Type: Software Composition Analysis Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: FossEye
Type: Open source security and compliance governance Tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Oct 20, 2022
Symantec Corporation Date Declared: September 24, 2010

Web Site:

Quote/Declaration: CWE is the de facto common language used by all Symantec Product Security teams around the world to classify vulnerabilities and incidents. The use of CWE helps Symantec to: Decide where to invest resources Fine tune educational efforts to address company's needs Verify whether the current process is indeed proactively catching critical vulnerabilities Communicate findings effectively to different audiences.

Name: Symantec Product Security
Type: Symmunize (Symantec's Secure Development Lifecycle Process)    
CWE Coverage: No
CWE Output: Yes
CWE Searchable: Yes
 
Synopsys Inc. Date Declared: September 10, 2009

Web Site:

Quote/Declaration: Synopsys helps organizations build high-quality, secure software faster.

Name: Coverity
Type: Static Application Security Testing  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: Seeker Interactive Application Security Testing (IAST)
Type: Interactive Application Security Testing  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Sep 19, 2019
ToolsWatch Date Declared: Aug 20 2015

Web Site:

Quote/Declaration: ToolsWatch provides vFeed a fully aggregated, cross-linked and standardized Vulnerability Database based on CVE and industry standards such as CWE, OVAL, CAPEC, CPE, CVSS etc. So we strongly believe the importance of the standardization efforts driven by MITRE. Therefore, vFeed will definitely continue to support the CWE initiative and is pleased to ensure the CWE Compatibility for its vFeed Vulnerability Database Community and all derived products and services.

Name: vFeed API and Vulnerability Database Community
Type: Open Source Correlated and Cross-Linked Vulnerability XML Vulnerability Database  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Apr 28, 2020
TRINITYSOFT Co., Ltd Date Declared: March 26, 2024

Web Site:

Name: CODE-RAY
Type: Source Code Security weakness analysis tool  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Apr 16, 2024
ValiantSec Technology Co.,Ltd Date Declared: April 7, 2022

Web Site:

Name: BinSearch
Type: SCA  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: CodeAnt
Type: SCA and Development security  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: CodeSense
Type: SAST  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: UniSCA
Type: SCA and Development security  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Sep 13, 2023
Vector Informatik GmbH Date Declared: July 18, 2023

Web Site:

Quote/Declaration: We are in the process of adding support for CWE to the next release (2.1) of our product (PC-lint Plus) which we anticipate being available by the end of 2023.

Name: PC-lint Plus
Type: C/C++ Static Code Analysis  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Sep 13, 2023
Veracode, Inc. Date Declared: February 05, 2007

Web Site:

Quote/Declaration: We are pursuing CWE Compatibility because we believe in standards-based testing. It benefits the customer community and advances progress in application security when vendors adopt an industry standard. Doing so allows a common yardstick for measurement regardless of the product or service used and allows true comparisons and a common understanding of the problems affecting software applications.

Name: Veracode Analytics
Type: SAST, DAST, Manual Penetration Testing  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: Veracode Dynamic Analysis
Type: SAST, DAST, Manual Penetration Testing  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: Veracode Manual Testing
Type: SAST, DAST, Manual Penetration Testing  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
Name: Veracode Static Analysis
Type: SAST, DAST, Manual Penetration Testing  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Oct 10, 2013
WebLayers, Inc. Date Declared: May 3, 2012

Web Site:

Quote/Declaration: WebLayers Center Java Security Library consists of policies that map to the CWE standard and best practices. The policies provide a complete set of security specific coding guidelines targeted at the Java programming language.

Name: WebLayers Center Security Policy Library
Type: Software Development Lifecycle (SDLC) Governance  
CWE Coverage: Yes
CWE Output: Yes
CWE Searchable: Yes
Review Completed Questionnaire
  Last Updated: April 5, 2013
Page Last Updated: June 03, 2024