Organizations Participating
All organizations participating in the Compatibility Program are listed below, including those with CVE-Compatible
Products and Services and those with Declarations
to Be CVE-Compatible.
Organizations are listed alphabetically:
A |
B |
C |
D |
E |
F |
G |
H |
I |
J |
K |
L |
M |
N |
O |
P |
Q |
R |
S |
T |
U |
V |
W |
X |
Y |
Z
| Advanced Research Corporation |
|
Quote/Declaration: SARA provides a monthly updated cross-reference CVE-SARA map that identifies CVE
to SARA test correspondence, link to tutorial, and link to CVE reference data. In
addition, all SARA reports contain relevant CVE names in the tutorials.
Quote/Declaration: AdventNet is pleased to support CVE names in the vulnerability database of the
SecureCentral product line, as part of our commitment to embracing industry
standards.
| ALTX-SOFT |
Date Declared: February 6, 2013 |
|
Name:
Altx-Soft Ovaldb
|
|
Type: OVAL Content Repository
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| Application Security, Inc. |
|
Quote/Declaration: Application Security, Inc. is committed to delivering solutions that are
compatible and interoperable with the IT security environment at large. In the
vulnerability management marketplace, that means speaking CVE. We've kept our SHATTER
knowledgebase, the world's most comprehensive list of database vulnerabilities and
misconfigurations, up-to-date with CVE references since 2004.
— Josh Shaul, CTO
Quote/Declaration: As a pioneer and leading provider of security management solutions for the
enterprise ArcSight actively promotes and supports open systems standards such as
CVE. ArcSight uses cross-device correlation to detect sophisticated multi-source,
multi-target attacks while keying into the correct policies and procedures for
response via the CVE names. It enables security experts and IT managers to
cross-correlate information and references about different threats reported by
disparate security products and solutions — a necessity to understand the
real impact of vulnerabilities and attacks.
Quote/Declaration: Assuria Auditor (formerly ISS System Scanner) was previously certified as ISS
System Scanner. Assuria have enhanced and added functionality and features around CVE
reporting in the product.
| Backbone Security.com, Inc. |
|
Quote/Declaration: We aim to provide our customers with the best information available on how to
protect their infrastructure. By integrating CVE into our product, we are providing
up-to-date vulnerability information that can be used to enable a network
administrator to defend their enterprise data and resources.
|
Name:
24 x 7 Monitoring
|
|
Type: Network Appliance and Managed Service
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
One Stop PCI Scan
|
|
Type: PCI Approved Scanning Service
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| Beijing Leadsec Technology Co., Ltd. |
Date Declared: March 13, 2011 |
| Beijing Netpower Technologies Inc. |
|
Quote/Declaration: Beijing Netpower Technologies Inc. is a leading network security products
producer in China. We assure that Netpower Network Security Assessment System is
fully compatible with CVE standards.
| Beijing Venustech Cybervision Co., Ltd.'s |
|
Quote/Declaration: Beijing Venustech provides users with a series of network security products,
which along with our own independent intellectual property, are compliant with the
international standard, CVE. Beyond products, we deliver our customers life-cycle
services including consulting, design, implementation, maintenance, and
training.
— Helen Wang
Quote/Declaration: Beyond Security Ltd.'s Automated Scanning provides users with a complete picture
of the security of their organization by leveraging the huge SecuriTeam.com
knowledgebase. As such, we see high importance for the CVE naming scheme, which
provides a global independent reference for known security vulnerabilities.
Quote/Declaration: BigFix enables organizations to better manage their global IT infrastructures
with solutions to discover, analyze, change, and maintain security and software
configurations faster and more accurately, resulting in improved processes, greater
visibility, better security and more reliable services while reducing costs. BigFix
supports the adoption of open standards such as CVE as an important part of reducing
IT security risk and improving policy and regulatory compliance. BigFix Enterprise
Suite presents discovered vulnerabilities with the associated CVE name enabling
customers to quickly assess, prioritize, and immediately remediate security
risks.
| Black Box Corporation |
Date Declared: March 29, 2010 |
Quote/Declaration: As a global leader in data, voice and enterprise security solutions, Black Box
Corporation (BBOX) fully supports the MITRE CVE® standard. We are pleased to
deploy our award winning CVE-compatible Veri-NAC appliances into the market with a
faster, less invasive vulnerability scanning system with direct links into the
National Vulnerability Database (NVD) for a deeper understanding of common
vulnerabilities and exposures as well as faster remediation.
| Blue Lane Technologies Inc. |
|
Quote/Declaration: The Common Vulnerabilities and Exposures standard is very valuable to the
industry and Blue Lane Technologies. It provides a common way to cross reference the
vulnerabilities, patches and exploits that users and vendors must deal with. Blue
Lane pursued CVE compatibility so our customers could benefit from the operational
ease of use that comes with having a common reference list.
| BroadWeb Corporation, Ltd. |
Date Declared: July 10, 2012 |
|
Name:
EnforcerX
|
|
Type: Intrusion and Prevention Systems (IPS)
|
|
|
|
CVE Output:
Planned
CVE Searchable:
Planned
|
|
Name:
NetKeeper
|
|
Type: Gigabit-level Multi-port Intrusion and Prevention Systems (IPS)
|
|
|
|
CVE Output:
Planned
CVE Searchable:
Planned
|
Quote/Declaration: As a respected member of the MITRE CVE Editorial Board and a global leader in
security, Computer Associates International, Inc (CA) is fully committed to
supporting the MITRE CVE Initiative. With the increasing number of vulnerabilities,
CA recognizes the need and the importance for a common vulnerability naming and
enumerating standard. CA Threat Research Team leverages the CVE List by correlating
our vulnerability database with the MITRE CVE List. By providing this information to
our customers through our Threat Management products — eTrust Vulnerability
Manager, and eTrust Policy Compliance, users can quickly and accurately identify a
common vulnerability name and number, and in addition cross-reference this
information with other sources and products that are CVE-compatible.
Quote/Declaration: Catbird V-Security is a comprehensive security and compliance solution for
virtual and physical infrastructures, delivering best-practice security for
Hypervisor, Guest VMs and Policy/Regulatory Compliance. Cross-indexing the CVE in
reports we present to our partners and customers assists them in building effective
security programs.
Quote/Declaration: Cenzic is pleased to integrate CVE information with our Hailstorm application
security assessment product. Customers benefit from a widely supported standard while
taking advantage of the leading application security assessment product.
|
Name:
Cenzic ClickToSecure
|
|
Type: Application Security Assessment Service
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Planned
|
Quote/Declaration: CVE is the key to vulnerability database compatibility. The CERIAS Cooperative
Vulnerability Database and the Cassandra tool currently provide CVE Output and are
also CVE Searchable. The CERIAS ESP is entirely based on CVE. The CIRDB (CERIAS
Incident Response Database) already provides CVE output. The growing importance and
recognition of CVE requires the CIRDB to be searchable and fully CVE-compatible,
which we will do for the release currently under development.
— Pascal Meunier, Assistant Research Scientist, CERIAS
|
Name:
Cassandra
|
|
Type: Profiled Search Tool of Vulnerability Database
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: We will begin directly contributing new CVE entries, as well as using existing
CVE entries to annotate our published advisories.
— (Bill Fithen, Sep 29, 1999 press conference)
Quote/Declaration: Cert-IST offers its partners and clients a Security Advisory and Alert service,
both in French and English. Cert-IST offers also a vulnerability database, accessible
through Web interface, created in September 97, and maintained by a dedicated team.
Cert-IST uses CVE in its advisory database, with the objective to improve the
information and knowledge level in the security community.
| Check Point Software Technologies, Ltd. |
|
Quote/Declaration: Check Point is pleased to participate in the CVE Compatibility program, which
will benefit the worldwide computing community by providing a common terminology for
tracking security threats and make discourse among all community members (users,
vendors, service providers, and others) more intelligible and productive.
|
Name:
Check Point IPS-1
|
|
Type: Intrusion Detection and Prevention
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| China National Computer Software & Technology Service Corporation
(CSS)
|
|
Quote/Declaration: China National Computer Software & Technology Service Corporation (CSS) is a
leading company in the field of software development in the People's Republic of
China. We believe it is important for our security solution to be fully compatible
with the Common Vulnerabilities and Exposures (CVE) standard.
— Ph. D. Dongping Ma, Chief of Information Security Lab of CSS
Quote/Declaration: Cisco sees CVE as an important step in the collaborative efforts of the
vulnerability science community. It is a tool that allows our security research and
product development teams to focus on adding value for our customers. Cisco will
incorporate the CVE dictionary into its products.
— Andrew Balinsky, Cisco Secure Encyclopedia Project Manager
| Clear North Technologies, Inc. |
|
Quote/Declaration: The objective of the Clear North Technologies penetration study is to identify
and report vulnerabilities in the client's perimeter network which may provide
attackers with an opportunity to gain unauthorized access to private computer systems
and networks. In performing the penetration study, Clear North Technologies will
employ techniques and tools similar to those used by external threats with the
intention of compromising perimeter network safeguards in an effort to gain access to
the client's private computer systems and networks.
|
Name:
Attack Tool Kit (ATK)
|
|
Type: Security Auditing and Penetration Testing
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| Computer Security Laboratory, Dept. of Computer Science, UC Davis |
|
Quote/Declaration: We will put the CVE names into this database in order to provide a cross
reference to that enumeration.
— Matt Bishop
|
Name:
DOVES
|
|
Type: Vulnerability Database
|
|
|
|
CVE Output:
Planned
CVE Searchable:
Planned
|
| Core Security Technologies |
|
Quote/Declaration: As the provider of CORE IMPACT, the industry's first automated penetration
testing product, Core Security Technologies is pleased to support the CVE standard.
CVE provides a critical common language for naming vulnerabilities and allows us to
not only link exploits to vulnerabilities within IMPACT, but also to provide
interoperability with vulnerability scanners, intrusion detection and remediation
products and other risk assesment and management solutions.
— Ivan Arce, CTO, Core Security Technologies
|
Name:
CORE IMPACT
|
|
Type: Automated Penetration Testing
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: CounterSnipe aims to ensure that our customers' networks are provided with
maximum protection and we believe that it is absolutely critical to at least guard
against known and published vulnerabilities. There is no better way than ensuring CVE
compatibility.
|
Name:
Countersnipe
|
|
Type: Knowledge based Intrusion Prevention Systems
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Critical Watch supports MITRE's CVE program for standardizing a naming scheme for
vulnerabilities. Incorporating CVE names into our enterprise vulnerability management
solution enables our customers to act swiftly and confidently to collapse windows of
exposure.
— Nelson Bunker Chief Security Officer
Quote/Declaration: Cubico Solutions is honored to leverage off the power of the CVE standard and
will continue to support CVE throughout its product offerings.
|
Name:
Foresight
|
|
Type: Continuous Risk Analysis Solution
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| CXSecurity |
Date Declared: January 3, 2012 |
Quote/Declaration: DBAPPSecurity focuses on web application security and database security. It
provides web vulnerability scanner (MatriXay), web application firewall, database
scanner, database auditor, log auditor, web monitor and professional security
services for information security and risk management, which compliance with many
kinds of laws and regulations.
|
Name:
Database Auditor
|
|
Type: Database Auditing
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| DragonSoft Security Associates, Inc. |
|
Quote/Declaration: DragonSoft Security Associates, Inc. believes that CVE provides the correct
direction to a uniform and consistent representation of vulnerabilities and exposures
information. As a company which research and design vulnerabilities and exposures
detecting software, we are very desirous to providing CVE compatible product to our
customers that researches and designs software for detecting vulnerabilities and
exposures, we believe it is important to provide CVE-compatible products to our
customers.
Quote/Declaration: e-Project believes that those wishing to contribute to improving information
security should collaborate with the MITRE Corporation to support the CVE standard.
e-Project has made its Scan-edge vulnerability assessment and remediation service
CVE-compatible so our customers will have the best information available. We will
contribute to this effort in every way possible and continue to support CVE on an
ongoing basis.
|
Name:
Scan-edge
|
|
Type: Vulnerability Assessment and Remediation Service
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: E-Soft is pleased to support MITRE's standardization of vulnerability
identification in our security auditing services. The adoption of CVE as an
industry-wide standard benefits the users of security products and services by
providing a single, consistent way of identifying vulnerabilities across different
products and services.
Quote/Declaration: As a leader and innovation in the security industry, Easy Solutions, Inc. is
pleased to announce compatibility with the CVE Initiative
— Ricardo E. Villadiego, Regional Director, Americas, Easy Solutions,
Inc.
Quote/Declaration: Edgeos' services fully support and implement CVE.
Quote/Declaration: eEye Digital Security is an innovative leader in vulnerability and security
research, providing security solutions that help businesses and users protect their
systems and intellectual property from compromise. eEye enables secure computing
through world-renowned research and innovative technology, supplying the world's
largest businesses with an integrated and research-driven vulnerability assessment,
intrusion prevention, and client security solution. eEye is pleased to support the
CVE Initiative and will continue to promote the standardization of the CVE naming
convention and vulnerability identification.
Quote/Declaration: Emaze, which offers proactive security solutions to help large organizations
handle security risks as well as to fulfill compliance and conformity requirements,
is pleased to support the CVE initiative.
— Rodolfo G. Rosini, CEO
Quote/Declaration: Many of Dragon's IDS signatures already have CVE tags. Our vulnerability
signatures will also have CVE tags. Dragon uses these tags to link users directly to
the CVE Web site which allows them to get concise and updated vulnerability
information.
— Ron Gula, Vice President of Intrusion Detection Systems,
Enterasys
|
Name:
Enterasys Dragon
|
|
Type: Packet Based Intrusion Detection System
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Planned
|
| esCERT-UPC: The UPC University Computer Emergency Response Team |
|
Quote/Declaration: At esCERT, we have adapted all our procedures and services to CVE notation since
we consider that it is the best way to handle and distribute vulnerability
information in a complete and reliable way.
|
Name:
ALTAIR
|
|
Type: Vulnerability Database and Vulnerability Alerts
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| Fortinet, Inc. |
Date Declared: April 5, 2011 |
Quote/Declaration: Fortinet has been an established security vendor for some time, and regularly
discovers third-party security vulnerabilities for which we request CVE Identifiers
from MITRE. We also monitor the security space, develop IPS signatures, and
map/reference the CVEs for all of these in our advisories and encyclopedia.
| FuJian RongJi Software Company, Ltd |
|
Quote/Declaration: FuJian RongJi Software Company, Ltd., in association with the Institute of High
Energy Physics, the Chinese Academy of Sciences, has developed the RJ-iTop Network
Vulnerability Scanner System, which provides CVE Output and is CVE Searchable. In
addition, its database is fully searchable by keyword or CVE name. We have made our
product compatible with CVE so that administrators can easily differentiate which is
the best product for them among the different security products.
— C. Shanmao Lin, RongJi Enterprise
Quote/Declaration: Gamasec's GamaScan Web application Scanner is an automated security service that
searches for software vulnerabilities within Web applications and validates any
potential security breaches and risks against a continually updated service database.
By incorporating CVE Identifiers into GamaScan, we are providing our customers with
the ability to enhance their vulnerability handling processes and further leverage
their vulnerability scanners to verify that updates and fixes have been
applied.
|
Name:
GamaScan
|
|
Type: Web Site Vulnerability-Assessment Service
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: The Gentoo Linux Security Project actively supports the CVE Initiative by
referencing corresponding CVE entries in all of our security advisories where
appropriate.
Quote/Declaration: GFI recognizes the importance of standards in a field which is encountering even
bigger challenges, variation of attacks and abuses of IT systems. While searching for
a standard which will allow us to adhere to as well as encourage our customers to
refer to vulnerabilities in a particular format, we found a perfect synergy between
our technology and CVE. We believe that such integration will provide a common ground
for our customers and security administrators out there to share and unify
experiences against these ever increasing threats.
Quote/Declaration: Globant is pleased to support MITRE's initiative of standardizing vulnerability
identification in our managed security services. The adoption of MITRE's CVE standard
benefits users, community and vendors by providing a consistent and single way of
identifying vulnerabilities across different products.
| Grupo S21sec Gestion S.A. (S21sec) |
|
|
Name:
Vulnera
|
|
Type: Daily Vulnerability Mail Service Based on a Daily Updated Database
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| H3C Technologies Co., Limited |
|
Quote/Declaration: H3C Technologies Co., Limited has made our IPS product compatible with CVE for
the benefit of our customers and to support industry standards.
| Hangzhou DPtech Technologies Co., Ltd. |
Date Declared: March 23, 2011 |
Quote/Declaration: Hangzhou DPtech Technologies Co., Ltd. is pleased to support MITRE on the CVE
effort to standardize vulnerability identification not only for the security
industry, but for our customers. DPtech IPS2000, our network-based intrusion
prevention system, and DPtech Scanner1000, our network and application vulnerability
assessment scanner, have incorporated CVE names to provide the most valuable
information for our customers.
Quote/Declaration: By integrating CVE into our security assessment and management products we enable
our customers to promptly and effectively track and respond to security
vulnerabilities.
|
Name:
HP EnterpriseView
|
|
Type: Risk Management
|
|
|
|
CVE Documentation:
Yes
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
HP Live Network Service
|
|
Type: Internet Community Portal and Subscription Service
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Last Updated:
December 3, 2012
| High-Tech Bridge SA |
Date Declared: June 19, 2012 |
Quote/Declaration: At High-Tech Bridge we strongly believe that each vulnerability should have a CVE
Identifier; this simplifies standardization and information exchange among security
companies, researchers, and vendors.
| Huawei Technologies Co., Ltd. |
Date Declared: July 11, 2012 |
Quote/Declaration: CVE compliance as a high priority requirement throughout Huawei security
product/service development process helps our customers to easily get broader
vulnerability/exploit information.
Last Updated:
December 17, 2012
Quote/Declaration: IBM actively promotes, supports, and contributes to the emerging open systems
standards such as CVE that enable technology management software such as IBM Tivoli
Risk Manager and IBM Tivoli Security Operations Manager, intrusion detection,
vulnerability assessment, and security management components to inter-operate and
share management information. We know that open system standards are a critical step
in this direction. We support CVE as the first and the most complete naming
convention for vulnerability mapping in the industry and we are committed to using
CVE within our product in a tightly integrated fashion.
| IBM Internet Security Systems |
|
Quote/Declaration: The CVE naming standard developed by MITRE represents a significant leap forward
for the information security industry and end user community. As a technology pioneer
and leading provider of security management software and services, IBM Internet
Security Systems is pleased to be a part of this important initiative as we move
toward a standard that is crucial to the effective protection of every organization's
critical digital assets.
— Christopher Klaus, Founder and Chief Technology Officer
| Information Risk Management Plc |
|
Quote/Declaration: IRM ensures that clients acquire and maintain the core elements of information
security by providing product-independent, expert, and impartial consulting services
to organisations wishing to examine and improve the security of their information
assets. It is essential that open and standardised vulnerability descriptions and
metrics integrate into IRM's methodology and output so that clients may be assured of
a common reference to findings and recommendations. CVE provides such a mechanism and
is vital in providing meaningful security threat results.
| Information-technology Promotion Agency, Japan (IPA) |
|
Quote/Declaration: IPA is proud to incorporate CVE in our product line. Our main product, JVN iPedia
is a vulnerability database that stores summary and countermeasure information on
domestic and overseas software products used in Japan. JVN iPedia is equipped with
search functions (Keyword, Product, CVSS, CVE, etc.) and RSS feeds, which provides
the accumulated data in a comprehensive manner.
Last Updated:
May 3, 2013
| InfoSec Technologies Co., Ltd. |
|
Quote/Declaration: CVE compatibility is an important feature of AppSentry that provides a
standardized cross-reference of included vulnerabilities. Inclusion of CVE names in
policies and reports allows AppSentry users to quickly and accurately locate critical
vulnerability information and to correlate findings with other security
tools.
|
Name:
AppSentry
|
|
Type: Vulnerability Assessment Tool
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Intellitactics is pleased to partner with MITRE on the CVE Compatibility program.
As a leader in the enterprise security management software technology, we believe
that the CVE standardization of multi-vendor security exploits information will
greatly benefit our customers. Our current product offering leverages CVE to offer
intelligent correlation and threat and incident management solutions and our future
offerings will continue to leverage the widely accepted CVE standard.
— Paul MacGyver Carman, Technical Product Manager
Quote/Declaration: Inzen appreciates the efforts of the CVE Initiative and supports CVE by making
its products comply with the CVE requirements. Inzen's integrated security solutions
will be CVE-compatible. Inzen's solutions include NeoWatcher@ESM (network-based IDS),
NeoGuard@ESM and NeoGuard@ESM for NT (host-based IDSes), and NeoScanner@ESM for
System and NeoScanner@ESM for Network (vulnerability assessment tools). In addition,
Inzen supplies interoperability services, integrated with solutions for other
security areas.
— ByungChan Kwak
|
Name:
NeoGuard@ESM
|
|
Type: Host-Based Intrusion Detection System
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
NeoWatcher@ESM
|
|
Type: Network-Based Intrusion Detection System
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
SecuPlat ESM
|
|
Type: Vulnerability Assessment Management Platform
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| iPolicy Networks (Security Product Division Of Tech Mahindra Ltd.) |
|
Quote/Declaration: iPolicy Networks delivers an advanced and comprehensive network security solution
for protecting enterprise, carrier and service-provider networks. The intrusion
detection and prevention function in the iPolicy Intrusion Prevention Firewalls
analyzes network traffics for known vulnerabilities and malware signatures. We
strongly support CVE compatibility in our products. It not only ensure for us that we
cover entire spectrum of vulnerabilities, it also gives opportunity to our customers
to cross reference and verify the effectiveness of the solution provided to them by
our products.
| Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) and
Information-technology Promotion Agency, Japan (IPA)
|
|
Quote/Declaration: Under the Information Security Early Warning Partnership in Japan, IPA receives
private vulnerability reports and JPCERT/CC coordinates with developers to prepare
patches or remedies. JVN provides infomation such as solution, vulnerability analysis
by JPCERT/CC, and vender notes. JVN contains CVE information as well as vulnerability
attribute information.
|
Name:
Cypollo-H
|
|
Type: Host-Based Intrusion Detection System
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
Cypollo-N
|
|
Type: Network-Based Intrusion Detection System
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: As an advocate of initiatives that improve customers' understanding of network
security, Juniper believes the CVE standardized list of vulnerabilities and exposures
is a significant step towards eradicating the confusion caused by disparate security
information. Juniper has incorporated CVE into its intrusion detection and prevention
system to help customers understand incidents so that they can quickly respond and
effectively protect their networks.
Quote/Declaration: KDware's Incident MiND is an incident management solution that supports
cross-correlation from multi-vendor products with centralized security logging and
incident management. Incident MiND uses CVE as an important means for normalizing
events across a variety of security devices and supports security experts and IT
managers in cross-correlating information and references about different threats
reported by disparate security products and solutions.
|
Name:
Incident MiND
|
|
Type: Incident Management Tool
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Planned
|
Quote/Declaration: Kingnet Security plays a leading role in network security industry in China. We
want our KIDS intrusion detection system to be compatible to the CVE standard so as
to bring as much value to our customers as possible.
Quote/Declaration: LANDesk Security and Patch manager supports the CVE naming standard, it's a
simple and practical way to ensure that a vulnerability definition means the same
thing to different people.
| Legendsec Technology Co. Ltd |
|
Quote/Declaration: For the benefit of our customers, we believe it is important to be fully
compatible with the international CVE standard.
Quote/Declaration: The CSI service of laboratory LEXSI gathers applications and services offering a
coherent and complete IT security watch solution to its subscribers. At the core of
the CSI, ten experts supervise new security failures, carry out integrity tests,
provide manual avoidance solutions, reference and enrich the Vulnerabilities
Database. Compatibility between referred vulnerabilities and CVE dictionary provides
to our subscribers and partners full interworking of our watch system with all third
party products and services.
Le service CSI du laboratoire LEXSI regroupe un ensemble d'applications et de
services à même d'offrir à ses abonnés une
solution cohérente et complète de veille en
sécurité informatique. Au coeur du CSI, une dizaine d'experts
surveille l'apparition de failles de sécurité, effectue des
tests d'intégrité, élabore des solutions de
contournement, référence et enrichit la Base de
Vulnérabilités. La compatibilité entre les
vulnérabilités référencées et
le dictionnaire CVE offre à nos abonnés et partenaires
l'interopérabilité totale de notre système de veille
avec l'ensemble des services et produits tiers.
Quote/Declaration: Lumension Security (formerly PatchLink Corporation) is in the vulnerability
management business and as such fully recognizes the value of using CVE names. All of
our patches have CVE codes in them.
|
Name:
PatchLink Update
|
|
Type: Enterprise-Wide Patch Management and Vulnerability Remediation
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Mandriva recognizes the importance of a vendor-neutral list of vulnerabilities
that can be cross-referenced by anyone; this is especially important in the growing
number of mixed networks, and allows individuals to cross-reference vulnerabilities
with ease. All Mandriva advisories will now contain CVE names to provide this service
to our users.
|
Name:
Mandriva Advisories
|
|
Type: Linux Operating System Security Advisory Web Site
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Because of today's ever changing threats, and vulnerability data a consent must
be had to properly identify each. In the malicious code area these naming conventions
exist and are very beneficial. The MITRE CVE program provides a naming standard that
can be relied on when there is confusion or no standards agreed upon providing a
method by which system administrators and other users can search the Internet to get
the information on the same vulnerability via various sources.
— Carl Banzhof - Vice President and Chief Technology Evangelist,
McAfee
|
Name:
McAfee Secure
|
|
Type: Security Auditing and Certification
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: OVAL provides a common language for security experts to discuss the technical
details of how to check for the presence of vulnerabilities and configuration issues
on local systems. The results of the discussions are collaboratively developed XML
vulnerability, patch, and compliance definitions that are based on a common OVAL
Schema and perform the checks. CVE names are used as the basis for all OVAL
vulnerability definitions currently collected on the OVAL Web site. For each CVE
name, there are one or more OVAL vulnerability definitions that measure the presence
of that vulnerability on an end system. OVAL vulnerability definitions on the OVAL
Web site can be searched by CVE name, and vulnerability definitions called up for
review include CVE names.
— Pete Tasker, Executive Director, Security and Info Operations
Division
Quote/Declaration: N-Stalker, Inc. is pleased to support MITRE on the CVE Initiative to standardize
vulnerability identification. It's a simple and practical way to ensure that a
vulnerability definition means the same thing to different people.
|
Name:
N-Stalker QA Edition
|
|
Type: Vulnerability Assessment Tool
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Planned
|
| National Institute of Standards and Technology |
|
Quote/Declaration: The National Vulnerability Database contains all CVE information as well as
vulnerability attribute information (e.g. vulnerable version numbers), direct access
to U.S. government vulnerability resources, and annotated links to industry
resources. The underlying data in the database is provided license free via an XML
feed.
| nCircle Network Security, Inc. |
|
Quote/Declaration: nCircle actively supports standardization efforts in the security market,
including the CVE's common lexicon for the vulnerability namespace. As a member of
the CVE editorial board, we are committed to ensuring nCircle's IP360 product
continues to support CVE names and provides customers with an enterprise-class
complete lifecycle approach to vulnerability management. Ultimately, this enables
customer to find and eliminate vulnerabilities before they can be exploited, ensure
security policy compliance and meaningfully measure and manage business risk.
— Tim Keanini, CTO
Quote/Declaration: NetClarity is a strong proponent of the CVE dictionary. The Auditor family of
appliances automatically audit networks and reports those vulnerabilities discovered
by our patent-pending vulnerability assessment engine. With CVE-specific information
and remediation instructions, we enable our customers to better manage their risks,
comply with regulations, and protect their assets.
— Gary S. Miliefsky, CTO, CISSP, NetClarity, Inc.
Quote/Declaration: Netcraft is pleased to be able to offer mappings between its vulnerability
scanner and the CVE dictionary. We see CVE as an important security administration
tool, linking our services to a wider variety of other security devices, services and
sources of security information.
| NetentSec Inc |
Date Declared: February 5, 2013 |
Last Updated:
February 14, 2013
Quote/Declaration: As a leader in security information management, netForensics understands the
complexity of managing and mitigating risks. Because effective security management is
based on the accuracy and timely recognition of an attack, only improved knowledge
will enable the proper response mechanism. With the combination of cross-device
correlated events from netForensics and the detailed information from CVE, security
experts are able to understand the conditions of their enterprise and map threats to
exposures. Active support for CVE will improve the knowledge of the security
community and fortify enterprise security management.
Quote/Declaration: NetIQ sees great value in providing CVE compatibility in our NetIQ Vulnerability
Manager product. Industry standards such as CVE make it easier for customers to make
sense of the constant barrage of security issues, bugs, and vulnerabilities.
| NETpeas, SA |
Date Declared: January 19, 2012 |
Quote/Declaration: COREvidence initiates, correlates, and aggregates different results from
multi-engines and APIs vulnerability and malware scanners providing dashboards and
deliverable with relevant CVE information combined with other open standards. This
helps our customers to better understand their findings.
|
Name:
COREvidence
|
|
Type: Cloud-Based, Multi-Engines Vulnerability Management Service
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Planned
|
Quote/Declaration: The SecureScout line of vulnerability assessment solutions, fully supports CVE
references; our speed and ease of use enable users to more efficiently verify CVE
coverage.
| Network Box Corporation Ltd. |
|
Quote/Declaration: Network Box Corporation provides integrated security appliances and a managed
security service for our clients. We have standardized on using the CVE system for
all our vulnerability announcements, and product output. We are in the process of
extending our product to report detected intrusions in CVE format and provide a
searchable database.
— Mark Webb-Johnson, Technical Director, Network Box
Corporation
|
Name:
Network Box Web Site
|
|
Type: Vulnerability Database, Security Advisories and Archives
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Planned
|
| Neusoft Corporation |
Date Declared: January 25, 2011 |
| NGSSecure, a Division of NCC Group UK PLC |
Date Declared: February 6, 2012 |
Quote/Declaration: Since its inception in 2001, NGSSoftware has always made great strides to ensure
its software is compatible with the CVE initiative.
|
Name:
NGS Auditor
|
|
Type: Enterprise Class Vulnerability Management Software Product
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
NGS DominoScan II
|
|
Type: Standalone Vulnerability Assessment Software Product
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
NGS OraScan
|
|
Type: Standalone Vulnerability Assessment Software Product
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
NGS SQuirreL for DB2
|
|
Type: Standalone Vulnerability Assessment Software Product
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
NGS SQuirreL for Informix
|
|
Type: Standalone Vulnerability Assessment Software Product
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
NGS SQuirreL for MySQL
|
|
Type: Standalone Vulnerability Assessment Software Product
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
NGS Typhon III
|
|
Type: Standalone Vulnerability Assessment Software Product
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Last Updated:
November 28, 2012
Quote/Declaration: NII strongly believes in adding value to its AuditPro suite of security auditing
products. The reports produced by AuditPro and its vulnerability database are now
CVE-compatible. This standardization of vulnerabilities will help users locate,
understand and fix the vulnerabilities in the easiest and fastest way.
Quote/Declaration: NileSOFT is proud to incorporate CVE in our product line. Our main products,
Secuguard SSE (Host based Vulnerability Assessment Tool), Secuguard NSE (Network
based Vulnerability Assessment Tool), mySSE for Web (Online PC Vulnerability
Assessment Service), and LogCOPS (Enterprise Log Analysis and Management System) will
continue to maintain the latest version of CVE.
Quote/Declaration: We have included CVE naming scheme into our patch management framework PatchAgent
to support this initiative aimed at creating a common vulnerabilities naming scheme
and give to our customers the best interoperability with other security tools. Adding
the CVE/CAN codes, Niscent ensures that its customers can gain from a broader
information cross-reference, thus making easier identifying vulnerabilities across
different products and services.
|
Name:
PatchAgent
|
|
Type: Patch Management Tool
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| Novell, Inc. |
Date Declared: July 5, 2010 |
Quote/Declaration: We have found using CVE instrumental both for tracking our security incidents for
completeness by using the database, and also for talking about incidents with our
customers in a clear way.
— Marcus Meissner, Engineering Lead SUSE Security Team
| NSFocus Information Technology (Beijing) Co., Ltd. |
|
Quote/Declaration: CVE has made significant efforts to standardize the names for vulnerabilities,
eliminate the potential gap in security coverage and provide easier interoperability
among different security products. NSFocus strives to deliver customers the enhanced
security by series of products with full support for the CVE standard.
| Numara Software, Inc. |
Date Declared: October 18, 2010 |
Quote/Declaration: Numara Asset Management Platform relies on the CVE standardization method for
vulnerability identification in security audit reports produced by our Vulnerability
Management solution. Through CVE names, Vulnerability Management users can
efficiently access worldwide publicly known vulnerability and security resources.
This make it easier to share data across separate vulnerabilities databases and
security tools.
— Haissam Hassan, Sr. Solutions Specialist
| Offensive Security |
Date Declared: November 16, 2010 |
| Open Source Vulnerability Database (OSVDB) |
|
Quote/Declaration: The OSVDB will contain full mapping to CVE entries in order to promote
correlation, correction and discussion between the OSVDB project, CVE and multiple
third-party security products.
Quote/Declaration: OpenService's Security Threat Manager (STM) uses CVE to correlate incoming
intrusion detection system (IDS) signatures and targeted systems-specific
vulnerabilities in real-time. Soon, STM will provide CVE output and
searchability.
| Opzoon Technology Co., Ltd. |
Date Declared: December 11, 2012 |
|
Name:
Application Firewall
|
|
Type: Commercial Application Firewall
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
Security Gateway
|
|
Type: Commercial Security Gateway
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Last Updated:
December 11, 2012
|
Name:
HIAB
|
|
Type: Plug-and-play appliance for Internal Vulnerability Assessment
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
OUTSCAN
|
|
Type: On-demand service for Perimeter Vulnerability Assessment
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| Packet Storm |
Date Declared: October 20, 2011 |
Quote/Declaration: Packet Storm Security, the Internet's largest free security web site housing
tools, exploits, advisories, papers, and more, includes CVE names.
Quote/Declaration: The CVE tracking standard represents a recognized means by which the multitude of
vulnerabilities within PatchAdvisor's database can be easily cross-referenced and
standardized. We look forward to becoming fully CVE-compatible, adding yet another
layer of intelligence to PatchAdvisor's product offerings.
|
Name:
PatchAdvisor Flash!
|
|
Type: Patch Management Vulnerability Notification Service for Small
Businesses
|
|
|
|
CVE Output:
Yes
CVE Searchable:
No
|
|
Name:
PatchAdvisor Source
|
|
Type: Historical and Current Patch Management Vulnerability Notification Service
in XML Format
|
|
|
|
CVE Output:
Yes
CVE Searchable:
No
|
| Positive Technologies CJSC |
Date Declared: September 30, 2010 |
Quote/Declaration: Use of a standard such as CVE enables security experts and IT managers to
cross-correlate information and references about different threats reported by
disparate security products and solutions - a necessity to understand the real impact
of vulnerabilities and attacks.
|
Name:
EventTracker
|
|
Type: Change and Vulnerability Assessment Tool
|
|
|
|
CVE Output:
Planned
CVE Searchable:
Planned
|
Quote/Declaration: Privacyware's products resolve many of the acute security problems within
Microsoft Windows software which has been achieved by working closely with research
groups to contribute and exchange information obtained through experience. MITRE's
CVE Compatibility Program represents an important core group for industry wide
security information and with CVE Compatibility, Privacyware will continue to build
and maintain important security measures that are extensible with most IT security
strategies.
— Ben Campbell, Privacyware
|
Name:
ThreatSentry
|
|
Type: Host-based Intrusion Prevention for Microsoft Web Servers
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Planned
|
Quote/Declaration: As a leading provider of application-layer security solutions, Protegrity is
proud to support the CVE standard. Protegrity will continue to advance the CVE
Initiative and contribute toward the consolidation of the security community.
Quote/Declaration: Qualys is pleased to support MITRE's CVE Initiative of standardizing
vulnerability identification and has incorporated the CVE naming scheme into its
QualysGuard Web Services Architecture.
— Wolfgang Kandek, CTO & Vice President of Engineering
| Radware Ltd. |
Date Declared: December 30, 2010 |
Quote/Declaration: Radware is pleased to participate in CVE Initiative with its DefensePro,
intrusion prevention and attack mitigation product.
|
Name:
DefensePro
|
|
Type: Network Intrusion Prevention and Attack Mitigation System
|
|
|
|
CVE Output:
Planned
CVE Searchable:
Planned
|
Quote/Declaration: As a leader in both vulnerability management and penetration testing, Rapid7
appreciates MITRE's efforts to provide unique CVE Identifiers across both of these
areas. This enables our customers to easily reference vulnerabilities and exploits
across systems.
Quote/Declaration: It is often confusing when the same security issues get fixed by different
vendors in different ways with different names and descriptions. We see the CVE
Initiative as the way to solve this problem, giving the community accurate
information on which they can base their security decisions. We are working with
MITRE to contribute and validate new entries as well as publish CVE entries in our
security advisories.
— Mark Cox, Senior Director of Engineering
|
Name:
Apache Week Web Server
|
|
Type: Apache Web Server Vulnerability Database
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Last Updated:
October 24, 2012
| RedSeal Systems, Inc. |
Date Declared: April 2, 2010 |
Quote/Declaration: RedSeal Vulnerability Advisor transforms vulnerability scanning into actionable
risk management through correlation of multiple scanning results from a variety of
vulnerability assessment scanners through their reported CVEs, combined with the
configuration information from all the network devices - firewalls, routers, load
balancers, wireless access points, to identify the specific vulnerabilities that
cause the greatest business risk.
Quote/Declaration: RSA Archer eGRC Solutions are knowledge management system for the collection,
management and distribution of critical security content such as vulnerabilities,
technical baselines, control standards and information security policies as they
relate to specific risk that IT assets face within the enterprise. The RSA Archer
eGRC Solutions suite strongly supports the CVE standard, which greatly assists in our
integration with other security products and vendors. The CVE mapping enables our
clients to intelligently analyze, cross reference and search vulnerabilities that
affect their organization.
| Rsam |
Date Declared: February 7, 2011 |
Quote/Declaration: Rsam's Enterprise GRC platform has integrated CVE throughout all vulnerability
management and assessment modules. Since 2005, customers have utilized Rsam and CVE
to declare, search, and reporting on common vulnerabilities, and to harmonize common
vulnerability data across disparate data sources.
| RUS-CERT University of Stuttgart |
|
Quote/Declaration: The announcement service run by RUS-CERT already uses CVE as the reference
dictionary for vulnerability identification for a long time.
— Oliver Goebel
Quote/Declaration: SAINT, WebSAINT, and SAINTbox vulnerability reports and tutorials include
relevant CVE links, providing the user with easy reference to related information and
a basis for determining the extent of each product's capabilities. SAINTmanager
vulnerability reports and tutorials include relevant CVE links, providing the user
with easy reference to related information and a basis for determining the extent of
SAINTmanager's capabilities. SAINT, WebSAINT, and SAINTbox are also CVE searchable
with a CVE cross-reference that maps the CVE entries to the SAINT tutorials, while
SAINTmanager is CVE searchable with a CVE cross-reference that maps the CVE entries
to the corresponding SAINTmanager vulnerability IDs. We will continue to keep all
SAINT products updated with the latest CVE numbers as they become available.
Quote/Declaration: Because of the ever-increasing number of network traffic attacks and
vulnerabilities they exploit, tracking quickly becomes a complex and difficult task
across attacks, subsequent variants, and four geographic continents, and all the
languages therein. It is the intention of Sandvine to use the CVE naming scheme
mechanism not only for commonly identifying the vulnerabilities within our hardware
and software but also as a taxonomy to group the network attacks our systems are
intended to prevent.
| Sangfor Technologies Co., Ltd. |
Date Declared: February 6, 2012 |
Quote/Declaration: Sangfor Technologies Co., Ltd. is a leading network security company in China. We
fully support MITRE's CVE standard in our security products, which allows our
security research and product development teams to focus on adding value for our
customers and enables our customers to easily reference vulnerabilities
information.
Quote/Declaration: The SANS GIAC training is CVE-compatible. Student assignments for intrusion
detection and hacker exploits reference CVE. In addition, ID'Net is
CVE-compatible.
— Steve Northcutt, Director, SANS Global Incident Analysis
Center
Quote/Declaration: We are ensuring our users can identify the correct vulnerabilities by using
CVEs.
|
Name:
)pallas(
|
|
Type: Vulnerability Consulting Service
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| SECNAP Network Security Corporation |
|
Quote/Declaration: It it our intention, and commitment to support the MITRE CVE efforts in order to
assist the user community by providing a standard and consistent way to gather and
validate information on security vulnerabilities.
| SecPod Technologies |
Date Declared: July 18, 2012 |
Quote/Declaration: SecPod SCAP Repo is a repository of SCAP content. CVEs are searchable based on
all the attributes. The repo supports natural language based search. CVE is referred
in all the vulnerability content in the repository.
|
Name:
SecPod SCAP Repo
|
|
Type: SCAP Content Repository
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: The SecPoint Penetrator Appliance is a unique product that combines,
Vulnerability Assessment, Launching of Real Exploits, Complete Penetration testing
and our use of CVE is a valuable feature for our customers.
|
Name:
SecPoint Penetrator
|
|
Type: Vulnerability Assessment and Penetration Testing Appliance
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Planned
|
| SECUI.COM Corporation |
Date Declared: June 22, 2011 |
Quote/Declaration: With the increasing number of vulnerabilities in various areas, it is worthwhile
to define a common vulnerability naming and enumerating standard such as CVE List. By
providing this information to our customers through our product, they can quickly and
accurately identify vulnerabilities. Especially, customers can cross-link the
information with other CVE-Compatible products and services.
Quote/Declaration: Secunia constantly monitors and reviews CVE entries to ensure that these are
appropriately and accurately matched with the verified Secunia Vulnerability
Intelligence provided in our Advisories, Secunia PSI, Secunia CSI, Secunia OSI,
Secunia VIM, and on our Web site.
Quote/Declaration: Secure Associates' MindStorm Enterprise Edition and MindStorm MSSP Edition
security information management platforms normalize, correlate, and prioritize
security alerts and logs for effective and efficient security information management
in a centralized console. With our proven product solution and a set of escalation
and implementation methodology - and by incorporating the CVE standard - we enable
service providers and enterprise clients to manage, monitor, analysis, report, and
respond to their security infrastructure proactively at a cost-effective
mean.
| Secure Elements, Incorporated |
|
Quote/Declaration: C5 EVM combines vulnerability information from a myriad of sources to provide the
most complete coverage possible for our customers. By relying on CVE, C5 EVM
seamlessly integrates the information, providing our customers the highest level of
protection available.
— Dan Bezilla, CTO
Quote/Declaration: SecureInfo RMS, award-winning certification and accreditation software, is
CVE-compatible. Supporting CVE is an important part of our vision in providing
continuous monitoring capabilities in support of FISMA and our customer's information
security programs.
— Roberto R. Garcia, V.P. Product Engineering
Quote/Declaration: MITRE's CVE standard helps SecureWorks provide our clients with a seamless,
consolidated view of their security and risk environment, and aids our security
analysts in correlating valuable threat information from disparate sources.
|
Name:
Threat Intelligence
|
|
Type: Security Intelligence Service
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Security Horizon, Inc. currently holds a Cooperative Research and Development
Agreement (CRADA) with the National Security Agency (NSA) to teach eligible students
in the INFOSEC Assessment Methodology (IAM) and INFOSEC Evaluation Methodology (IEM)
courses. These two INFOSEC courses are intended to create a standardized baseline of
activities that constitute an NSA approved methodology for measuring the security
posture of an organization. As part of the development and teaching of these courses,
our company has the requirement to ensure that both the courseware and the students
understand the value of using the Common Vulnerability and Exposure naming scheme. In
addition, the IEM course specifically requires the use of CVE names to measure the
actual exposure to organizations with each listed finding. Security Horizon, as a
co-author of the instructional course, also uses these methodologies to perform
assessments and evaluations on its own customer base.
Quote/Declaration: Security Database uses the publicly known vulnerabilities identified in the CVE
List as the basis for most of the queries. All data are relayed in realtime.
Last Updated:
February 12, 2013
Quote/Declaration: To protect our customers from security problems we implemented CVE in our system,
because we know that CVE is authoritative and dependable source of information about
vulnerabilities and one of the first sites putting information about new
vulnerabilities. SecurityReason realizes the importance of common security
identifiers in security vulnerability advisories. We are pleased to support the CVE
Initiative.
Quote/Declaration: SecurityTracker is proud to integrate support for CVE. The SecurityTracker
database of vulnerability alerts now includes CVE numbers.
|
Name:
SecurityTracker
|
|
Type: Vulnerability Alerts
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
CASPER
|
|
Type: Risk Management and Event Monitoring
|
|
|
|
CVE Output:
Planned
CVE Searchable:
Planned
|
| Serkan Ozkan |
Date Declared: October 29, 2010 |
|
Name:
CVEDetails.com
|
|
Type: Vulnerability Database Web Site
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| Shavlik Technologies, LLC |
|
Quote/Declaration: Shavlik is committed to providing the best information possible to our customers.
We include CVE references in our patch database and display this data in our patch
management product. We are now formalizing the presentation of this data by declaring
CVE compatibility.
|
Name:
MSSecure.XML
|
|
Type: Patch Data Repository
|
|
|
|
CVE Output:
Yes
CVE Searchable:
No
|
Quote/Declaration: CVE compatibility ensures that administrators can easily use different security
products in order to find additional information they need.
Quote/Declaration: SIMCommander is a leading developer of solutions to manage, monitor, analyze,
report on, and respond to security information for large enterprises, government
institutions, and service providers. SIMCommander's solution for enterprises is a
software platform that enables any business or organization to visualize and
correlate security information in real-time. Enterprises use SIMCommander technology
to lower their day-to-day security operational costs and at the same time ensure
compliance with regulatory requirements such as Sarbanes-Oxley and ISO-17799.
|
Name:
SIMCommander
|
|
Type: Security Information Management
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Skybox Security supports standards such as CVE that promote interoperability of
security products. Skybox View, our exposure risk management solution, uses CVE names
in its vulnerability dictionary and cross-references these to vulnerabilities
imported by all vulnerability scanners such as Nessus, eEye Retina, ISS Internet
Scanner, Qualys, and other market leaders. By running attack simulations against a
virtual model of the network, Skybox View reveals vulnerabilities, based on CVE
names, that are truly critical because they lie along an attack path to critical
business applications. The CVE Initiative allows security professionals to understand
risks and exposures in terms that can be cross-referenced to other security products
- a growing necessity as more and more solutions automate the risk management
process.
Quote/Declaration: CVE provides an excellent mapping between various tools that allows Snort users
to quickly and accurately link together information providedby various other security
tools and informational databases.
— Brian Caswell and Martin Roesch
|
Name:
Snort
|
|
Type: Intrusion Detection System
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Softrun is the leading provider of Patch Management System in Korea and serving
patch management service to hundreds of local corporations. Softrun is pleased to
support CVE and will continue to promote the standardization of
vulnerabilities.
| Software in the Public Interest, Inc. |
|
Quote/Declaration: Debian developers understand the need to provide accurate and up-to-date
information of the security status of the Debian distribution, allowing users to
manage the risk associated with new security vulnerabilities. CVE enables us to
provide standardized references that allow users to develop a CVE-enabled security
management process.
Quote/Declaration: Sourcefire's intelligent security monitoring solutions provide a fully integrated
security monitoring infrastructure for identifying and protecting against network
threats. Sourcefire is dedicated to providing actionable insight into security
threats on a network and is pleased to support open system standards such as MITRE's
CVE.
|
Name:
Sourcefire 3D System
|
|
Type: Enterprise Threat Management Solution
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
ThreatEx
|
|
Type: Vulnerability Assessment Appliance and Database
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: StillSecure is pleased to offer CVE compatibility in VAM, our vulnerability
management system. A common language for tracking security threats is critical to
managing the vulnerability lifecycle. StillSecure products are cost-effective and
easy-to-use, and we will continue to participate in and leverage industry-wide
standards such as CVE.
— Mitchell Ashley, CTO and VP Engineering
|
Name:
StillSecure VAM
|
|
Type: Vulnerability Management System
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Our customers like to have their vulnerability information in standard format and
from a reliable source.
|
Name:
StoneGate IPS
|
|
Type: Network Intrusion Protection System
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Sunbelt Software's Network Security Inspector (SNSI) utilizes a top-rated
commercial grade vulnerability database that integrates the CVE standard, which
provides administrators a fast and affordable way to find security holes and address
these vulnerabilities quickly with recommended remediation instructions. SNSI
delivers specific CVE information where available for any vulnerabilities found,
while group scans can be configured for all or specific CVE vulnerabilities based on
the administrator's need.
— Stu Sjouwerman, COO and Founder, Sunbelt Software, Inc.
Quote/Declaration: CVE enhances our security database and helps Syhunt defend our customers from
exposure to vulnerabilities.
|
Name:
Sandcat Pro
|
|
Type: Web Application Security Scanner
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
Quote/Declaration: Symantec maintains one of the largest vulnerability databases available today.
Consisting of over 9000 distinct vulnerability records, we have strived to maintain
CVE compliance from the outset of the CVE Initiative.
Symantec fully supports an industry-wide standard for the indexing of
vulnerabilities. Our public web sites (SecurityFocus and SecurityResponse), and our
commercial alerting services (DeepSight Alert Services) fully conform to the CVE
requirements. This allows our customers to search for, and research vulnerabilities
and blended threats using this common nomenclature. Symantec's wide range of security
products utilize the industry-leading vulnerability database and employ trusted, fast
and automated response capabilities to identify threats identified by CVE.
| Syntek Systems Corporation, Inc. |
|
Quote/Declaration: Syntek Systems' security lifecycle management product, enables organizations to
identify relevant information from the masses of configuration, performance, and
security data that must be analyzed, and to finally begin to automate the process of
preparedness and remediation. Syntek's distributed analytics engine takes advantage
of CVE to map correlated data against a centralized database of known
vulnerabilities—a critical step in the process of identifying only the
information that is significant and initiating appropriate remediation
processes.
|
Name:
SolventView
|
|
Type: Distributed Platform for Security Event Analysis and Policy
Enforcement
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Planned
|
Quote/Declaration: TecForte is an ICT Security company focused on developing enterprise-class
security management solutions. Our product provides customizable correlation tools to
monitor and cross-check disparate devices, hence exposing security threats and
facilitating vulnerability management. We are committed to supporting a high-level of
security, and are pleased to promote and support the CVE naming standards.
Quote/Declaration: Xacta IA Manager is a risk/compliance management/measurement software that
incorporates vulnerabilities as part of the overall risk assessment. Because our
principle customer is the Department of Defense, we recognize the importance of being
compatible with CVE. We expect to have the product fully CVE compatible with the
release of our 5.0 version of Xacta IA Manager.
|
Name:
Xacta IA Manager
|
|
Type: Vulnerability Assessment and Remediation
|
|
|
|
CVE Output:
Planned
CVE Searchable:
Planned
|
| Tenable Network Security Inc. |
|
Quote/Declaration: Tenable Network Security utilizes the CVE program to reference each of the
vulnerabilities detected by Nessus and the Passive Vulnerability Scanner. This
information is also heavily used through SecurityCenter for reporting, education, IDS
event correlation and linking with third-party security information.
Quote/Declaration: Recognizing the importance of common indexing of known vulnerabilities,
ThreatGuard has included CVE references in ThreatGuard VMS and ThreatGuard Traveler.
These references are seamlessly integrated with the ThreatGuard Navigator client
application, reports, and search engine. As we release new vulnerability tests, it is
among ThreatGuard's top priorities to ensure CVE referencing is included and
accurate, extending the efforts of the CVE initiative.
|
Name:
ThreatGuard On Demand
|
|
Type: Continuous Security Auditing and Compliance Management
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| TippingPoint Technologies |
|
Quote/Declaration: TippingPoint is in the business of simplifying security. We are a strong
proponent of MITRE's CVE standards initiative.
Quote/Declaration: We have aligned our service/appliance FAV with the CVE vulnerabilities standard
for the benefit of our customers.
|
Name:
TraceAlert
|
|
Type: Vulnerability and Malicious Code Alert Service
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
Name:
TraceAssess
|
|
Type: Vulnerability Lifecycle Management Utility
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| TrustSign |
Date Declared: December 28, 2011 |
Quote/Declaration: TrustSign is a certificate authority and a security company that works to
identify and correct common vulnerabilities in enterprise networks and service
providers. We believe that it is important to our services and clients to be a fully
compatible with the CVE standard.
Quote/Declaration: VUPEN Security (formerly FrSIRT) personalized vulnerability and threat alerts,
24/7, 365 days a year, to inform organizations of new potential threats. Our services
are designed to deliver notification of vulnerabilities and exploits as they are
identified, providing timely, actionable information and guidance to help mitigate
risks before they are exploited.
Quote/Declaration: Westpoint, and more importantly its customers, have long since realised the value
of the CVE unified vulnerability referencing scheme in helping to eradicate risks
from the organisation. As such Westpoint is happy to participate in any programme
that gives the Internet community greater freedom of choice in the security products
and services they choose to adopt.
Quote/Declaration: WinsTechnet.co., Ltd. is pleased to support MITRE on the CVE effort to
standardize vulnerability identification not only for the security industry, but for
our customers. SNIPER IPS, our network-based intrusion prevention system, and
SecureCast, our vulnerability database, have incorporated CVE names to provide the
most valuable information for our customers.
| Xentinel Digital Security, Inc. |
|
Quote/Declaration: Xentinel Digital Security provides daily remote vulnerability assesment to
e-merchants through its HACKER FREE Certification and PCIPass (Payment Card Industry
Security Standards Compliance Passport). Xentinel tools support the CVE standard to
facilitate the integration with other security tools. Additionally, our mapping to
CVE makes it easy for customer's to reference key information to protect their
organzation from internet security threats.
|
Name:
HACKER FREE
|
|
Type: Remote Vulnerability Assessment
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
| Xi'an Jiaotong University Jump Network Technology Co., Ltd. |
|
Quote/Declaration: We have incorporated CVE to improve the quality of our product.
| XMCO Partners |
Date Declared: July 7, 2010 |
|
Name:
CERT-XMCO
|
|
Type: Vulnerability Database and Notification Service
|
|
|
|
CVE Output:
Yes
CVE Searchable:
Yes
|
|
