|
Organizations Participating
All organizations participating in the Compatibility Program are listed below, including those with CVE-Compatible
Products and Services and those with Declarations
to Be CVE-Compatible.
Organizations are listed alphabetically:
A |
B |
C |
D |
E |
F |
G |
H |
I |
J |
K |
L |
M |
N |
O |
P |
Q |
R |
S |
T |
U |
V |
W |
X |
Y |
Z
Advanced Research CorporationQuote/Declaration: "SARA provides a monthly updated cross-reference CVE-SARA map that identifies CVE to SARA test correspondence, link to tutorial, and link to CVE reference data. In addition, all SARA reports contain relevant CVE names in the tutorials."
AdventNet, Inc.Quote/Declaration: "AdventNet is pleased to support CVE names in the vulnerability database of the SecureCentral product line, as part of our commitment to embracing industry standards." | Last Updated: February 19, 2008 |
|
Apple Computer, Inc.| Last Updated: January 10, 2007 |
|
Application Security, Inc.Quote/Declaration: "As a pioneer in application security, we have taken every possible step towards making AppDetective, our application penetration testing/vulnerability assessment product line, meet the CVE compatibility requirements. Application Security, Inc. sees CVE compatibility as a great value-added feature especially in this new area of research and development in vulnerability assessment solutions."
— Aaron Newman, CTO Application Security, Inc. | Name: AppRadar for DB2 | | | | Type: Database Intrusion Protection | Detection | Prevention | | CVE Output: Yes | | CVE Searchable: Yes |
| Name: AppRadar for Oracle | | | | Type: Database Intrusion Protection | Detection | Prevention | | CVE Output: Yes | | CVE Searchable: Yes |
| Name: AppRadar for Sybase | | | | Type: Database Intrusion Protection | Detection | Prevention | | CVE Output: Yes | | CVE Searchable: Yes |
| Last Updated: September 12, 2006 |
|
Archer TechnologiesQuote/Declaration: "Archer Technologies Enterprise Security Management is a knowledge management system for the collection, management and distribution of critical security content such as vulnerabilities, technical baselines, control standards and information security policies as they relate to specific risk that IT assets face within the enterprise. The Archer Technologies product suite strongly supports the CVE standard, which greatly assists in our integration with other security products and vendors. The CVE mapping enables our clients to intelligently analyze, cross reference and search vulnerabilities that affect their organization."
— Jon Darbyshire, CEO, Archer Technologies LLC | Last Updated: March 12, 2008 |
|
ArcSight, Inc.Quote/Declaration: "As a pioneer and leading provider of security management solutions for the enterprise ArcSight actively promotes and supports open systems standards such as CVE. ArcSight uses cross-device correlation to detect sophisticated multi-source, multi-target attacks while keying into the correct policies and procedures for response via the CVE names. It enables security experts and IT managers to cross-correlate information and references about different threats reported by disparate security products and solutions — a necessity to understand the real impact of vulnerabilities and attacks." | Last Updated: April 5, 2005 |
|
Assuria LimitedQuote/Declaration: "Assuria Auditor (Formerly ISS System Scanner) was previously certified as ISS System Scanner. Assuria have enhanced and added functionality and features around CVE reporting in the product." | Last Updated: February 19, 2008 |
|
Backbone Security.com, Inc.Quote/Declaration: "We aim to provide our customers with the best information available on how to protect their infrastructure. By integrating CVE into our product, we are providing up-to-date vulnerability information that can be used to enable a network administrator to defend their enterprise data and resources." | Name: One Stop PCI Scan | | | | Type: PCI Approved Scanning Service | | CVE Output: Yes | | CVE Searchable: Yes |
| Last Updated: May 23, 2007 |
|
Beijing Netpower Technologies Inc.Quote/Declaration: "Beijing Netpower Technologies Inc. is a leading network security products producer in China. We assure that Netpower Network Security Assessment System is fully compatible with CVE standards." | Last Updated: April 30, 2007 |
|
Beijing Topsec Co., Ltd.| Last Updated: April 30, 2007 |
|
Beijing Venus Information Security Technology, Inc.Quote/Declaration: "Venus Information Technology, Inc. aims to provide users a series of network security products along with our own independent intellectual property and complied with international standard, CVE. Beyond product, we can deliver customers life-cycle services including consulting, design, implementation, maintenance and training."
— Helen Wang | Last Updated: August 5, 2008 |
|
Beyond Security Ltd.Quote/Declaration: "Beyond Security Ltd.'s Automated Scanning provides users with a complete picture of the security of their organization by leveraging the huge SecuriTeam.com knowledgebase. As such, we see high importance for the CVE naming scheme, which provides a global independent reference for known security vulnerabilities." | Last Updated: April 5, 2005 |
|
BigFix, Inc.Quote/Declaration: "BigFix enables organizations to better manage their global IT infrastructures with solutions to discover, analyze, change, and maintain security and software configurations faster and more accurately, resulting in improved processes, greater visibility, better security and more reliable services while reducing costs. BigFix supports the adoption of open standards such as CVE as an important part of reducing IT security risk and improving policy and regulatory compliance. BigFix Enterprise Suite presents discovered vulnerabilities with the associated CVE name enabling customers to quickly assess, prioritize, and immediately remediate security risks." | Name: BigFix Enterprise Suite | | | | Type: Vulnerability and Security Configuration Management Suite | | CVE Output: Yes | | CVE Searchable: Yes |
| Last Updated: April 30, 2007 |
|
BindView CorporationQuote/Declaration: "As a founding member of the CVE Initiative, BindView Corporation stands firmly behind the first lexicon of vulnerabilities. BindView is actively supporting this effort through its RAZOR research team. For too long, vendor interests and product limitations have shaped knowledge about vulnerabilities. The CVE Initiative shifts the focus from product-centric to an industry-based model, requiring vendors to have a greater accountability to the whole security market - as well as to our specific customers. Moving forward, we will continue to expand our security products to support CVE compatibility."
— Scott Blake, BindView Vice President for Information Security | Name: VLAD the Scanner | | | | Type: Free Open Source Common Vulnerabilities Assessment Tool | | CVE Output: Yes | | CVE Searchable: Yes |
| Last Updated: December 27, 2006 |
|
Blue Lane Technologies Inc.Quote/Declaration: "The Common Vulnerabilities and Exposures standard is very valuable to the industry and Blue Lane Technologies. It provides a common way to cross reference the vulnerabilities, patches and exploits that users and vendors must deal with. Blue Lane pursued CVE compatibility so our customers could benefit from the operational ease of use that comes with having a common reference list." | Last Updated: April 30, 2007 |
|
CAQuote/Declaration: "As a respected member of the MITRE CVE Editorial Board and a global leader in security, Computer Associates International, Inc (CA) is fully committed to supporting the MITRE CVE Initiative. With the increasing number of vulnerabilities, CA recognizes the need and the importance for a common vulnerability naming and enumerating standard. CA Threat Research Team leverages the CVE List by correlating our vulnerability database with the MITRE CVE List. By providing this information to our customers through our Threat Management products — eTrust Vulnerability Manager, and eTrust Policy Compliance, users can quickly and accurately identify a common vulnerability name and number, and in addition cross-reference this information with other sources and products that are CVE-compatible." | Name: eTrust Policy Compliance | | | | Type: Configuration Management, Risk Assessment, and Policy Compliance | | CVE Output: Yes | | CVE Searchable: Yes |
| Last Updated: February 14, 2006 |
|
CatbirdQuote/Declaration: "Catbird V-Security is a comprehensive security and compliance solution for virtual and physical infrastructures, delivering best-practice security for Hypervisor, Guest VMs and Policy/Regulatory Compliance. Cross-indexing the CVE in reports we present to our partners and customers assists them in building effective security programs." | Last Updated: August 11, 2008 |
|
CentaVision CorporationQuote/Declaration: "RAPTUS ICS is a next generation security product different from current network-based intrusion detection systems or firewalls. We have made RAPTUS ICS CVE-compatible to enhance the product for our customers worldwide." | Last Updated: January 8, 2003 |
|
Cenzic, Inc.Quote/Declaration: "Cenzic is pleased to integrate CVE information with our Hailstorm application security assessment product. Customers benefit from a widely supported standard while taking advantage of the leading application security assessment product." | Name: Cenzic ClickToSecure | | | | Type: Application Security Assessment Service | | CVE Output: Yes | | CVE Searchable: Planned |
| Name: Cenzic Hailstorm | | | | Type: Application Security Assessment Tool | | CVE Output: Yes | | CVE Searchable: Planned |
| Last Updated: April 30, 2007 |
|
CERIAS/Purdue UniversityQuote/Declaration: "CVE is the key to vulnerability database compatibility. The CERIAS Cooperative Vulnerability Database and the Cassandra tool currently provide CVE Output and are also CVE Searchable. The CERIAS ESP is entirely based on CVE. The CIRDB (CERIAS Incident Response Database) already provides CVE output. The growing importance and recognition of CVE requires the CIRDB to be searchable and fully CVE-compatible, which we will do for the release currently under development."
— Pascal Meunier, Assistant Research Scientist, CERIAS | Name: Cassandra | | | | Type: Profiled Search Tool of Vulnerability Database | | CVE Output: Yes | | CVE Searchable: Yes |
| Last Updated: May 23, 2007 |
|
CERT Coordination CenterQuote/Declaration: "We will begin directly contributing new CVE entries, as well as using existing CVE entries to annotate our published advisories."
— (Bill Fithen, Sep 29, 1999 press conference) | Last Updated: November 16, 2001 |
|
Cert-ISTQuote/Declaration: "Cert-IST offers its partners and clients a Security Advisory and Alert service, both in French and English. Cert-IST offers also a vulnerability database, accessible through Web interface, created in September 97, and maintained by a dedicated team. Cert-IST uses CVE in its advisory database, with the objective to improve the information and knowledge level in the security community." | Last Updated: April 30, 2007 |
|
Check Point Software Technologies, Ltd.Quote/Declaration: "Check Point is pleased to participate in the CVE Compatibility program, which will benefit the worldwide computing community by providing a common terminology for tracking security threats and make discourse among all community members (users, vendors, service providers, and others) more intelligible and productive." | Last Updated: September 9, 2003 |
|
China National Computer Software & Technology Service Corporation (CSS)Quote/Declaration: "China National Computer Software & Technology Service Corporation (CSS) is a leading company in the field of software development in the People's Republic of China. We believe it is important for our security solution to be fully compatible with the Common Vulnerabilities and Exposures (CVE) standard."
— Ph. D. Dongping Ma, Chief of Information Security Lab of CSS | Last Updated: April 30, 2007 |
|
Cisco SystemsQuote/Declaration: "Cisco sees CVE as an important step in the collaborative efforts of the vulnerability science community. It is a tool that allows our security research and product development teams to focus on adding value for our customers. Cisco will incorporate the CVE dictionary into its products."
— Andrew Balinsky, Cisco Secure Encyclopedia Project Manager | Last Updated: April 30, 2007 |
|
Clear North Technologies, Inc.Quote/Declaration: "The objective of the Clear North Technologies penetration study is to identify and report vulnerabilities in the client's perimeter network which may provide attackers with an opportunity to gain unauthorized access to private computer systems and networks. In performing the penetration study, Clear North Technologies will employ techniques and tools similar to those used by external threats with the intention of compromising perimeter network safeguards in an effort to gain access to the client's private computer systems and networks." | Last Updated: April 30, 2007 |
|
Computec.ch| Name: Attack Tool Kit (ATK) | | | | Type: Security Auditing and Penetration Testing | | CVE Output: Yes | | CVE Searchable: Yes |
| Last Updated: September 1, 2004 |
|
Computer Security Laboratory, Dept. of Computer Science, UC DavisQuote/Declaration: "We will put the CVE names into this database in order to provide a cross reference to that enumeration."
— Matt Bishop | Name: DOVES | | | | Type: Vulnerability Database | | CVE Output: Planned | | CVE Searchable: Planned |
| Last Updated: October 26, 1999 |
|
Consul risk management, Inc.Quote/Declaration: "Consul risk management, Inc. utilizes the CVE program to tag each vulnerability detected. This information is used through our InSight Security Event Module SIM console for reporting, correlating and linking vulnerability assessment scan results with 3rd party security information including IDS and firewall events to significantly reduce false positives by associating threats with their corresponding vulnerabilities and providing users with the ability to research vulnerabilities, all made possible through CVE." | Name: InSight Security Event Module | | | | Type: Security Information Management/Security Event Monitoring (SIM/SEM) Product | | CVE Output: Yes | | CVE Searchable: Yes |
| Last Updated: April 30, 2007 |
|
Core Security TechnologiesQuote/Declaration: " As the provider of CORE IMPACT, the industry's first automated penetration testing product, Core Security Technologies is pleased to support the CVE standard. CVE provides a critical common language for naming vulnerabilities and allows us to not only link exploits to vulnerabilities within IMPACT, but also to provide interoperability with vulnerability scanners, intrusion detection and remediation products and other risk assesment and management solutions."
— Ivan Arce, CTO, Core Security Technologies | Name: CORE IMPACT | | | | Type: Automated Penetration Testing | | CVE Output: Yes | | CVE Searchable: Yes |
| Last Updated: May 27, 2004 |
|
Criston SoftwareQuote/Declaration: "Criston relies on the CVE standardization method for vulnerability identification in security audit reports produced by Vulnerability Management solution. Through CVE names, Vulnerability Management users can efficiently access worldwide publicly known vulnerability and security resources.This make it easier to share data across separate vulnerabilities databases and security tools."
— Haissam HASSAN, Product Management | Last Updated: March 30, 2006 |
|
Critical WatchQuote/Declaration: "Critical Watch supports MITRE's CVE program for standardizing a naming scheme for vulnerabilities. Incorporating CVE names into our enterprise vulnerability management solution enables our customers to act swiftly and confidently to collapse windows of exposure."
— Nelson Bunker Chief Security Officer | Last Updated: April 14, 2008 |
|
Cubico Solutions CCQuote/Declaration: "Cubico Solutions is honored to leverage off the power of the CVE standard and will continue to support CVE throughout its product offerings." | Name: Foresight | | | | Type: Continuous Risk Analysis Solution | | CVE Output: Yes | | CVE Searchable: Yes |
| Last Updated: March 31, 2004 |
|
DEVOTEAM Solutions - APOGEEQuote/Declaration: "APOGEE has worked out an IT SECurity Watch Service to help companies and
organizations in their security risk management. The service objective is
to provide a daily synthesis as regards new vulnerability, software
security fixes and reissues of official security advisories. The security
watch team gathers information available on the Internet, analyzes content,
pertinence and gravity of published alerts and qualify security fixes
provided by editors. Each vulnerability mentioned in our daily bulletin is
presented with the related CVE name allowing our subscribers to cross-link
with other repositories and providing compatibility with third party
products and services that use CVE standard." | Name: SECurity Watch Service [SECWS] | | | | Type: Notification service (email in HTML and TEXT format, both in French and English) | | CVE Output: Yes | | CVE Searchable: Planned |
| Last Updated: March 29, 2007 |
|
DragonSoft Security Associates, Inc.Quote/Declaration: "DragonSoft Security Associates, Inc. believes that CVE provides the correct direction to a uniform and consistent representation of vulnerabilities and exposures information. As a company which research and design vulnerabilities and exposures detecting software, we are very desirous to providing CVE compatible product to our customers that researches and designs software for detecting vulnerabilities and exposures, we believe it is important to provide CVE-compatible products to our customers." | Last Updated: April 30, 2007 |
|
E*MAZE Networks S.p.A.Quote/Declaration: "As an innovative provider of information security services for fixed and wireless IP networks, E*MAZE Networks S.p.A. is pleased to support this initiative aimed at creating a common lexicon for naming vulnerabilities and increasing interoperability between security tools. Incorporating the CVE entry and CAN naming scheme into the ipLegion and intraLegion vulnerability assessment suites, E*MAZE ensures that its clients can benefit from a more extended information cross-reference, thus enabling a more effective protection of digital assets and online systems. ipLegion and intraLegion database are fully searchable by keyword, CVE name or candidate number."
— Rodolfo G. Rosini, CEO | Name: ipLegion/intraLegion | | | | Type: Internet/Intranet Vulnerability Scanner | | CVE Output: Yes | | CVE Searchable: Yes |
| Last Updated: February 18, 2002 |
|
Edgeos, Inc.Quote/Declaration: "Edgeos' services fully support and implement CVE." | Name: EdgeSecure | | | | Type: Network Security Analysis Service | | CVE Output: Yes | | CVE Searchable: Yes |
| Last Updated: May 17, 2007 |
|
eEye Digital SecurityQuote/Declaration: "eEye Digital Security is a leading developer of network security software and an active contributor to network security research and education. eEye protect enterprises throughout the entire vulnerability lifecycle and offers a comprehensive range of award-winning solutions for vulnerability assessment, remediation management, intrusion prevention and network forensics. eEye is pleased to support the CVE Initiative and will continue to promote the standardization of the CVE naming convention and vulnerability identification." | Last Updated: November 8, 2004 |
|
Enterasys NetworksQuote/Declaration: "Many of Dragon's IDS signatures already have CVE tags. Our vulnerability signatures will also have CVE tags. Dragon uses these tags to link users directly to the CVE Web site which allows them to get concise and updated vulnerability information."
— Ron Gula, Vice President of Intrusion Detection Systems, Enterasys | Name: Dragon Sensor | | | | Type: Packet Based Intrusion Detection System | | CVE Output: Yes | | CVE Searchable: Planned |
| Last Updated: August 10, 2001 |
|
e-Project s.r.l.Quote/Declaration: "e-Project believes that those wishing to contribute to improving information security should collaborate with the MITRE Corporation to support the CVE standard. e-Project has made its Scan-edge vulnerability assessment and remediation service CVE-compatible so our customers will have the best information available. We will contribute to this effort in every way possible and continue to support CVE on an ongoing basis." | Name: Scan-edge | | | | Type: Vulnerability Assessment and Remediation Service | | CVE Output: Yes | | CVE Searchable: Yes |
| Last Updated: February 5, 2003 |
|
esCERT-UPC: The UPC University Computer Emergency Response TeamQuote/Declaration: "At esCERT, we have adapted all our procedures and services to CVE notation since we consider that it is the best way to handle and distribute vulnerability information in a complete and reliable way." | Name: ALTAIR | | | | Type: Vulnerability Database and Vulnerability Alerts | | CVE Output: Yes | | CVE Searchable: Yes |
| Last Updated: May 1, 2002 |
|
E-Soft, Inc.Quote/Declaration: "E-Soft is pleased to support MITRE's standardization of vulnerability identification in our security auditing services. The adoption of CVE as an industry-wide standard benefits the users of security products and services by providing a single, consistent way of identifying vulnerabilities across different products and services." | Last Updated: May 2, 2002 |
|
French Security Incident Response Team (FrSIRT)Quote/Declaration: "The FrSIRT delivers personalized vulnerability and threat alerts, 24/7, 365 days a year, to inform organizations of new potential threats. Our services are designed to deliver notification of vulnerabilities and exploits as they are identified, providing timely, actionable information and guidance to help mitigate risks before they are exploited." | Last Updated: May 13, 2008 |
|
FuJian RongJi Software Company, LtdQuote/Declaration: "FuJian RongJi Software Company, Ltd., in association with the Institute of High Energy Physics, the Chinese Academy of Sciences, has developed the RJ-iTop Network Vulnerability Scanner System, which provides CVE Output and is CVE Searchable. In addition, its database is fully searchable by keyword, CVE name, or candidate number. We have made our product compatible with CVE so that administrators can easily differentiate which is the best product for them among the different security products."
— C. Shanmao Lin, RongJi Enterprise | Last Updated: March 18, 2008 |
|
GamaSec Ltd.Quote/Declaration: "Gamasec's GamaScan Web application Scanner is an automated security service that searches for software vulnerabilities within Web applications and validates any potential security breaches and risks against a continually updated service database. By incorporating CVE Identifiers into GamaScan, we are providing our customers with the ability to enhance their vulnerability handling processes and further leverage their vulnerability scanners to verify that updates and fixes have been applied." | Name: GamaScan | | | | Type: Web Site Vulnerability-Assessment Service | | CVE Output: Yes | | CVE Searchable: Yes |
| Last Updated: July 15, 2008 |
|
Gazos Creek IncorporatedQuote/Declaration: "Gazos Creek has developed a method to provide security and network management services to the embedded systems market. We are pursuing CVE compatibility to allow our devices and services to contribute to, be integrated in and strengthen the larger community protecting against malicious software and malicious intentions." | Name: netSense | | | | Type: Comprehensive and Continuous Network Security (VA, IDS) on Embedded Devices | | CVE Output: Planned | | CVE Searchable: Planned |
| Last Updated: November 21, 2005 |
|
Gentoo FoundationQuote/Declaration: "The Gentoo Linux Security Project actively supports the CVE Initiative by referencing corresponding CVE entries in all of our security advisories where appropriate." | Last Updated: December 17, 2004 |
|
GFI Software Ltd.Quote/Declaration: "GFI recognizes the importance of standards in a field which is encountering even bigger challenges, variation of attacks and abuses of IT systems. While searching for a standard which will allow us to adhere to as well as encourage our customers to refer to vulnerabilities in a particular format, we found a perfect synergy between our technology and CVE. We believe that such integration will provide a common ground for our customers and security administrators out there to share and unify experiences against these ever increasing threats." | Last Updated: March 12, 2008 |
|
Grupo S21sec Gestión S.A.| Name: Vulnera | | | | Type: Daily Vulnerability Mail Service Based on a Daily Updated Database | | CVE Output: Yes | | CVE Searchable: Yes |
| Last Updated: October 4, 2004 |
|
Harris CorporationQuote/Declaration: "Harris Corporation has integrated the CVE standard into its STAT Scanner, which provides the ability to identify, track, compare, and contrast vulnerabilities. STAT Scanner has a fully integrated interface that allows the user to see the specific CVE information, while at the same time providing predefined configuration files that scan specifically for all CVE vulnerabilities."
— Lilo Newberry, STAT Director of Operations, Harris Corporation | Last Updated: April 30, 2007 |
|
Huawei-3Com Co. Ltd.| Last Updated: June 19, 2006 |
|
IBMQuote/Declaration: "IBM actively promotes, supports, and contributes to the emerging open systems standards such as CVE that enable technology management software such as IBM Tivoli Risk Manager and IBM Tivoli Security Operations Manager, intrusion detection, vulnerability assessment, and security management components to inter-operate and share management information. We know that open system standards are a critical step in this direction. We support CVE as the first and the most complete naming convention for vulnerability mapping in the industry and we are committed to using CVE within our product in a tightly integrated fashion." | Last Updated: January 06, 2007 |
|
IBM Internet Security SystemsQuote/Declaration: "The CVE naming standard developed by MITRE represents a significant leap forward for the information security industry and end user community. As a technology pioneer and leading provider of security management software and services, IBM Internet Security Systems is pleased to be a part of this important initiative as we move toward a standard that is crucial to the effective protection of every organization's critical digital assets."
— Christopher Klaus, Founder and Chief Technology Officer |
