|
Common Weakness Enumeration is a software community project that aims at creating a catalog of software weaknesses and vulnerabilities. The goal of the project is to better understand flaws in software and to create automated tools that can be used to identify, fix, and prevent those flaws. The project is sponsored by Mitre Corporation. == CWE Compatibility == Common Weakness Enumeration (CWE) Compatibility program allows a service or a product to be reviewed and registered as officially "CWE-Compatible" and "CWE-Effective". The program assists organizations in selecting the right software tools and learning about possible weaknesses and their possible impact. In order to obtain CWE Compatible status a product or a service must meet 4 out of 6 requirements, shown below: There are ten organizations that develop and maintain products and services that achieved CWE Compatible status: * Fasoo (Declared: May, 2013) * * Sparrow * CXSecurity (Declared: January 3, 2012) * * World Laboratory of Bugtraq (WLB) 2 * GrammaTech, Inc. (Declared: March 13, 2007) * * CodeSonar * High-Tech Bridge SA (August 20, 2012) * * High-Tech Bridge Security Advisories * * ImmuniWeb * IBM Security Systems (Declared: July 10, 2012) * * IBM Security AppScan Standard * Klocwork, Inc. (Declared: February 5, 2007) * * Klocwork Insight * Hewlett-Packard (February 5, 2007) * * HP Assessment Management Platform (ASP) * * HP DevInspect * * HP Fortify On Demand * * HP Fortify Real-Time Analyzer * * HP Fortify Software Security Center * * HP Fortify Static Code Analyzer * * HP QAInspect * * HP SaaS for ASC * * HP WebInspect * National Institute of Standards and Technology (NIST) (Declared: March 2, 2012) * * (Software Assurance Reference Dataset ) (SARD) * Security-Database (Declared: May 5, 2008) * * Security-Database Web Services * Veracode, Inc. (Declared: February 5, 2007) * * Veracode Analytics 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Common Weakness Enumeration」の詳細全文を読む スポンサード リンク
|