Common Weakness Enumeration is a software community project that aims at creating a catalog of software weaknesses and vulnerabilities. The goal of the project is to better understand flaws in software and to create automated tools that can be used to identify, fix, and prevent those flaws. The project is sponsored by the National Cybersecurity FFRDC, which is owned by The MITRE Corporation.
Common Weakness Enumeration (CWE) Compatibility program allows a service or a product to be reviewed and registered as officially "CWE-Compatible" and "CWE-Effective". The program assists organizations in selecting the right software tools and learning about possible weaknesses and their possible impact.
In order to obtain CWE Compatible status a product or a service must meet 4 out of 6 requirements, shown below:
There are eleven organizations that develop and maintain products and services that achieved CWE Compatible status:
Synopsys, Inc (previously Coverity) (Declared: September, 2009) Coverity
Fasoo (Declared: May, 2013)
Sparrow
CXSecurity (Declared: January 3, 2012)
World Laboratory of Bugtraq (WLB) 2
GrammaTech, Inc. (Declared: March 13, 2007)
CodeSonar
High-Tech Bridge SA (August 20, 2012)
High-Tech Bridge Security Advisories
ImmuniWeb
IBM Security Systems (Declared: July 10, 2012)
IBM Security AppScan Standard
Klocwork, Inc. (Declared: February 5, 2007)
Klocwork Insight
Hewlett-Packard (February 5, 2007)
HP Assessment Management Platform (ASP)
HP DevInspect
HP Fortify On Demand
HP Fortify Real-Time Analyzer
HP Fortify Software Security Center
HP Fortify Static Code Analyzer
HP QAInspect
HP SaaS for ASC
HP WebInspect
National Institute of Standards and Technology (NIST) (Declared: March 2, 2012)
Software Assurance Reference Dataset (SARD)
Security-Database (Declared: May 5, 2008)
Security-Database Web Services
Veracode, Inc. (Declared: February 5, 2007)
Veracode Analytics