Organizations Participating

	GRAND TOTALS Products & Services Listed: 281 Organizations Participating: 158

All organizations participating in the Compatibility Program are listed below, including those with CVE-Compatible Products and Services and those with Declarations to Be CVE-Compatible.

Organizations are listed alphabetically:

Advanced Research Corporation

Quote/Declaration: "SARA provides a monthly updated cross-reference CVE-SARA map that identifies CVE to SARA test correspondence, link to tutorial, and link to CVE reference data. In addition, all SARA reports contain relevant CVE names in the tutorials."

AdventNet, Inc.

Quote/Declaration: "AdventNet is pleased to support CVE names in the vulnerability database of the SecureCentral product line, as part of our commitment to embracing industry standards."

Name: SecureCentral PatchQuest
Type: Patch Management Software for Windows and Linux systems
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: SecureCentral ScanFi
Type: Vulnerability Management Software for Windows and Linux Systems
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: ManageEngine Security Manager Plus
Type: Vulnerability Management Software for Windows and Linux Systems
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Apple Computer, Inc.

Application Security, Inc.

Quote/Declaration: "As a pioneer in application security, we have taken every possible step towards making AppDetective, our application penetration testing/vulnerability assessment product line, meet the CVE compatibility requirements. Application Security, Inc. sees CVE compatibility as a great value-added feature especially in this new area of research and development in vulnerability assessment solutions."
— Aaron Newman, CTO Application Security, Inc.

Archer Technologies

Quote/Declaration: "Archer Technologies Enterprise Security Management is a knowledge management system for the collection, management and distribution of critical security content such as vulnerabilities, technical baselines, control standards and information security policies as they relate to specific risk that IT assets face within the enterprise. The Archer Technologies product suite strongly supports the CVE standard, which greatly assists in our integration with other security products and vendors. The CVE mapping enables our clients to intelligently analyze, cross reference and search vulnerabilities that affect their organization."
— Jon Darbyshire, CEO, Archer Technologies LLC

Name: Archer Threat Management
Type: Threat Management
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

ArcSight, Inc.

Quote/Declaration: "As a pioneer and leading provider of security management solutions for the enterprise ArcSight actively promotes and supports open systems standards such as CVE. ArcSight uses cross-device correlation to detect sophisticated multi-source, multi-target attacks while keying into the correct policies and procedures for response via the CVE names. It enables security experts and IT managers to cross-correlate information and references about different threats reported by disparate security products and solutions — a necessity to understand the real impact of vulnerabilities and attacks."

Name: ArcSight Enterprise Security Manager (ArcSight ESM)
Type: Real-Time Security Awareness/Incident Response
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Assuria Limited

Quote/Declaration: "Assuria Auditor (Formerly ISS System Scanner) was previously certified as ISS System Scanner. Assuria have enhanced and added functionality and features around CVE reporting in the product."

Name: Assuria Auditor
Type: Vulnerability Assessment and Remediation
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Backbone Security.com, Inc.

Quote/Declaration: "We aim to provide our customers with the best information available on how to protect their infrastructure. By integrating CVE into our product, we are providing up-to-date vulnerability information that can be used to enable a network administrator to defend their enterprise data and resources."

Beijing Netpower Technologies Inc.

Quote/Declaration: "Beijing Netpower Technologies Inc. is a leading network security products producer in China. We assure that Netpower Network Security Assessment System is fully compatible with CVE standards."

Beijing Topsec Co., Ltd.

Name: NetGuard Intrusion Detection System
Type: Intrusion Detection and Management
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Beijing Venus Information Security Technology, Inc.

Quote/Declaration: "Venus Information Technology, Inc. aims to provide users a series of network security products along with our own independent intellectual property and complied with international standard, CVE. Beyond product, we can deliver customers life-cycle services including consulting, design, implementation, maintenance and training."
— Helen Wang

Name: Cybervision Intrusion Detection System
Type: Intrusion Detection System
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: Cybervision Vulnerability Assessment and Mangement System
Type: Vulnerability Scanner
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Beyond Security Ltd.

Quote/Declaration: "Beyond Security Ltd.'s Automated Scanning provides users with a complete picture of the security of their organization by leveraging the huge SecuriTeam.com knowledgebase. As such, we see high importance for the CVE naming scheme, which provides a global independent reference for known security vulnerabilities."

Name: Automated Scanning Appliance
Type: Automated Vulnerabilities Scanner
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: Automated Scanning Service - External Scanning
Type: Automated Vulnerabilities Scanning Service
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: Automated Scanning Service - Product Audits
Type: Automated Vulnerabilities Scanner For Product Audits
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: Automated Scanning Service - Service Provider Platform
Type: Automated Vulnerabilities Scanner Platform For Service Providers
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

BigFix, Inc.

Quote/Declaration: "BigFix enables organizations to better manage their global IT infrastructures with solutions to discover, analyze, change, and maintain security and software configurations faster and more accurately, resulting in improved processes, greater visibility, better security and more reliable services while reducing costs. BigFix supports the adoption of open standards such as CVE as an important part of reducing IT security risk and improving policy and regulatory compliance. BigFix Enterprise Suite presents discovered vulnerabilities with the associated CVE name enabling customers to quickly assess, prioritize, and immediately remediate security risks."

BindView Corporation

Quote/Declaration: "As a founding member of the CVE Initiative, BindView Corporation stands firmly behind the first lexicon of vulnerabilities. BindView is actively supporting this effort through its RAZOR research team. For too long, vendor interests and product limitations have shaped knowledge about vulnerabilities. The CVE Initiative shifts the focus from product-centric to an industry-based model, requiring vendors to have a greater accountability to the whole security market - as well as to our specific customers. Moving forward, we will continue to expand our security products to support CVE compatibility."
— Scott Blake, BindView Vice President for Information Security

Blue Lane Technologies Inc.

Quote/Declaration: "The Common Vulnerabilities and Exposures standard is very valuable to the industry and Blue Lane Technologies. It provides a common way to cross reference the vulnerabilities, patches and exploits that users and vendors must deal with. Blue Lane pursued CVE compatibility so our customers could benefit from the operational ease of use that comes with having a common reference list."

CA

Quote/Declaration: "As a respected member of the MITRE CVE Editorial Board and a global leader in security, Computer Associates International, Inc (CA) is fully committed to supporting the MITRE CVE Initiative. With the increasing number of vulnerabilities, CA recognizes the need and the importance for a common vulnerability naming and enumerating standard. CA Threat Research Team leverages the CVE List by correlating our vulnerability database with the MITRE CVE List. By providing this information to our customers through our Threat Management products — eTrust Vulnerability Manager, and eTrust Policy Compliance, users can quickly and accurately identify a common vulnerability name and number, and in addition cross-reference this information with other sources and products that are CVE-compatible."

Name: eTrust Vulnerability Manager
Type: Vulnerability Management
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Catbird

Quote/Declaration: "Catbird Shield is a hosted managed security platform that delivers enterprise-grade security for organizations of all sizes. We believe cross-indexing the CVE in reports we present to our partners and customers assists them in building effective security programs."

CentaVision Corporation

Quote/Declaration: "RAPTUS ICS is a next generation security product different from current network-based intrusion detection systems or firewalls. We have made RAPTUS ICS CVE-compatible to enhance the product for our customers worldwide."

Cenzic, Inc.

Quote/Declaration: "Cenzic is pleased to integrate CVE information with our Hailstorm application security assessment product. Customers benefit from a widely supported standard while taking advantage of the leading application security assessment product."

CERIAS/Purdue University

Quote/Declaration: "CVE is the key to vulnerability database compatibility. The CERIAS Cooperative Vulnerability Database and the Cassandra tool currently provide CVE Output and are also CVE Searchable. The CERIAS ESP is entirely based on CVE. The CIRDB (CERIAS Incident Response Database) already provides CVE output. The growing importance and recognition of CVE requires the CIRDB to be searchable and fully CVE-compatible, which we will do for the release currently under development."
— Pascal Meunier, Assistant Research Scientist, CERIAS

CERT Coordination Center

Quote/Declaration: "We will begin directly contributing new CVE entries, as well as using existing CVE entries to annotate our published advisories."
— (Bill Fithen, Sep 29, 1999 press conference)

Cert-IST

Quote/Declaration: "Cert-IST offers its partners and clients a Security Advisory and Alert service, both in French and English. Cert-IST offers also a vulnerability database, accessible through Web interface, created in September 97, and maintained by a dedicated team. Cert-IST uses CVE in its advisory database, with the objective to improve the information and knowledge level in the security community."

Check Point Software Technologies, Ltd.

Quote/Declaration: "Check Point is pleased to participate in the CVE Compatibility program, which will benefit the worldwide computing community by providing a common terminology for tracking security threats and make discourse among all community members (users, vendors, service providers, and others) more intelligible and productive."

China National Computer Software & Technology Service Corporation (CSS)

Quote/Declaration: "China National Computer Software & Technology Service Corporation (CSS) is a leading company in the field of software development in the People's Republic of China. We believe it is important for our security solution to be fully compatible with the Common Vulnerabilities and Exposures (CVE) standard."
— Ph. D. Dongping Ma, Chief of Information Security Lab of CSS

Cisco Systems

Quote/Declaration: "Cisco sees CVE as an important step in the collaborative efforts of the vulnerability science community. It is a tool that allows our security research and product development teams to focus on adding value for our customers. Cisco will incorporate the CVE dictionary into its products."
— Andrew Balinsky, Cisco Secure Encyclopedia Project Manager

Clear North Technologies, Inc.

Quote/Declaration: "The objective of the Clear North Technologies penetration study is to identify and report vulnerabilities in the client's perimeter network which may provide attackers with an opportunity to gain unauthorized access to private computer systems and networks. In performing the penetration study, Clear North Technologies will employ techniques and tools similar to those used by external threats with the intention of compromising perimeter network safeguards in an effort to gain access to the client's private computer systems and networks."

Computec.ch

Computer Security Laboratory, Dept. of Computer Science, UC Davis

Quote/Declaration: "We will put the CVE names into this database in order to provide a cross reference to that enumeration."
— Matt Bishop

Consul risk management, Inc.

Quote/Declaration: "Consul risk management, Inc. utilizes the CVE program to tag each vulnerability detected. This information is used through our InSight Security Event Module SIM console for reporting, correlating and linking vulnerability assessment scan results with 3rd party security information including IDS and firewall events to significantly reduce false positives by associating threats with their corresponding vulnerabilities and providing users with the ability to research vulnerabilities, all made possible through CVE."

Core Security Technologies

Quote/Declaration: " As the provider of CORE IMPACT, the industry's first automated penetration testing product, Core Security Technologies is pleased to support the CVE standard. CVE provides a critical common language for naming vulnerabilities and allows us to not only link exploits to vulnerabilities within IMPACT, but also to provide interoperability with vulnerability scanners, intrusion detection and remediation products and other risk assesment and management solutions."
— Ivan Arce, CTO, Core Security Technologies

Criston Software

Quote/Declaration: "Criston relies on the CVE standardization method for vulnerability identification in security audit reports produced by Vulnerability Management solution. Through CVE names, Vulnerability Management users can efficiently access worldwide publicly known vulnerability and security resources.This make it easier to share data across separate vulnerabilities databases and security tools."
— Haissam HASSAN, Product Management

Critical Watch

Quote/Declaration: "Critical Watch supports MITRE's CVE program for standardizing a naming scheme for vulnerabilities. Incorporating CVE names into our enterprise vulnerability management solution enables our customers to act swiftly and confidently to collapse windows of exposure."
— Nelson Bunker Chief Security Officer

Name: FusionVM Enterprise System
Type: Appliance-Based Managed Service
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: FusionVM Managed Service
Type: Appliance-Based Managed Service
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Cubico Solutions CC

Quote/Declaration: "Cubico Solutions is honored to leverage off the power of the CVE standard and will continue to support CVE throughout its product offerings."

DEVOTEAM Solutions - APOGEE

Quote/Declaration: "APOGEE has worked out an IT SECurity Watch Service to help companies and organizations in their security risk management. The service objective is to provide a daily synthesis as regards new vulnerability, software security fixes and reissues of official security advisories. The security watch team gathers information available on the Internet, analyzes content, pertinence and gravity of published alerts and qualify security fixes provided by editors. Each vulnerability mentioned in our daily bulletin is presented with the related CVE name allowing our subscribers to cross-link with other repositories and providing compatibility with third party products and services that use CVE standard."

DragonSoft Security Associates, Inc.

Quote/Declaration: "DragonSoft Security Associates, Inc. believes that CVE provides the correct direction to a uniform and consistent representation of vulnerabilities and exposures information. As a company which research and design vulnerabilities and exposures detecting software, we are very desirous to providing CVE compatible product to our customers that researches and designs software for detecting vulnerabilities and exposures, we believe it is important to provide CVE-compatible products to our customers."

Name: DragonSoft Vulnerability Database
Type: Online Vulnerabilities and Exposures Database
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: DragonSoft Secure Scanner
Type: Vulnerabilities and Exposures Assessment Software
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

E*MAZE Networks S.p.A.

Quote/Declaration: "As an innovative provider of information security services for fixed and wireless IP networks, E*MAZE Networks S.p.A. is pleased to support this initiative aimed at creating a common lexicon for naming vulnerabilities and increasing interoperability between security tools. Incorporating the CVE entry and CAN naming scheme into the ipLegion and intraLegion vulnerability assessment suites, E*MAZE ensures that its clients can benefit from a more extended information cross-reference, thus enabling a more effective protection of digital assets and online systems. ipLegion and intraLegion database are fully searchable by keyword, CVE name or candidate number."
— Rodolfo G. Rosini, CEO

Edgeos, Inc.

Quote/Declaration: "Edgeos' services fully support and implement CVE."

eEye Digital Security

Quote/Declaration: "eEye Digital Security is a leading developer of network security software and an active contributor to network security research and education. eEye protect enterprises throughout the entire vulnerability lifecycle and offers a comprehensive range of award-winning solutions for vulnerability assessment, remediation management, intrusion prevention and network forensics. eEye is pleased to support the CVE Initiative and will continue to promote the standardization of the CVE naming convention and vulnerability identification."

Name: Retina Network Security Scanner
Type: Vulnerability Assessment Tool
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Enterasys Networks

Quote/Declaration: "Many of Dragon's IDS signatures already have CVE tags. Our vulnerability signatures will also have CVE tags. Dragon uses these tags to link users directly to the CVE Web site which allows them to get concise and updated vulnerability information."
— Ron Gula, Vice President of Intrusion Detection Systems, Enterasys

e-Project s.r.l.

Quote/Declaration: "e-Project believes that those wishing to contribute to improving information security should collaborate with the MITRE Corporation to support the CVE standard. e-Project has made its Scan-edge vulnerability assessment and remediation service CVE-compatible so our customers will have the best information available. We will contribute to this effort in every way possible and continue to support CVE on an ongoing basis."

esCERT-UPC: The UPC University Computer Emergency Response Team

Quote/Declaration: "At esCERT, we have adapted all our procedures and services to CVE notation since we consider that it is the best way to handle and distribute vulnerability information in a complete and reliable way."

E-Soft, Inc.

Quote/Declaration: "E-Soft is pleased to support MITRE's standardization of vulnerability identification in our security auditing services. The adoption of CVE as an industry-wide standard benefits the users of security products and services by providing a single, consistent way of identifying vulnerabilities across different products and services."

French Security Incident Response Team (FrSIRT)

Quote/Declaration: "The FrSIRT delivers personalized vulnerability and threat alerts, 24/7, 365 days a year, to inform organizations of new potential threats. Our services are designed to deliver notification of vulnerabilities and exploits as they are identified, providing timely, actionable information and guidance to help mitigate risks before they are exploited."

FuJian RongJi Software Company, Ltd

Quote/Declaration: "FuJian RongJi Software Company, Ltd., in association with the Institute of High Energy Physics, the Chinese Academy of Sciences, has developed the RJ-iTop Network Vulnerability Scanner System, which provides CVE Output and is CVE Searchable. In addition, its database is fully searchable by keyword, CVE name, or candidate number. We have made our product compatible with CVE so that administrators can easily differentiate which is the best product for them among the different security products."
— C. Shanmao Lin, RongJi Enterprise

Name: RJ-iTop Network Vulnerability Scanner System
Type: Vulnerability Assessment Tool
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Gazos Creek Incorporated

Quote/Declaration: "Gazos Creek has developed a method to provide security and network management services to the embedded systems market. We are pursuing CVE compatibility to allow our devices and services to contribute to, be integrated in and strengthen the larger community protecting against malicious software and malicious intentions."

Gentoo Foundation

Quote/Declaration: "The Gentoo Linux Security Project actively supports the CVE Initiative by referencing corresponding CVE entries in all of our security advisories where appropriate."

GFI Software Ltd.

Quote/Declaration: "GFI recognizes the importance of standards in a field which is encountering even bigger challenges, variation of attacks and abuses of IT systems. While searching for a standard which will allow us to adhere to as well as encourage our customers to refer to vulnerabilities in a particular format, we found a perfect synergy between our technology and CVE. We believe that such integration will provide a common ground for our customers and security administrators out there to share and unify experiences against these ever increasing threats."

Name: GFI LANguard Network Security Scanner
Type: Network Vulnerability Assessment & Remediation Product
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Grupo S21sec Gestión S.A.

Harris Corporation

Quote/Declaration: "Harris Corporation has integrated the CVE standard into its STAT Scanner, which provides the ability to identify, track, compare, and contrast vulnerabilities. STAT Scanner has a fully integrated interface that allows the user to see the specific CVE information, while at the same time providing predefined configuration files that scan specifically for all CVE vulnerabilities."
— Lilo Newberry, STAT Director of Operations, Harris Corporation

Name: STAT Scanner
Type: Assessment Tool
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Huawei-3Com Co. Ltd.

IBM

Quote/Declaration: "IBM actively promotes, supports, and contributes to the emerging open systems standards such as CVE that enable technology management software such as IBM Tivoli Risk Manager and IBM Tivoli Security Operations Manager, intrusion detection, vulnerability assessment, and security management components to inter-operate and share management information. We know that open system standards are a critical step in this direction. We support CVE as the first and the most complete naming convention for vulnerability mapping in the industry and we are committed to using CVE within our product in a tightly integrated fashion."

IBM Internet Security Systems

Quote/Declaration: "The CVE naming standard developed by MITRE represents a significant leap forward for the information security industry and end user community. As a technology pioneer and leading provider of security management software and services, IBM Internet Security Systems is pleased to be a part of this important initiative as we move toward a standard that is crucial to the effective protection of every organization's critical digital assets."
— Christopher Klaus, Founder and Chief Technology Officer

Name: Internet Scanner
Type: Vulnerability Assessment Tool
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: RealSecure Network 10/100 and Network Gigabit
Type: Network-Based IDS/IPS
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: RealSecure Server Sensor
Type: Host-Based IDS/IPS
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: SiteProtector
Type: Security Management Platform
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: System Scanner
Type: Host-Based Vulnerability Assessment Tool
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: X-Force Alerts and Advisories
Type: Alerts & Advisories Archive
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: X-Force Database
Type: Vulnerability Database
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Information Risk Management Plc

Quote/Declaration: "IRM ensures that clients acquire and maintain the core elements of information security by providing product-independent, expert, and impartial consulting services to organisations wishing to examine and improve the security of their information assets. It is essential that open and standardised vulnerability descriptions and metrics integrate into IRM's methodology and output so that clients may be assured of a common reference to findings and recommendations. CVE provides such a mechanism and is vital in providing meaningful security threat results."

Name: Security Risk Assessment
Type: Security Risk Assessment Service
CVE Output: Yes