Organizations Participating
All organizations participating in the Compatibility Program are listed below, including those with CVE-Compatible
Products and Services and those with Declarations
to Be CVE-Compatible.
Organizations are listed alphabetically:
A |
B |
C |
D |
E |
F |
G |
H |
I |
J |
K |
L |
M |
N |
O |
P |
Q |
R |
S |
T |
U |
V |
W |
X |
Y |
Z
| Advanced Research Corporation |
|
Quote/Declaration: SARA provides a monthly updated cross-reference CVE-SARA map that identifies CVE to
SARA test correspondence, link to tutorial, and link to CVE reference data. In addition,
all SARA reports contain relevant CVE names in the tutorials.
Quote/Declaration: AdventNet is pleased to support CVE names in the vulnerability database of the
SecureCentral product line, as part of our commitment to embracing industry
standards.
| Application Security, Inc. |
|
Quote/Declaration: Application Security, Inc. is committed to delivering solutions that are compatible and interoperable with the IT security
environment at large. In the vulnerability management marketplace, that means speaking CVE. We've kept our SHATTER knowledgebase,
the world's most comprehensive list of database vulnerabilities and misconfigurations, up-to-date with CVE references since
2004.
— Josh Shaul, CTO
Quote/Declaration: As a pioneer and leading provider of security management solutions for the enterprise
ArcSight actively promotes and supports open systems standards such as CVE. ArcSight uses
cross-device correlation to detect sophisticated multi-source, multi-target attacks while
keying into the correct policies and procedures for response via the CVE names. It enables
security experts and IT managers to cross-correlate information and references about
different threats reported by disparate security products and solutions — a
necessity to understand the real impact of vulnerabilities and attacks.
Quote/Declaration: Assuria Auditor (formerly ISS System Scanner) was previously certified as ISS System
Scanner. Assuria have enhanced and added functionality and features around CVE reporting in
the product.
| Backbone Security.com, Inc. |
|
Quote/Declaration: We aim to provide our customers with the best information available on how to protect
their infrastructure. By integrating CVE into our product, we are providing up-to-date
vulnerability information that can be used to enable a network administrator to defend
their enterprise data and resources.
|
Name:
24 x 7 Monitoring
|
|
Type: Network Appliance and Managed Service
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
One Stop PCI Scan
|
|
Type: PCI Approved Scanning Service
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| Beijing Leadsec Technology Co., Ltd. |
Date Declared: March 13, 2011 |
| Beijing Netpower Technologies Inc. |
|
Quote/Declaration: Beijing Netpower Technologies Inc. is a leading network security products producer in
China. We assure that Netpower Network Security Assessment System is fully compatible with
CVE standards.
| Beijing Venustech Security Inc. |
|
Quote/Declaration: Beijing Venustech Security Inc. provides users with a series of network security products, which along with our own independent
intellectual property, are compliant with the international standard, CVE. Beyond products, we deliver our customers life-cycle
services including consulting, design, implementation, maintenance, and training.
— Helen Wang
Quote/Declaration: Beyond Security Ltd.'s Automated Scanning provides users with a complete picture of the
security of their organization by leveraging the huge SecuriTeam.com knowledgebase. As
such, we see high importance for the CVE naming scheme, which provides a global independent
reference for known security vulnerabilities.
Quote/Declaration: BigFix enables organizations to better manage their global IT infrastructures with
solutions to discover, analyze, change, and maintain security and software configurations
faster and more accurately, resulting in improved processes, greater visibility, better
security and more reliable services while reducing costs. BigFix supports the adoption of
open standards such as CVE as an important part of reducing IT security risk and improving
policy and regulatory compliance. BigFix Enterprise Suite presents discovered
vulnerabilities with the associated CVE name enabling customers to quickly assess,
prioritize, and immediately remediate security risks.
| Black Box Corporation |
Date Declared: March 29, 2010 |
Quote/Declaration: As a global leader in data, voice and enterprise security solutions, Black Box
Corporation (BBOX) fully supports the MITRE CVE® standard. We are pleased to
deploy our award winning CVE-compatible Veri-NAC appliances into the market with a faster,
less invasive vulnerability scanning system with direct links into the National
Vulnerability Database (NVD) for a deeper understanding of common vulnerabilities and
exposures as well as faster remediation.
| Blue Lane Technologies Inc. |
|
Quote/Declaration: The Common Vulnerabilities and Exposures standard is very valuable to the industry and
Blue Lane Technologies. It provides a common way to cross reference the vulnerabilities,
patches and exploits that users and vendors must deal with. Blue Lane pursued CVE
compatibility so our customers could benefit from the operational ease of use that comes
with having a common reference list.
Quote/Declaration: As a respected member of the MITRE CVE Editorial Board and a global leader in security,
Computer Associates International, Inc (CA) is fully committed to supporting the MITRE CVE
Initiative. With the increasing number of vulnerabilities, CA recognizes the need and the
importance for a common vulnerability naming and enumerating standard. CA Threat Research
Team leverages the CVE List by correlating our vulnerability database with the MITRE CVE
List. By providing this information to our customers through our Threat Management products
— eTrust Vulnerability Manager, and eTrust Policy Compliance, users can
quickly and accurately identify a common vulnerability name and number, and in addition
cross-reference this information with other sources and products that are
CVE-compatible.
Quote/Declaration: Catbird V-Security is a comprehensive security and compliance solution for virtual and
physical infrastructures, delivering best-practice security for Hypervisor, Guest VMs and
Policy/Regulatory Compliance. Cross-indexing the CVE in reports we present to our partners
and customers assists them in building effective security programs.
Quote/Declaration: Cenzic is pleased to integrate CVE information with our Hailstorm application security
assessment product. Customers benefit from a widely supported standard while taking
advantage of the leading application security assessment product.
|
Name:
Cenzic ClickToSecure
|
|
Type: Application Security Assessment Service
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Planned
|
Quote/Declaration: CVE is the key to vulnerability database compatibility. The CERIAS Cooperative
Vulnerability Database and the Cassandra tool currently provide CVE Output and are also CVE
Searchable. The CERIAS ESP is entirely based on CVE. The CIRDB (CERIAS Incident Response
Database) already provides CVE output. The growing importance and recognition of CVE
requires the CIRDB to be searchable and fully CVE-compatible, which we will do for the
release currently under development.
— Pascal Meunier, Assistant Research Scientist, CERIAS
|
Name:
Cassandra
|
|
Type: Profiled Search Tool of Vulnerability Database
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: We will begin directly contributing new CVE entries, as well as using existing CVE
entries to annotate our published advisories.
— (Bill Fithen, Sep 29, 1999 press conference)
Quote/Declaration: Cert-IST offers its partners and clients a Security Advisory and Alert service, both in
French and English. Cert-IST offers also a vulnerability database, accessible through Web
interface, created in September 97, and maintained by a dedicated team. Cert-IST uses CVE
in its advisory database, with the objective to improve the information and knowledge level
in the security community.
| Check Point Software Technologies, Ltd. |
|
Quote/Declaration: Check Point is pleased to participate in the CVE Compatibility program, which will
benefit the worldwide computing community by providing a common terminology for tracking
security threats and make discourse among all community members (users, vendors, service
providers, and others) more intelligible and productive.
|
Name:
Check Point IPS-1
|
|
Type: Intrusion Detection and Prevention
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| China National Computer Software & Technology Service Corporation
(CSS)
|
|
Quote/Declaration: China National Computer Software & Technology Service Corporation (CSS) is a
leading company in the field of software development in the People's Republic of China. We
believe it is important for our security solution to be fully compatible with the Common
Vulnerabilities and Exposures (CVE) standard.
— Ph. D. Dongping Ma, Chief of Information Security Lab of CSS
Quote/Declaration: Cisco sees CVE as an important step in the collaborative efforts of the vulnerability
science community. It is a tool that allows our security research and product development
teams to focus on adding value for our customers. Cisco will incorporate the CVE dictionary
into its products.
— Andrew Balinsky, Cisco Secure Encyclopedia Project Manager
| Clear North Technologies, Inc. |
|
Quote/Declaration: The objective of the Clear North Technologies penetration study is to identify and
report vulnerabilities in the client's perimeter network which may provide attackers with
an opportunity to gain unauthorized access to private computer systems and networks. In
performing the penetration study, Clear North Technologies will employ techniques and tools
similar to those used by external threats with the intention of compromising perimeter
network safeguards in an effort to gain access to the client's private computer systems and
networks.
|
Name:
Attack Tool Kit (ATK)
|
|
Type: Security Auditing and Penetration Testing
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| Computer Security Laboratory, Dept. of Computer Science, UC Davis |
|
Quote/Declaration: We will put the CVE names into this database in order to provide a cross reference to
that enumeration.
— Matt Bishop
|
Name:
DOVES
|
|
Type: Vulnerability Database
|
|
|
|
CVE Output:
Planned
CVE Searchable:
Planned
|
| Core Security Technologies |
|
Quote/Declaration: As the provider of CORE IMPACT, the industry's first automated penetration testing
product, Core Security Technologies is pleased to support the CVE standard. CVE provides a
critical common language for naming vulnerabilities and allows us to not only link exploits
to vulnerabilities within IMPACT, but also to provide interoperability with vulnerability
scanners, intrusion detection and remediation products and other risk assesment and
management solutions.
— Ivan Arce, CTO, Core Security Technologies
|
Name:
CORE IMPACT
|
|
Type: Automated Penetration Testing
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: CounterSnipe aims to ensure that our customers' networks are provided with maximum
protection and we believe that it is absolutely critical to at least guard against known
and published vulnerabilities. There is no better way than ensuring CVE
compatibility.
|
Name:
Countersnipe
|
|
Type: Knowledge based Intrusion Prevention Systems
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Critical Watch supports MITRE's CVE program for standardizing a naming scheme for
vulnerabilities. Incorporating CVE names into our enterprise vulnerability management
solution enables our customers to act swiftly and confidently to collapse windows of
exposure.
— Nelson Bunker Chief Security Officer
Quote/Declaration: Cubico Solutions is honored to leverage off the power of the CVE standard and will
continue to support CVE throughout its product offerings.
|
Name:
Foresight
|
|
Type: Continuous Risk Analysis Solution
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| CXSecurity |
Date Declared: January 3, 2012 |
Quote/Declaration: DBAPPSecurity focuses on web application security and database security. It provides
web vulnerability scanner (MatriXay), web application firewall, database scanner, database
auditor, log auditor, web monitor and professional security services for information
security and risk management, which compliance with many kinds of laws and
regulations.
|
Name:
Database Auditor
|
|
Type: Database Auditing
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| DragonSoft Security Associates, Inc. |
|
Quote/Declaration: DragonSoft Security Associates, Inc. believes that CVE provides the correct direction
to a uniform and consistent representation of vulnerabilities and exposures information. As
a company which research and design vulnerabilities and exposures detecting software, we
are very desirous to providing CVE compatible product to our customers that researches and
designs software for detecting vulnerabilities and exposures, we believe it is important to
provide CVE-compatible products to our customers.
Quote/Declaration: e-Project believes that those wishing to contribute to improving information security
should collaborate with the MITRE Corporation to support the CVE standard. e-Project has
made its Scan-edge vulnerability assessment and remediation service CVE-compatible so our
customers will have the best information available. We will contribute to this effort in
every way possible and continue to support CVE on an ongoing basis.
|
Name:
Scan-edge
|
|
Type: Vulnerability Assessment and Remediation Service
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: E-Soft is pleased to support MITRE's standardization of vulnerability identification in
our security auditing services. The adoption of CVE as an industry-wide standard benefits
the users of security products and services by providing a single, consistent way of
identifying vulnerabilities across different products and services.
Quote/Declaration: As a leader and innovation in the security industry, Easy Solutions, Inc. is pleased to
announce compatibility with the CVE Initiative
— Ricardo E. Villadiego, Regional Director, Americas, Easy Solutions,
Inc.
Quote/Declaration: Edgeos' services fully support and implement CVE.
Quote/Declaration: eEye Digital Security is an innovative leader in vulnerability and security research,
providing security solutions that help businesses and users protect their systems and
intellectual property from compromise. eEye enables secure computing through world-renowned
research and innovative technology, supplying the world's largest businesses with an
integrated and research-driven vulnerability assessment, intrusion prevention, and client
security solution. eEye is pleased to support the CVE Initiative and will continue to
promote the standardization of the CVE naming convention and vulnerability identification.
Quote/Declaration: Emaze, which offers proactive security solutions to help large organizations handle security risks as well as to fulfill compliance
and conformity requirements, is pleased to support the CVE initiative.
— Rodolfo G. Rosini, CEO
Quote/Declaration: Many of Dragon's IDS signatures already have CVE tags. Our vulnerability signatures
will also have CVE tags. Dragon uses these tags to link users directly to the CVE Web site
which allows them to get concise and updated vulnerability information.
— Ron Gula, Vice President of Intrusion Detection Systems, Enterasys
|
Name:
Enterasys Dragon
|
|
Type: Packet Based Intrusion Detection System
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Planned
|
| esCERT-UPC: The UPC University Computer Emergency Response Team |
|
Quote/Declaration: At esCERT, we have adapted all our procedures and services to CVE notation since we
consider that it is the best way to handle and distribute vulnerability information in a
complete and reliable way.
|
Name:
ALTAIR
|
|
Type: Vulnerability Database and Vulnerability Alerts
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| Fortinet, Inc. |
Date Declared: April 5, 2011 |
Quote/Declaration: Fortinet has been an established security vendor for some time, and regularly discovers third-party security vulnerabilities
for which we request CVE Identifiers from MITRE. We also monitor the security space, develop IPS signatures, and map/reference
the CVEs for all of these in our advisories and encyclopedia.
| FuJian RongJi Software Company, Ltd |
|
Quote/Declaration: FuJian RongJi Software Company, Ltd., in association with the Institute of High Energy
Physics, the Chinese Academy of Sciences, has developed the RJ-iTop Network Vulnerability
Scanner System, which provides CVE Output and is CVE Searchable. In addition, its database
is fully searchable by keyword or CVE name. We have made our product
compatible with CVE so that administrators can easily differentiate which is the best
product for them among the different security products.
— C. Shanmao Lin, RongJi Enterprise
Quote/Declaration: Gamasec's GamaScan Web application Scanner is an automated security service that
searches for software vulnerabilities within Web applications and validates any potential
security breaches and risks against a continually updated service database. By
incorporating CVE Identifiers into GamaScan, we are providing our customers with the
ability to enhance their vulnerability handling processes and further leverage their
vulnerability scanners to verify that updates and fixes have been applied.
|
Name:
GamaScan
|
|
Type: Web Site Vulnerability-Assessment Service
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: The Gentoo Linux Security Project actively supports the CVE Initiative by referencing
corresponding CVE entries in all of our security advisories where appropriate.
Quote/Declaration: GFI recognizes the importance of standards in a field which is encountering even bigger
challenges, variation of attacks and abuses of IT systems. While searching for a standard
which will allow us to adhere to as well as encourage our customers to refer to
vulnerabilities in a particular format, we found a perfect synergy between our technology
and CVE. We believe that such integration will provide a common ground for our customers
and security administrators out there to share and unify experiences against these ever
increasing threats.
Quote/Declaration: Globant is pleased to support MITRE's initiative of standardizing
vulnerability identification in our managed security services.
The adoption of MITRE's CVE standard benefits users, community and vendors
by providing a consistent and single way of identifying vulnerabilities
across different products.
| Grupo S21sec Gestion S.A. (S21sec) |
|
|
Name:
Vulnera
|
|
Type: Daily Vulnerability Mail Service Based on a Daily Updated Database
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| H3C Technologies Co., Limited |
|
Quote/Declaration: H3C Technologies Co., Limited has made our IPS product compatible with CVE for the
benefit of our customers and to support industry standards.
| Hangzhou DPtech Technologies Co., Ltd. |
Date Declared: March 23, 2011 |
Quote/Declaration: Hangzhou DPtech Technologies Co., Ltd. is pleased to support MITRE on the CVE effort to standardize vulnerability identification
not only for the security industry, but for our customers. DPtech IPS2000, our network-based intrusion prevention system,
and DPtech Scanner1000, our network and application vulnerability assessment scanner, have incorporated CVE names to provide
the most valuable information for our customers.
Quote/Declaration: By integrating CVE into our security assessment and management products we enable our
customers to promptly and effectively track and respond to security
vulnerabilities.
|
Name:
HP Live Network Service
|
|
Type: Internet Community Portal and Subscription Service
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: IBM actively promotes, supports, and contributes to the emerging open systems standards
such as CVE that enable technology management software such as IBM Tivoli Risk Manager and
IBM Tivoli Security Operations Manager, intrusion detection, vulnerability assessment, and
security management components to inter-operate and share management information. We know
that open system standards are a critical step in this direction. We support CVE as the
first and the most complete naming convention for vulnerability mapping in the industry and
we are committed to using CVE within our product in a tightly integrated fashion.
| IBM Internet Security Systems |
|
Quote/Declaration: The CVE naming standard developed by MITRE represents a significant leap forward for
the information security industry and end user community. As a technology pioneer and
leading provider of security management software and services, IBM Internet Security
Systems is pleased to be a part of this important initiative as we move toward a standard
that is crucial to the effective protection of every organization's critical digital
assets.
— Christopher Klaus, Founder and Chief Technology Officer
| Information Risk Management Plc |
|
Quote/Declaration: IRM ensures that clients acquire and maintain the core elements of information security
by providing product-independent, expert, and impartial consulting services to
organisations wishing to examine and improve the security of their information assets. It
is essential that open and standardised vulnerability descriptions and metrics integrate
into IRM's methodology and output so that clients may be assured of a common reference to
findings and recommendations. CVE provides such a mechanism and is vital in providing
meaningful security threat results.
| Information-technology Promotion Agency, Japan (IPA) |
|
Quote/Declaration: IPA is proud to incorporate CVE in our product line. Our main product, JVN iPedia is a
vulnerability database that stores summary and countermeasure information on domestic and
overseas software products used in Japan. JVN iPedia is equipped with search functions
(Keyword, Product, CVSS, CVE, etc.) and RSS feeds, which provides the accumulated data in a
comprehensive manner.
| InfoSec Technologies Co., Ltd. |
|
Quote/Declaration: CVE compatibility is an important feature of AppSentry that provides a standardized
cross-reference of included vulnerabilities. Inclusion of CVE names in policies and reports
allows AppSentry users to quickly and accurately locate critical vulnerability information
and to correlate findings with other security tools.
|
Name:
AppSentry
|
|
Type: Vulnerability Assessment Tool
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Intellitactics is pleased to partner with MITRE on the CVE Compatibility program. As a
leader in the enterprise security management software technology, we believe that the CVE
standardization of multi-vendor security exploits information will greatly benefit our
customers. Our current product offering leverages CVE to offer intelligent correlation and
threat and incident management solutions and our future offerings will continue to leverage
the widely accepted CVE standard.
— Paul MacGyver Carman, Technical Product Manager
Quote/Declaration: Inzen appreciates the efforts of the CVE Initiative and supports CVE by making its
products comply with the CVE requirements. Inzen's integrated security solutions will be
CVE-compatible. Inzen's solutions include NeoWatcher@ESM (network-based IDS), NeoGuard@ESM
and NeoGuard@ESM for NT (host-based IDSes), and NeoScanner@ESM for System and
NeoScanner@ESM for Network (vulnerability assessment tools). In addition, Inzen supplies
interoperability services, integrated with solutions for other security areas.
— ByungChan Kwak
|
Name:
NeoGuard@ESM
|
|
Type: Host-Based Intrusion Detection System
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
NeoWatcher@ESM
|
|
Type: Network-Based Intrusion Detection System
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
SecuPlat ESM
|
|
Type: Vulnerability Assessment Management Platform
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| iPolicy Networks (Security Product Division Of Tech Mahindra Ltd.) |
|
Quote/Declaration: iPolicy Networks delivers an advanced and comprehensive network security solution for
protecting enterprise, carrier and service-provider networks. The intrusion detection and
prevention function in the iPolicy Intrusion Prevention Firewalls analyzes network traffics
for known vulnerabilities and malware signatures. We strongly support CVE compatibility in
our products. It not only ensure for us that we cover entire spectrum of vulnerabilities,
it also gives opportunity to our customers to cross reference and verify the effectiveness
of the solution provided to them by our products.
| Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) and
Information-technology Promotion Agency, Japan (IPA)
|
|
Quote/Declaration: Under the Information Security Early Warning Partnership in Japan, IPA receives private
vulnerability reports and JPCERT/CC coordinates with developers to prepare patches or
remedies. JVN provides infomation such as solution, vulnerability analysis by JPCERT/CC,
and vender notes. JVN contains CVE information as well as vulnerability attribute
information.
|
Name:
Cypollo-H
|
|
Type: Host-Based Intrusion Detection System
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
Cypollo-N
|
|
Type: Network-Based Intrusion Detection System
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: As an advocate of initiatives that improve customers' understanding of network
security, Juniper believes the CVE standardized list of vulnerabilities and exposures is a
significant step towards eradicating the confusion caused by disparate security
information. Juniper has incorporated CVE into its intrusion detection and prevention
system to help customers understand incidents so that they can quickly respond and
effectively protect their networks.
Quote/Declaration: KDware's Incident MiND is an incident management solution that supports
cross-correlation from multi-vendor products with centralized security logging and incident
management. Incident MiND uses CVE as an important means for normalizing events across a
variety of security devices and supports security experts and IT managers in
cross-correlating information and references about different threats reported by disparate
security products and solutions.
|
Name:
Incident MiND
|
|
Type: Incident Management Tool
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Planned
|
Quote/Declaration: Kingnet Security plays a leading role in network security industry in China. We want
our KIDS intrusion detection system to be compatible to the CVE standard so as to bring as
much value to our customers as possible.
Quote/Declaration: LANDesk Security and Patch manager supports the CVE naming standard, it's a simple and
practical way to ensure that a vulnerability definition means the same thing to different
people.
| Legendsec Technology Co. Ltd |
|
Quote/Declaration: For the benefit of our customers, we believe it is important to be
fully compatible with the international CVE standard.
Quote/Declaration: The CSI service of laboratory LEXSI gathers applications and services offering a
coherent and complete IT security watch solution to its subscribers. At the core of the
CSI, ten experts supervise new security failures, carry out integrity tests, provide manual
avoidance solutions, reference and enrich the Vulnerabilities Database. Compatibility
between referred vulnerabilities and CVE dictionary provides to our subscribers and
partners full interworking of our watch system with all third party products and
services.
Le service CSI du laboratoire LEXSI regroupe un ensemble d'applications
et de services à même d'offrir à ses
abonnés une solution cohérente et complète de
veille en sécurité informatique. Au coeur du CSI, une dizaine
d'experts surveille l'apparition de failles de sécurité,
effectue des tests d'intégrité, élabore des
solutions de contournement, référence et enrichit la Base de
Vulnérabilités. La compatibilité entre les
vulnérabilités
référencées et le dictionnaire CVE offre
à nos abonnés et partenaires
l'interopérabilité totale de notre système de
veille avec l'ensemble des services et produits tiers.
Quote/Declaration: Lumension Security (formerly PatchLink Corporation) is in the vulnerability management
business and as such fully recognizes the value of using CVE names. All of our patches have
CVE codes in them.
|
Name:
PatchLink Update
|
|
Type: Enterprise-Wide Patch Management and Vulnerability Remediation
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Mandriva recognizes the importance of a vendor-neutral list of vulnerabilities that can
be cross-referenced by anyone; this is especially important in the growing number of mixed
networks, and allows individuals to cross-reference vulnerabilities with ease. All Mandriva
advisories will now contain CVE names to provide this service to our users.
|
Name:
Mandriva Advisories
|
|
Type: Linux Operating System Security Advisory Web Site
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Because of today's ever changing threats, and vulnerability data a consent must be had
to properly identify each. In the malicious code area these naming conventions exist and
are very beneficial. The MITRE CVE program provides a naming standard that can be relied on
when there is confusion or no standards agreed upon providing a method by which system
administrators and other users can search the Internet to get the information on the same
vulnerability via various sources.
— Carl Banzhof - Vice President and Chief Technology Evangelist,
McAfee
|
Name:
McAfee Secure
|
|
Type: Security Auditing and Certification
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: OVAL provides a common language for security experts to discuss the technical details
of how to check for the presence of vulnerabilities and configuration issues on local
systems. The results of the discussions are collaboratively developed XML vulnerability,
patch, and compliance definitions that are based on a common OVAL Schema and perform the
checks. CVE names are used as the basis for all OVAL vulnerability definitions currently
collected on the OVAL Web site. For each CVE name, there are one or more OVAL vulnerability
definitions that measure the presence of that vulnerability on an end system. OVAL
vulnerability definitions on the OVAL Web site can be searched by CVE name, and vulnerability definitions called up for review
include CVE
names.
— Pete Tasker, Executive Director, Security and Info Operations Division
Quote/Declaration: N-Stalker, Inc. is pleased to support MITRE on the CVE Initiative to standardize
vulnerability identification. It's a simple and practical way to ensure that a
vulnerability definition means the same thing to different people.
|
Name:
N-Stalker QA Edition
|
|
Type: Vulnerability Assessment Tool
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Planned
|
| National Institute of Standards and Technology |
|
Quote/Declaration: The National Vulnerability Database contains all CVE information as well as
vulnerability attribute information (e.g. vulnerable version numbers), direct access to
U.S. government vulnerability resources, and annotated links to industry resources. The
underlying data in the database is provided license free via an XML feed.
| nCircle Network Security, Inc. |
|
Quote/Declaration: nCircle actively supports standardization efforts in the security market, including the
CVE's common lexicon for the vulnerability namespace. As a member of the CVE editorial
board, we are committed to ensuring nCircle's IP360 product continues to support CVE names
and provides customers with an enterprise-class complete lifecycle approach to
vulnerability management. Ultimately, this enables customer to find and eliminate
vulnerabilities before they can be exploited, ensure security policy compliance and
meaningfully measure and manage business risk.
— Tim Keanini, CTO
Quote/Declaration: NetClarity is a strong proponent of the CVE dictionary. The Auditor family of
appliances automatically audit networks and reports those vulnerabilities discovered by our
patent-pending vulnerability assessment engine. With CVE-specific information and
remediation instructions, we enable our customers to better manage their risks, comply with
regulations, and protect their assets.
— Gary S. Miliefsky, CTO, CISSP, NetClarity, Inc.
Quote/Declaration: Netcraft is pleased to be able to offer mappings between its vulnerability scanner and
the CVE dictionary. We see CVE as an important security administration tool, linking our
services to a wider variety of other security devices, services and sources of security
information.
Quote/Declaration: As a leader in security information management, netForensics understands the complexity
of managing and mitigating risks. Because effective security management is based on the
accuracy and timely recognition of an attack, only improved knowledge will enable the
proper response mechanism. With the combination of cross-device correlated events from
netForensics and the detailed information from CVE, security experts are able to understand
the conditions of their enterprise and map threats to exposures. Active support for CVE
will improve the knowledge of the security community and fortify enterprise security
management.
Quote/Declaration: NetIQ sees great value in providing CVE compatibility in our NetIQ Vulnerability
Manager product. Industry standards such as CVE make it easier for customers to make sense
of the constant barrage of security issues, bugs, and vulnerabilities.
| NETpeas, SA |
Date Declared: January 19, 2012 |
Quote/Declaration: COREvidence initiates, correlates, and aggregates different results from multi-engines and APIs vulnerability and malware
scanners providing dashboards and deliverable with relevant CVE information combined with other open standards. This helps
our customers to better understand their findings.
|
Name:
COREvidence
|
|
Type: Cloud-Based, Multi-Engines Vulnerability Management Service
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Planned
|
Last Updated:
January 19, 2012
Quote/Declaration: The SecureScout line of vulnerability assessment solutions, fully supports CVE
references; our speed and ease of use enable users to more efficiently verify CVE
coverage.
| Network Box Corporation Ltd. |
|
Quote/Declaration: Network Box Corporation provides integrated security appliances and a managed security
service for our clients. We have standardized on using the CVE system for all our
vulnerability announcements, and product output. We are in the process of extending our
product to report detected intrusions in CVE format and provide a searchable
database.
— Mark Webb-Johnson, Technical Director, Network Box Corporation
|
Name:
Network Box Web Site
|
|
Type: Vulnerability Database, Security Advisories and Archives
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Planned
|
| Neusoft Corporation |
Date Declared: January 25, 2011 |
Quote/Declaration: NII strongly believes in adding value to its AuditPro suite of security auditing
products. The reports produced by AuditPro and its vulnerability database are now
CVE-compatible. This standardization of vulnerabilities will help users locate, understand
and fix the vulnerabilities in the easiest and fastest way.
Quote/Declaration: NileSOFT is proud to incorporate CVE in our product line. Our main products, Secuguard
SSE (Host based Vulnerability Assessment Tool), Secuguard NSE (Network based Vulnerability
Assessment Tool), mySSE for Web (Online PC Vulnerability Assessment Service), and LogCOPS
(Enterprise Log Analysis and Management System) will continue to maintain the latest
version of CVE.
Quote/Declaration: We have included CVE naming scheme into our patch management framework PatchAgent to
support this initiative aimed at creating a common vulnerabilities naming scheme and give
to our customers the best interoperability with other security tools. Adding the CVE/CAN
codes, Niscent ensures that its customers can gain from a broader information
cross-reference, thus making easier identifying vulnerabilities across different products
and services.
|
Name:
PatchAgent
|
|
Type: Patch Management Tool
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| Novell, Inc. |
Date Declared: July 5, 2010 |
Quote/Declaration: We have found using CVE instrumental both for tracking our security incidents for completeness by using the database, and
also for talking about incidents with our customers in a clear way.
— Marcus Meissner, Engineering Lead SUSE Security Team
| NSFocus Information Technology (Beijing) Co., Ltd. |
|
Quote/Declaration: CVE has made significant efforts to standardize the names for vulnerabilities,
eliminate the potential gap in security coverage and provide easier interoperability among
different security products. NSFocus strives to deliver customers the enhanced security by
series of products with full support for the CVE standard.
| Numara Software, Inc. |
Date Declared: October 18, 2010 |
Quote/Declaration: Numara Asset Management Platform relies on the CVE standardization
method for vulnerability identification in security audit reports
produced by our Vulnerability Management solution. Through CVE names,
Vulnerability Management users can efficiently access worldwide publicly
known vulnerability and security resources. This make it easier to share
data across separate vulnerabilities databases and security tools.
— Haissam Hassan, Sr. Solutions Specialist
| Offensive Security |
Date Declared: November 16, 2010 |
| Open Source Vulnerability Database (OSVDB) |
|
Quote/Declaration: The OSVDB will contain full mapping to CVE entries in order to promote correlation,
correction and discussion between the OSVDB project, CVE and multiple third-party security
products.
Quote/Declaration: OpenService's Security Threat Manager (STM) uses CVE to correlate incoming intrusion
detection system (IDS) signatures and targeted systems-specific vulnerabilities in
real-time. Soon, STM will provide CVE output and searchability.
|
Name:
HIAB
|
|
Type: Plug-and-play appliance for Internal Vulnerability Assessment
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
OUTSCAN
|
|
Type: On-demand service for Perimeter Vulnerability Assessment
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| Packet Storm |
Date Declared: October 20, 2011 |
Quote/Declaration: Packet Storm Security, the Internet's largest free security web site housing tools, exploits, advisories, papers, and more,
includes CVE names.
Quote/Declaration: The CVE tracking standard represents a recognized means by which the multitude of
vulnerabilities within PatchAdvisor's database can be easily cross-referenced and
standardized. We look forward to becoming fully CVE-compatible, adding yet another layer of
intelligence to PatchAdvisor's product offerings.
|
Name:
PatchAdvisor Flash!
|
|
Type: Patch Management Vulnerability Notification Service for Small Businesses
|
|
|
|
CVE Output:
Yes
CVE Searchable:
No - N/A
|
|
Name:
PatchAdvisor Source
|
|
Type: Historical and Current Patch Management Vulnerability Notification Service in XML
Format
|
|
|
|
CVE Output:
Yes
CVE Searchable:
No - N/A
|
| Positive Technologies |
Date Declared: September 30, 2010 |
|
Name:
MaxPatrol
|
|
Type: Vulnerabilities and Compliance Management System
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Use of a standard such as CVE enables security experts and IT managers to
cross-correlate information and references about different threats reported by disparate
security products and solutions - a necessity to understand the real impact of
vulnerabilities and attacks.
|
Name:
EventTracker
|
|
Type: Change and Vulnerability Assessment Tool
|
|
|
|
CVE Output:
Planned
CVE Searchable:
Planned
|
Quote/Declaration: Privacyware's products resolve many of the acute security problems within Microsoft
Windows software which has been achieved by working closely with research groups to
contribute and exchange information obtained through experience. MITRE's CVE Compatibility
Program represents an important core group for industry wide security information and with
CVE Compatibility, Privacyware will continue to build and maintain important security
measures that are extensible with most IT security strategies.
— Ben Campbell, Privacyware
|
Name:
ThreatSentry
|
|
Type: Host-based Intrusion Prevention for Microsoft Web Servers
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Planned
|
Quote/Declaration: As a leading provider of application-layer security solutions, Protegrity is proud to
support the CVE standard. Protegrity will continue to advance the CVE Initiative and
contribute toward the consolidation of the security community.
Quote/Declaration: Qualys is pleased to support MITRE's CVE Initiative of standardizing vulnerability
identification and has incorporated the CVE naming scheme into its QualysGuard Web Services
Architecture.
— Wolfgang Kandek, CTO & Vice President of Engineering
| Radware Ltd. |
Date Declared: December 30, 2010 |
Quote/Declaration: Radware is pleased to participate in CVE Initiative with its DefensePro, intrusion prevention and attack mitigation product.
|
Name:
DefensePro
|
|
Type: Network Intrusion Prevention and Attack Mitigation System
|
|
|
|
CVE Output:
Planned
CVE Searchable:
Planned
|
Quote/Declaration: As a leader in both vulnerability management and penetration testing, Rapid7 appreciates MITRE's efforts to provide unique
CVE Identifiers across both of these areas. This enables our customers to easily reference vulnerabilities and exploits across
systems.
Quote/Declaration: It is often confusing when the same security issues get fixed by different vendors in
different ways with different names and descriptions. We see the CVE Initiative as the way
to solve this problem, giving the community accurate information on which they can base
their security decisions. We are working with MITRE to contribute and validate new entries
as well as publish CVE entries in our security advisories.
— Mark Cox, Senior Director of Engineering
|
Name:
Apache Week Web Server
|
|
Type: Apache Web Server Vulnerability Database
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| RedSeal Systems, Inc. |
Date Declared: April 2, 2010 |
Quote/Declaration: RedSeal Vulnerability Advisor transforms vulnerability scanning into actionable risk management through correlation of multiple
scanning results from a variety of vulnerability assessment scanners through their reported CVEs, combined with the configuration
information from all the network devices - firewalls, routers, load balancers, wireless access points, to identify the specific
vulnerabilities that cause the greatest business risk.
Quote/Declaration: RSA Archer eGRC Solutions are knowledge management system for the collection, management and distribution of critical security
content such as vulnerabilities, technical baselines, control standards and information security policies as they relate to
specific risk that IT assets face within the enterprise. The RSA Archer eGRC Solutions suite strongly supports the CVE standard,
which greatly assists in our integration with other security products and vendors. The CVE mapping enables our clients to
intelligently analyze, cross reference and search vulnerabilities that affect their organization.
| Rsam |
Date Declared: February 7, 2011 |
Quote/Declaration: Rsam's Enterprise GRC platform has integrated CVE throughout all vulnerability management and assessment modules. Since 2005,
customers have utilized Rsam and CVE to declare, search, and reporting on common vulnerabilities, and to harmonize common
vulnerability data across disparate data sources.
| RUS-CERT University of Stuttgart |
|
Quote/Declaration: The announcement service run by RUS-CERT already uses CVE as the reference dictionary
for vulnerability identification for a long time.
— Oliver Goebel
Quote/Declaration: SAINT, WebSAINT, and SAINTbox vulnerability reports and tutorials include relevant CVE
links, providing the user with easy reference to related information and a basis for
determining the extent of each product's capabilities. SAINTmanager vulnerability reports
and tutorials include relevant CVE links, providing the user with easy reference to related
information and a basis for determining the extent of SAINTmanager's capabilities. SAINT,
WebSAINT, and SAINTbox are also CVE searchable with a CVE cross-reference that maps the CVE
entries to the SAINT tutorials, while SAINTmanager is CVE searchable with a CVE
cross-reference that maps the CVE entries to the corresponding SAINTmanager vulnerability
IDs. We will continue to keep all SAINT products updated with the latest CVE numbers as
they become available.
Quote/Declaration: Because of the ever-increasing number of network traffic attacks and vulnerabilities
they exploit, tracking quickly becomes a complex and difficult task across attacks,
subsequent variants, and four geographic continents, and all the languages therein. It is
the intention of Sandvine to use the CVE naming scheme mechanism not only for commonly
identifying the vulnerabilities within our hardware and software but also as a taxonomy to
group the network attacks our systems are intended to prevent.
Quote/Declaration: The SANS GIAC training is CVE-compatible. Student assignments for intrusion detection
and hacker exploits reference CVE. In addition, ID'Net is CVE-compatible.
— Steve Northcutt, Director, SANS Global Incident Analysis Center
|
Name:
SANS GIAC Security Training
|
|
Type: Educational Material
|
|
|
|
CVE Output:
Yes - Yes, Educational/Research Material
CVE Searchable:
Yes - Yes, Educational/Research
Material
|
Quote/Declaration: We are ensuring our users can identify the correct vulnerabilities by using
CVEs.
|
Name:
)pallas(
|
|
Type: Vulnerability Consulting Service
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| SECNAP Network Security Corporation |
|
Quote/Declaration: It it our intention, and commitment to support the MITRE CVE efforts in order to assist
the user community by providing a standard and consistent way to gather and validate
information on security vulnerabilities.
Quote/Declaration: The SecPoint Penetrator Appliance is a unique product that combines, Vulnerability
Assessment, Launching of Real Exploits, Complete Penetration testing and our use of CVE is
a valuable feature for our customers.
|
Name:
SecPoint Penetrator
|
|
Type: Vulnerability Assessment and Penetration Testing Appliance
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Planned
|
| SECUI.COM Corporation |
Date Declared: June 22, 2011 |
Quote/Declaration: With the increasing number of vulnerabilities in various areas, it is worthwhile to define a common vulnerability naming and
enumerating standard such as CVE List. By providing this information to our customers through our product, they can quickly
and accurately identify vulnerabilities. Especially, customers can cross-link the information with other CVE-Compatible products
and services.
Quote/Declaration: Secunia constantly monitors and reviews CVE entries to ensure that these are appropriately and accurately matched with the
verified Secunia Vulnerability Intelligence provided in our Advisories, Secunia PSI, Secunia CSI, Secunia OSI, Secunia VIM,
and on our Web site.
Quote/Declaration: Secure Associates' MindStorm Enterprise Edition and MindStorm MSSP Edition security
information management platforms normalize, correlate, and prioritize security alerts and
logs for effective and efficient security information management in a centralized console.
With our proven product solution and a set of escalation and implementation methodology -
and by incorporating the CVE standard - we enable service providers and enterprise clients
to manage, monitor, analysis, report, and respond to their security infrastructure
proactively at a cost-effective mean.
| Secure Elements, Incorporated |
|
Quote/Declaration: C5 EVM combines vulnerability information from a myriad of sources to provide the most
complete coverage possible for our customers. By relying on CVE, C5 EVM seamlessly
integrates the information, providing our customers the highest level of protection
available.
— Dan Bezilla, CTO
Quote/Declaration: SecureInfo RMS, award-winning certification and accreditation software, is
CVE-compatible. Supporting CVE is an important part of our vision in providing continuous
monitoring capabilities in support of FISMA and our customer's information security
programs.
— Roberto R. Garcia, V.P. Product Engineering
Quote/Declaration: MITRE's CVE standard helps SecureWorks provide our clients with a seamless,
consolidated view of their security and risk environment, and aids our security analysts in
correlating valuable threat information from disparate sources.
|
Name:
Threat Intelligence
|
|
Type: Security Intelligence Service
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Security Database uses the publicly known vulnerabilities identified in the CVE List as
the basis for most of the queries. Security Database's CVE and Compatibility documentation
includes the CVE version number used. All data are relayed in realtime.
Quote/Declaration: Security Horizon, Inc. currently holds a Cooperative Research and Development Agreement
(CRADA) with the National Security Agency (NSA) to teach eligible students in the INFOSEC
Assessment Methodology (IAM) and INFOSEC Evaluation Methodology (IEM) courses. These two
INFOSEC courses are intended to create a standardized baseline of activities that
constitute an NSA approved methodology for measuring the security posture of an
organization. As part of the development and teaching of these courses, our company has the
requirement to ensure that both the courseware and the students understand the value of
using the Common Vulnerability and Exposure naming scheme. In addition, the IEM course
specifically requires the use of CVE names to measure the
actual exposure to organizations with each listed finding. Security Horizon, as a co-author
of the instructional course, also uses these methodologies to perform assessments and
evaluations on its own customer base.
Quote/Declaration: To protect our customers from security problems we implemented CVE in our system,
because we know that CVE is authoritative and dependable source of information about
vulnerabilities and one of the first sites putting information about new vulnerabilities.
SecurityReason realizes the importance of common security identifiers in security
vulnerability advisories. We are pleased to support the CVE Initiative.
Quote/Declaration: SecurityTracker is proud to integrate support for CVE. The SecurityTracker database of
vulnerability alerts now includes CVE numbers.
|
Name:
SecurityTracker
|
|
Type: Vulnerability Alerts
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
CASPER
|
|
Type: Risk Management and Event Monitoring
|
|
|
|
CVE Output:
Planned
CVE Searchable:
Planned
|
| Serkan Ozkan |
Date Declared: October 29, 2010 |
|
Name:
CVEDetails.com
|
|
Type: Vulnerability Database Web Site
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| Shavlik Technologies, LLC |
|
Quote/Declaration: Shavlik is committed to providing the best information possible to our customers. We
include CVE references in our patch database and display this data in our patch management
product. We are now formalizing the presentation of this data by declaring CVE
compatibility.
|
Name:
MSSecure.XML
|
|
Type: Patch Data Repository
|
|
|
|
CVE Output:
Yes
CVE Searchable:
No
|
Quote/Declaration: CVE compatibility ensures that administrators can easily use different security
products in order to find additional information they need.
Quote/Declaration: SIMCommander is a leading developer of solutions to manage, monitor, analyze, report
on, and respond to security information for large enterprises, government institutions, and
service providers. SIMCommander's solution for enterprises is a software platform that
enables any business or organization to visualize and correlate security information in
real-time. Enterprises use SIMCommander technology to lower their day-to-day security
operational costs and at the same time ensure compliance with regulatory requirements such
as Sarbanes-Oxley and ISO-17799.
|
Name:
SIMCommander
|
|
Type: Security Information Management
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Skybox Security supports standards such as CVE that promote interoperability of
security products. Skybox View, our exposure risk management solution, uses CVE names in
its vulnerability dictionary and cross-references these to vulnerabilities imported by all
vulnerability scanners such as Nessus, eEye Retina, ISS Internet Scanner, Qualys, and other
market leaders. By running attack simulations against a virtual model of the network,
Skybox View reveals vulnerabilities, based on CVE names, that are truly critical because
they lie along an attack path to critical business applications. The CVE Initiative allows
security professionals to understand risks and exposures in terms that can be
cross-referenced to other security products - a growing necessity as more and more
solutions automate the risk management process.
Quote/Declaration: CVE provides an excellent mapping between various tools that allows Snort users to
quickly and accurately link together information providedby various other security tools
and informational databases.
— Brian Caswell and Martin Roesch
|
Name:
Snort
|
|
Type: Intrusion Detection System
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Softrun is the leading provider of Patch Management System in Korea and serving patch
management service to hundreds of local corporations. Softrun is pleased to support CVE and
will continue to promote the standardization of vulnerabilities.
| Software in the Public Interest, Inc. |
|
Quote/Declaration: Debian developers understand the need to provide accurate and up-to-date information of
the security status of the Debian distribution, allowing users to manage the risk
associated with new security vulnerabilities. CVE enables us to provide standardized
references that allow users to develop a CVE-enabled security management process.
Quote/Declaration: Sourcefire's intelligent security monitoring solutions provide a fully integrated
security monitoring infrastructure for identifying and protecting against network threats.
Sourcefire is dedicated to providing actionable insight into security threats on a network
and is pleased to support open system standards such as MITRE's CVE.
|
Name:
Sourcefire 3D System
|
|
Type: Enterprise Threat Management Solution
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
ThreatEx
|
|
Type: Vulnerability Assessment Appliance and Database
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: StillSecure is pleased to offer CVE compatibility in VAM, our vulnerability management
system. A common language for tracking security threats is critical to managing the
vulnerability lifecycle. StillSecure products are cost-effective and easy-to-use, and we
will continue to participate in and leverage industry-wide standards such as CVE.
— Mitchell Ashley, CTO and VP Engineering
|
Name:
StillSecure VAM
|
|
Type: Vulnerability Management System
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Our customers like to have their vulnerability information in standard format and from
a reliable source.
|
Name:
StoneGate IPS
|
|
Type: Network Intrusion Protection System
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Sunbelt Software's Network Security Inspector (SNSI) utilizes a top-rated commercial
grade vulnerability database that integrates the CVE standard, which provides
administrators a fast and affordable way to find security holes and address these
vulnerabilities quickly with recommended remediation instructions. SNSI delivers specific
CVE information where available for any vulnerabilities found, while group scans can be
configured for all or specific CVE vulnerabilities based on the administrator's
need.
— Stu Sjouwerman, COO and Founder, Sunbelt Software, Inc.
Quote/Declaration: CVE enhances our security database and helps Syhunt defend our customers from exposure
to vulnerabilities.
|
Name:
Sandcat Pro
|
|
Type: Web Application Security Scanner
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Symantec maintains one of the largest vulnerability databases available today.
Consisting of over 9000 distinct vulnerability records, we have strived to maintain CVE
compliance from the outset of the CVE Initiative.
Symantec fully supports an industry-wide standard for the indexing of vulnerabilities.
Our public web sites (SecurityFocus and SecurityResponse), and our commercial alerting
services (DeepSight Alert Services) fully conform to the CVE requirements. This allows our
customers to search for, and research vulnerabilities and blended threats using this common
nomenclature. Symantec's wide range of security products utilize the industry-leading
vulnerability database and employ trusted, fast and automated response capabilities to
identify threats identified by CVE.
| Syntek Systems Corporation, Inc. |
|
Quote/Declaration: Syntek Systems' security lifecycle management product, enables organizations to
identify relevant information from the masses of configuration, performance, and security
data that must be analyzed, and to finally begin to automate the process of preparedness
and remediation. Syntek's distributed analytics engine takes advantage of CVE to map
correlated data against a centralized database of known vulnerabilities—a
critical step in the process of identifying only the information that is significant and
initiating appropriate remediation processes.
|
Name:
SolventView
|
|
Type: Distributed Platform for Security Event Analysis and Policy Enforcement
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Planned - Planned October 1, 2003
|
Quote/Declaration: TecForte is an ICT Security company focused on developing enterprise-class security
management solutions. Our product provides customizable correlation tools to monitor and
cross-check disparate devices, hence exposing security threats and facilitating
vulnerability management. We are committed to supporting a high-level of security, and are
pleased to promote and support the CVE naming standards.
Quote/Declaration: Xacta IA Manager is a risk/compliance management/measurement software that incorporates
vulnerabilities as part of the overall risk assessment. Because our principle customer is
the Department of Defense, we recognize the importance of being compatible with CVE. We
expect to have the product fully CVE compatible with the release of our 5.0 version of
Xacta IA Manager.
|
Name:
Xacta IA Manager
|
|
Type: Vulnerability Assessment and Remediation
|
|
|
|
CVE Output:
Planned
CVE Searchable:
Planned
|
| Tenable Network Security Inc. |
|
Quote/Declaration: Tenable Network Security utilizes the CVE program to reference each of the vulnerabilities detected by Nessus and the Passive
Vulnerability Scanner. This information is also heavily used through SecurityCenter for reporting, education, IDS event correlation
and linking with third-party security information.
Quote/Declaration: Recognizing the importance of common indexing of known vulnerabilities, ThreatGuard has
included CVE references in ThreatGuard VMS and ThreatGuard Traveler. These references are
seamlessly integrated with the ThreatGuard Navigator client application, reports, and
search engine. As we release new vulnerability tests, it is among ThreatGuard's top
priorities to ensure CVE referencing is included and accurate, extending the efforts of the
CVE initiative.
|
Name:
ThreatGuard On Demand
|
|
Type: Continuous Security Auditing and Compliance Management
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| TippingPoint Technologies |
|
Quote/Declaration: TippingPoint is in the business of simplifying security. We are a strong proponent of
MITRE's CVE standards initiative.
| 
