Organizations Participating

	GRAND TOTALS Products & Services Listed: 261 Organizations Participating: 145

All organizations participating in the Compatibility Program are listed below, including those with CVE-Compatible Products and Services and those with Declarations to Be CVE-Compatible.

Organizations are listed alphabetically:

Advanced Research Corporation

Quote/Declaration: "SARA provides a monthly updated cross-reference CVE-SARA map that identifies CVE to SARA test correspondence, link to tutorial, and link to CVE reference data. In addition, all SARA reports contain relevant CVE names in the tutorials."

AdventNet, Inc.

Quote/Declaration: "AdventNet is pleased to support CVE names in the vulnerability database of the SecureCentral product line, as part of our commitment to embracing industry standards."

Name: SecureCentral PatchQuest
Type: Patch Management Software for Windows and Linux systems
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: ManageEngine Security Manager Plus
Type: Vulnerability Management Software for Windows and Linux Systems
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Apple Computer, Inc.

Application Security, Inc.

Quote/Declaration: "As a pioneer in application security, we have taken every possible step towards making AppDetective, our application penetration testing/vulnerability assessment product line, meet the CVE compatibility requirements. Application Security, Inc. sees CVE compatibility as a great value-added feature especially in this new area of research and development in vulnerability assessment solutions."
— Aaron Newman, CTO Application Security, Inc.

Archer Technologies

Quote/Declaration: "Archer Technologies Enterprise Security Management is a knowledge management system for the collection, management and distribution of critical security content such as vulnerabilities, technical baselines, control standards and information security policies as they relate to specific risk that IT assets face within the enterprise. The Archer Technologies product suite strongly supports the CVE standard, which greatly assists in our integration with other security products and vendors. The CVE mapping enables our clients to intelligently analyze, cross reference and search vulnerabilities that affect their organization."
— Jon Darbyshire, CEO, Archer Technologies LLC

Name: Archer Threat Management
Type: Threat Management
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

ArcSight, Inc.

Quote/Declaration: "As a pioneer and leading provider of security management solutions for the enterprise ArcSight actively promotes and supports open systems standards such as CVE. ArcSight uses cross-device correlation to detect sophisticated multi-source, multi-target attacks while keying into the correct policies and procedures for response via the CVE names. It enables security experts and IT managers to cross-correlate information and references about different threats reported by disparate security products and solutions — a necessity to understand the real impact of vulnerabilities and attacks."

Name: Arcsight ESM Event Security Manager
Type: Real-Time Security Awareness/Incident Response
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Assuria Limited

Quote/Declaration: "Assuria Auditor (formerly ISS System Scanner) was previously certified as ISS System Scanner. Assuria have enhanced and added functionality and features around CVE reporting in the product."

Name: Assuria Auditor
Type: Vulnerability Assessment and Remediation
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Backbone Security.com, Inc.

Quote/Declaration: "We aim to provide our customers with the best information available on how to protect their infrastructure. By integrating CVE into our product, we are providing up-to-date vulnerability information that can be used to enable a network administrator to defend their enterprise data and resources."

Beijing Netpower Technologies Inc.

Quote/Declaration: "Beijing Netpower Technologies Inc. is a leading network security products producer in China. We assure that Netpower Network Security Assessment System is fully compatible with CVE standards."

Beijing Topsec Co., Ltd.

Name: TopSentry Intrusion Detection System
Type: Intrusion Detection and Management
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: Topsec Intrusion Protection System (TopIDP)
Type: Intrusion Protection and Management
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Beijing Venus Information Security Technology, Inc.

Quote/Declaration: "Venus Information Technology, Inc. aims to provide users a series of network security products along with our own independent intellectual property and complied with international standard, CVE. Beyond product, we can deliver customers life-cycle services including consulting, design, implementation, maintenance and training."
— Helen Wang

Name: Cybervision Intrusion Detection System
Type: Intrusion Detection System
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: Cybervision Vulnerability Assessment and Mangement System
Type: Vulnerability Scanner
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Beyond Security Ltd.

Quote/Declaration: "Beyond Security Ltd.'s Automated Scanning provides users with a complete picture of the security of their organization by leveraging the huge SecuriTeam.com knowledgebase. As such, we see high importance for the CVE naming scheme, which provides a global independent reference for known security vulnerabilities."

Name: AVDS
Type: Automated Vulnerabilities Scanner
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: AVDS Services
Type: Automated Vulnerabilities Scanning Service
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: AVDS Server
Type: Automated Vulnerabilities Scanner Platform For Service Providers
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

BigFix, Inc.

Quote/Declaration: "BigFix enables organizations to better manage their global IT infrastructures with solutions to discover, analyze, change, and maintain security and software configurations faster and more accurately, resulting in improved processes, greater visibility, better security and more reliable services while reducing costs. BigFix supports the adoption of open standards such as CVE as an important part of reducing IT security risk and improving policy and regulatory compliance. BigFix Enterprise Suite presents discovered vulnerabilities with the associated CVE name enabling customers to quickly assess, prioritize, and immediately remediate security risks."

Blue Lane Technologies Inc.

Quote/Declaration: "The Common Vulnerabilities and Exposures standard is very valuable to the industry and Blue Lane Technologies. It provides a common way to cross reference the vulnerabilities, patches and exploits that users and vendors must deal with. Blue Lane pursued CVE compatibility so our customers could benefit from the operational ease of use that comes with having a common reference list."

CA

Quote/Declaration: "As a respected member of the MITRE CVE Editorial Board and a global leader in security, Computer Associates International, Inc (CA) is fully committed to supporting the MITRE CVE Initiative. With the increasing number of vulnerabilities, CA recognizes the need and the importance for a common vulnerability naming and enumerating standard. CA Threat Research Team leverages the CVE List by correlating our vulnerability database with the MITRE CVE List. By providing this information to our customers through our Threat Management products — eTrust Vulnerability Manager, and eTrust Policy Compliance, users can quickly and accurately identify a common vulnerability name and number, and in addition cross-reference this information with other sources and products that are CVE-compatible."

Name: CA Vulnerability Manager
Type: Vulnerability Management
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Catbird

Quote/Declaration: "Catbird V-Security is a comprehensive security and compliance solution for virtual and physical infrastructures, delivering best-practice security for Hypervisor, Guest VMs and Policy/Regulatory Compliance. Cross-indexing the CVE in reports we present to our partners and customers assists them in building effective security programs."

Name: Catbird V-Security
Type: Security Service
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Cenzic, Inc.

Quote/Declaration: "Cenzic is pleased to integrate CVE information with our Hailstorm application security assessment product. Customers benefit from a widely supported standard while taking advantage of the leading application security assessment product."

CERIAS/Purdue University

Quote/Declaration: "CVE is the key to vulnerability database compatibility. The CERIAS Cooperative Vulnerability Database and the Cassandra tool currently provide CVE Output and are also CVE Searchable. The CERIAS ESP is entirely based on CVE. The CIRDB (CERIAS Incident Response Database) already provides CVE output. The growing importance and recognition of CVE requires the CIRDB to be searchable and fully CVE-compatible, which we will do for the release currently under development."
— Pascal Meunier, Assistant Research Scientist, CERIAS

Cert-IST

Quote/Declaration: "Cert-IST offers its partners and clients a Security Advisory and Alert service, both in French and English. Cert-IST offers also a vulnerability database, accessible through Web interface, created in September 97, and maintained by a dedicated team. Cert-IST uses CVE in its advisory database, with the objective to improve the information and knowledge level in the security community."

CERT Coordination Center

Quote/Declaration: "We will begin directly contributing new CVE entries, as well as using existing CVE entries to annotate our published advisories."
— (Bill Fithen, Sep 29, 1999 press conference)

Check Point Software Technologies, Ltd.

Quote/Declaration: "Check Point is pleased to participate in the CVE Compatibility program, which will benefit the worldwide computing community by providing a common terminology for tracking security threats and make discourse among all community members (users, vendors, service providers, and others) more intelligible and productive."

China National Computer Software & Technology Service Corporation (CSS)

Quote/Declaration: "China National Computer Software & Technology Service Corporation (CSS) is a leading company in the field of software development in the People's Republic of China. We believe it is important for our security solution to be fully compatible with the Common Vulnerabilities and Exposures (CVE) standard."
— Ph. D. Dongping Ma, Chief of Information Security Lab of CSS

Cisco Systems

Quote/Declaration: "Cisco sees CVE as an important step in the collaborative efforts of the vulnerability science community. It is a tool that allows our security research and product development teams to focus on adding value for our customers. Cisco will incorporate the CVE dictionary into its products."
— Andrew Balinsky, Cisco Secure Encyclopedia Project Manager

Clear North Technologies, Inc.

Quote/Declaration: "The objective of the Clear North Technologies penetration study is to identify and report vulnerabilities in the client's perimeter network which may provide attackers with an opportunity to gain unauthorized access to private computer systems and networks. In performing the penetration study, Clear North Technologies will employ techniques and tools similar to those used by external threats with the intention of compromising perimeter network safeguards in an effort to gain access to the client's private computer systems and networks."

Computec.ch

Computer Security Laboratory, Dept. of Computer Science, UC Davis

Quote/Declaration: "We will put the CVE names into this database in order to provide a cross reference to that enumeration."
— Matt Bishop

Core Security Technologies

Quote/Declaration: " As the provider of CORE IMPACT, the industry's first automated penetration testing product, Core Security Technologies is pleased to support the CVE standard. CVE provides a critical common language for naming vulnerabilities and allows us to not only link exploits to vulnerabilities within IMPACT, but also to provide interoperability with vulnerability scanners, intrusion detection and remediation products and other risk assesment and management solutions."
— Ivan Arce, CTO, Core Security Technologies

CounterSnipe LLC

Quote/Declaration: "CounterSnipe aims to ensure that our customers' networks are provided with maximum protection and we believe that it is absolutely critical to at least guard against known and published vulnerabilities. There is no better way than ensuring CVE compatibility."

Criston Software

Quote/Declaration: "Criston relies on the CVE standardization method for vulnerability identification in security audit reports produced by Vulnerability Management solution. Through CVE names, Vulnerability Management users can efficiently access worldwide publicly known vulnerability and security resources.This make it easier to share data across separate vulnerabilities databases and security tools."
— Haissam HASSAN, Product Management

Critical Watch

Quote/Declaration: "Critical Watch supports MITRE's CVE program for standardizing a naming scheme for vulnerabilities. Incorporating CVE names into our enterprise vulnerability management solution enables our customers to act swiftly and confidently to collapse windows of exposure."
— Nelson Bunker Chief Security Officer

Name: FusionVM Enterprise System
Type: Appliance-Based Managed Service
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: FusionVM Software as a Service (SaaS)
Type: Remote Scanning Service
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: FusionVM MSSP
Type: Appliance-Based Managed Service
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: FusionVM PCI
Type: Remote Scanning Service
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: FusionVM Consultant
Type: Appliance-Based Managed Service
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Cubico Solutions CC

Quote/Declaration: "Cubico Solutions is honored to leverage off the power of the CVE standard and will continue to support CVE throughout its product offerings."

DBAPPSecurity Limited

Quote/Declaration: "DBAPPSecurity focuses on web application security and database security. It provides web vulnerability scanner (MatriXay), web application firewall, database scanner, database auditor, log auditor, web monitor and professional security services for information security and risk management, which compliance with many kinds of laws and regulations."

DragonSoft Security Associates, Inc.

Quote/Declaration: "DragonSoft Security Associates, Inc. believes that CVE provides the correct direction to a uniform and consistent representation of vulnerabilities and exposures information. As a company which research and design vulnerabilities and exposures detecting software, we are very desirous to providing CVE compatible product to our customers that researches and designs software for detecting vulnerabilities and exposures, we believe it is important to provide CVE-compatible products to our customers."

Name: DragonSoft Vulnerability Database
Type: Online Vulnerabilities and Exposures Database
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: DragonSoft Secure Scanner
Type: Vulnerabilities and Exposures Assessment Software
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

E*MAZE Networks S.p.A.

Quote/Declaration: "As an innovative provider of information security services for fixed and wireless IP networks, E*MAZE Networks S.p.A. is pleased to support this initiative aimed at creating a common lexicon for naming vulnerabilities and increasing interoperability between security tools. Incorporating the CVE entry and CAN naming scheme into the ipLegion and intraLegion vulnerability assessment suites, E*MAZE ensures that its clients can benefit from a more extended information cross-reference, thus enabling a more effective protection of digital assets and online systems. ipLegion and intraLegion database are fully searchable by keyword, CVE name or candidate number."
— Rodolfo G. Rosini, CEO

e-Project s.r.l.

Quote/Declaration: "e-Project believes that those wishing to contribute to improving information security should collaborate with the MITRE Corporation to support the CVE standard. e-Project has made its Scan-edge vulnerability assessment and remediation service CVE-compatible so our customers will have the best information available. We will contribute to this effort in every way possible and continue to support CVE on an ongoing basis."

E-Soft, Inc.

Quote/Declaration: "E-Soft is pleased to support MITRE's standardization of vulnerability identification in our security auditing services. The adoption of CVE as an industry-wide standard benefits the users of security products and services by providing a single, consistent way of identifying vulnerabilities across different products and services."

Easy Solutions, Inc.

Quote/Declaration: "As a leader and innovation in the security industry, Easy Solutions, Inc. is pleased to announce compatibility with the CVE Initiative"
— Ricardo E. Villadiego, Regional Director, Americas, Easy Solutions, Inc.

Name: Detect Vulnerability Scanning Service - External
Type: Vulnerability Scanning and Assessment Service
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: Detect Vulnerability Scanning Service - External/Internal
Type: Vulnerability Scanning and Assessment Service
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Edgeos, Inc.

Quote/Declaration: "Edgeos' services fully support and implement CVE."

eEye Digital Security

Quote/Declaration: "eEye Digital Security is an innovative leader in vulnerability and security research, providing security solutions that help businesses and users protect their systems and intellectual property from compromise. eEye enables secure computing through world-renowned research and innovative technology, supplying the world's largest businesses with an integrated and research-driven vulnerability assessment, intrusion prevention, and client security solution. eEye is pleased to support the CVE Initiative and will continue to promote the standardization of the CVE naming convention and vulnerability identification. "

Name: Retina Network Security Scanner
Type: Vulnerability Assessment Tool
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Enterasys Networks

Quote/Declaration: "Many of Dragon's IDS signatures already have CVE tags. Our vulnerability signatures will also have CVE tags. Dragon uses these tags to link users directly to the CVE Web site which allows them to get concise and updated vulnerability information."
— Ron Gula, Vice President of Intrusion Detection Systems, Enterasys

esCERT-UPC: The UPC University Computer Emergency Response Team

Quote/Declaration: "At esCERT, we have adapted all our procedures and services to CVE notation since we consider that it is the best way to handle and distribute vulnerability information in a complete and reliable way."

FuJian RongJi Software Company, Ltd

Quote/Declaration: "FuJian RongJi Software Company, Ltd., in association with the Institute of High Energy Physics, the Chinese Academy of Sciences, has developed the RJ-iTop Network Vulnerability Scanner System, which provides CVE Output and is CVE Searchable. In addition, its database is fully searchable by keyword, CVE name, or candidate number. We have made our product compatible with CVE so that administrators can easily differentiate which is the best product for them among the different security products."
— C. Shanmao Lin, RongJi Enterprise

Name: RJ-iTop Network Vulnerability Scanner System
Type: Vulnerability Assessment Tool
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

GamaSec Ltd.

Quote/Declaration: "Gamasec's GamaScan Web application Scanner is an automated security service that searches for software vulnerabilities within Web applications and validates any potential security breaches and risks against a continually updated service database. By incorporating CVE Identifiers into GamaScan, we are providing our customers with the ability to enhance their vulnerability handling processes and further leverage their vulnerability scanners to verify that updates and fixes have been applied."

Gentoo Foundation

Quote/Declaration: "The Gentoo Linux Security Project actively supports the CVE Initiative by referencing corresponding CVE entries in all of our security advisories where appropriate."

GFI Software Ltd.

Quote/Declaration: "GFI recognizes the importance of standards in a field which is encountering even bigger challenges, variation of attacks and abuses of IT systems. While searching for a standard which will allow us to adhere to as well as encourage our customers to refer to vulnerabilities in a particular format, we found a perfect synergy between our technology and CVE. We believe that such integration will provide a common ground for our customers and security administrators out there to share and unify experiences against these ever increasing threats."

Name: GFI LANguard Network Security Scanner
Type: Network Vulnerability Assessment & Remediation Product
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Grupo S21sec Gestión S.A.

H3C Technologies Co., Limited

Quote/Declaration: "H3C Technologies Co., Limited has made our IPS product compatible with CVE for the benefit of our customers and to support industry standards."

Name: SecPath T Series IPS
Type: Intrusion Prevention System
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: SecBlade IPS
Type: Intrusion Prevention System As A Network Switch Module
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Hewlett-Packard Company

Quote/Declaration: "By integrating CVE into our security assessment and management products we enable our customers to promptly and effectively track and respond to security vulnerabilities."

IBM

Quote/Declaration: "IBM actively promotes, supports, and contributes to the emerging open systems standards such as CVE that enable technology management software such as IBM Tivoli Risk Manager and IBM Tivoli Security Operations Manager, intrusion detection, vulnerability assessment, and security management components to inter-operate and share management information. We know that open system standards are a critical step in this direction. We support CVE as the first and the most complete naming convention for vulnerability mapping in the industry and we are committed to using CVE within our product in a tightly integrated fashion."

Name: Rational AppScan
Type: Application Security Assessment Tool
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

IBM Internet Security Systems

Quote/Declaration: "The CVE naming standard developed by MITRE represents a significant leap forward for the information security industry and end user community. As a technology pioneer and leading provider of security management software and services, IBM Internet Security Systems is pleased to be a part of this important initiative as we move toward a standard that is crucial to the effective protection of every organization's critical digital assets."
— Christopher Klaus, Founder and Chief Technology Officer

Name: Internet Scanner
Type: Vulnerability Assessment Tool
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: RealSecure Network 10/100
Type: Network-Based IDS/IPS
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: RealSecure Network Gigabit
Type: Network-Based IDS/IPS
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: RealSecure Server Sensor
Type: Host-Based IDS/IPS
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: Proventia Management SiteProtector
Type: Security Management Platform
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: X-Force Alerts and Advisories
Type: Alerts & Advisories Archive
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: X-Force Database
Type: Vulnerability Database
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: Proventia Enterprise Scanner
Type: Vulnerability Management Assessment System
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

IBM Rational

Quote/Declaration: "Watchfire's AppScan automates web application security audits to help ensure the security and compliance of websites. The use of CVE referencing in AppScan further enhances the information available to our users concerning Web application security vulnerabilities by cross referencing such information with a list of industry standard names."

Name: AppScan
Type: Application Security Assessment Tool
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Information-technology Promotion Agency, Japan (IPA)

Quote/Declaration: "IPA is proud to incorporate CVE in our product line. Our main product, JVN iPedia is a vulnerability database that stores summary and countermeasure information on domestic and overseas software products used in Japan. JVN iPedia is equipped with search functions (Keyword, Product, CVSS, CVE, etc.) and RSS feeds, which provides the accumulated data in a comprehensive manner."

Name: Vulnerability Countermeasure Information Database (JVN iPedia)
Type: Online Vulnerability Database
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: Filtered Vulnerability Countermeasure Information Tool (MyJVN)
Type: Filtered Warnings Application
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Information Risk Management Plc

Quote/Declaration: "IRM ensures that clients acquire and maintain the core elements of information security by providing product-independent, expert, and impartial consulting services to organisations wishing to examine and improve the security of their information assets. It is essential that open and standardised vulnerability descriptions and metrics integrate into IRM's methodology and output so that clients may be assured of a common reference to findings and recommendations. CVE provides such a mechanism and is vital in providing meaningful security threat results."

Name: Security Risk Assessment
Type: Security Risk Assessment Service
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

INFOSEC Technology Co., Ltd.

Integrigy Corporation

Quote/Declaration: "CVE compatibility is an important feature of AppSentry that provides a standardized cross-reference of included vulnerabilities. Inclusion of CVE names in policies and reports allows AppSentry users to quickly and accurately locate critical vulnerability information and to correlate findings with other security tools."

Intellitactics, Inc.

Quote/Declaration: "Intellitactics is pleased to partner with MITRE on the CVE Compatibility program. As a leader in the enterprise security management software technology, we believe that the CVE standardization of multi-vendor security exploits information will greatly benefit our customers. Our current product offering leverages CVE to offer intelligent correlation and threat and incident management solutions and our future offerings will continue to leverage the widely accepted CVE standard."
— Paul MacGyver Carman, Technical Product Manager

Inzen

Quote/Declaration: "Inzen appreciates the efforts of the CVE Initiative and supports CVE by making its products comply with the CVE requirements. Inzen's integrated security solutions will be CVE-compatible. Inzen's solutions include NeoWatcher@ESM (network-based IDS), NeoGuard@ESM and NeoGuard@ESM for NT (host-based IDSes), and NeoScanner@ESM for System and NeoScanner@ESM for Network (vulnerability assessment tools). In addition, Inzen supplies interoperability services, integrated with solutions for other security areas."
— ByungChan Kwak

iPolicy Networks (Security Product Division Of Tech Mahindra Ltd.)

Quote/Declaration: "iPolicy Networks delivers an advanced and comprehensive network security solution for protecting enterprise, carrier and service-provider networks. The intrusion detection and prevention function in the iPolicy Intrusion Prevention Firewalls analyzes network traffics for known vulnerabilities and malware signatures. We strongly support CVE compatibility in our products. It not only ensure for us that we cover entire spectrum of vulnerabilities, it also gives opportunity to our customers to cross reference and verify the effectiveness of the solution provided to them by our products."

Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) and Information-technology Promotion Agency, Japan (IPA)

Quote/Declaration: "Under the Information Security Early Warning Partnership in Japan, IPA receives private vulnerability reports and JPCERT/CC coordinates with developers to prepare patches or remedies. JVN provides infomation such as solution, vulnerability analysis by JPCERT/CC, and vender notes. JVN contains CVE information as well as vulnerability attribute information."

Name: Japan Vulnerability Notes (JVN)
Type: Vulnerability Information Portal Site
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Joeun Security Co., Ltd.

Juniper Networks, Inc.

Quote/Declaration: "As an advocate of initiatives that improve customers' understanding of network security, Juniper believes the CVE standardized list of vulnerabilities and exposures is a significant step towards eradicating the confusion caused by disparate security information. Juniper has incorporated CVE into its intrusion detection and prevention system to help customers understand incidents so that they can quickly respond and effectively protect their networks."

KDware Ltd.

Quote/Declaration: "KDware's Incident MiND is an incident management solution that supports cross-correlation from multi-vendor products with centralized security logging and incident management. Incident MiND uses CVE as an important means for normalizing events across a variety of security devices and supports security experts and IT managers in cross-correlating information and references about different threats reported by disparate security products and solutions."

Kingnet Security, Inc.

Quote/Declaration: "Kingnet Security plays a leading role in network security industry in China. We want our KIDS intrusion detection system to be compatible to the CVE standard so as to bring as much value to our customers as possible."

Name: Kingnet Intrusion Detection System (KIDS)
Type: Intrusion Detection System
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

LANDesk Software Inc.

Quote/Declaration: "LANDesk Security and Patch manager supports the CVE naming standard, it's a simple and practical way to ensure that a vulnerability definition means the same thing to different people."

Name: LANDesk Patch Manager
Type: Patch Management System
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: LANDesk Security Suite
Type: Active Endpoint Security Management
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Legendsec Technology Co. Ltd

Lenovo Security Inc.

Name: Lenovo Security Intrusion Detection System
Type: Intrusion Detection System
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: Leadsec Intrusion Prevention System
Type: Intrusion Protection System
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

LEXSI

Quote/Declaration: "The CSI service of laboratory LEXSI gathers applications and services offering a coherent and complete IT security watch solution to its subscribers. At the core of the CSI, ten experts supervise new security failures, carry out integrity tests, provide manual avoidance solutions, reference and enrich the Vulnerabilities Database. Compatibility between referred vulnerabilities and CVE dictionary provides to our subscribers and partners full interworking of our watch system with all third party products and services."

Quote (French): "Le service CSI du laboratoire LEXSI regroupe un ensemble d'applications et de services à même d'offrir à ses abonnés une solution cohérente et complète de veille en sécurité informatique. Au coeur du CSI, une dizaine d'experts surveille l'apparition de failles de sécurité, effectue des tests d'intégrité, élabore des solutions de contournement, référence et enrichit la Base de Vulnérabilités. La compatibilité entre les vulnérabilités référencées et le dictionnaire CVE offre à nos abonnés et partenaires l'interopérabilité totale de notre système de veille avec l'ensemble des services et produits tiers."

Lumension Security, Inc.

Quote/Declaration: "Lumension Security (formerly PatchLink Corporation) is in the vulnerability management business and as such fully recognizes the value of using CVE names. All of our patches have CVE codes in them."

Name: PatchLink Scan
Type: Assessment Tool
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Mandriva

Quote/Declaration: "Mandriva recognizes the importance of a vendor-neutral list of vulnerabilities that can be cross-referenced by anyone; this is especially important in the growing number of mixed networks, and allows individuals to cross-reference vulnerabilities with ease. All Mandriva advisories will now contain CVE names to provide this service to our users."

McAfee, Inc.

Quote/Declaration: "Because of today's ever changing threats, and vulnerability data a consent must be had to properly identify each. In the malicious code area these naming conventions exist and are very beneficial. The MITRE CVE program provides a naming standard that can be relied on when there is confusion or no standards agreed upon providing a method by which system administrators and other users can search the Internet to get the information on the same vulnerability via various sources."
— Carl Banzhof - Vice President and Chief Technology Evangelist, McAfee

Name: McAfee Foundstone Appliances
Type: Vulnerability Assessment Appliance
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: McAfee Vulnerability Manager
Type: Vulnerability Management and Risk Mitigation
CVE Output: Yes
CVE Searchable: Yes

Name: McAfee Vulnerability Management Service
Type: Managed Security Assessment Service
CVE Output: Yes
CVE Searchable: Yes

Name: McAfee Policy Auditor
Type: Automated Vulnerability Remediation
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: McAfee Remediation Manager
Type: Automated Vulnerability Remediation
CVE Output: Yes
CVE Searchable: Yes

MITRE Corporation

Quote/Declaration: "OVAL provides a common language for security experts to discuss the technical details of how to check for the presence of vulnerabilities and configuration issues on local systems. The results of the discussions are collaboratively developed XML vulnerability, patch, and compliance definitions that are based on a common OVAL Schema and perform the checks. CVE names are used as the basis for all OVAL vulnerability definitions currently collected on the OVAL Web site. For each CVE name, there are one or more OVAL vulnerability definitions that measure the presence of that vulnerability on an end system. OVAL vulnerability definitions on the OVAL Web site can be searched by CVE name with entry or candidate status, and vulnerability definitions called up for review include CVE names."
— Pete Tasker, Executive Director, Security and Info Operations Division

Name: Open Vulnerability and Assessment Language (OVAL) Web site
Type: Standard for Describing Vulnerability and Configuration Criteria
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

N-Stalker, Inc.

Quote/Declaration: "N-Stalker, Inc. is pleased to support MITRE on the CVE Initiative to standardize vulnerability identification. It's a simple and practical way to ensure that a vulnerability definition means the same thing to different people."

National Institute of Standards and Technology

Quote/Declaration: "The National Vulnerability Database contains all CVE information as well as vulnerability attribute information (e.g. vulnerable version numbers), direct access to U.S. government vulnerability resources, and annotated links to industry resources. The underlying data in the database is provided license free via an XML feed."

Name: National Vulnerability Database (NVD)
Type: Online Vulnerability Database
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

nCircle Network Security, Inc.

Quote/Declaration: "nCircle actively supports standardization efforts in the security market, including the CVE's common lexicon for the vulnerability namespace. As a member of the CVE editorial board, we are committed to ensuring nCircle's IP360 product continues to support CVE names and provides customers with an enterprise-class complete lifecycle approach to vulnerability management. Ultimately, this enables customer to find and eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage business risk."
— Tim Keanini, CTO

Name: IP360 Vulnerability Management System
Type: Appliance-Based Enterprise-Class Vulnerability Management System
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

NetClarity

Quote/Declaration: "NetClarity is a strong proponent of the CVE dictionary. The Auditor family of appliances automatically audit networks and reports those vulnerabilities discovered by our patent-pending vulnerability assessment engine. With CVE-specific information and remediation instructions, we enable our customers to better manage their risks, comply with regulations, and protect their assets."
— Gary S. Miliefsky, CTO, CISSP, NetClarity, Inc.

Name: NetClarity Analyst and Update Service
Type: Vulnerability Assessment Appliance and Update Service For Small Mobile Networks
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: NetClarity Auditor 128 and Update Service
Type: Vulnerability Assessment Appliance and Update Service For Small Mobile Networks
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: NetClarity Auditor XL and Update Service
Type: Vulnerability Assessment Appliance and Update Service For Small to Medium Enterprises
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: NetClarity Auditor Enterprise and Update Service
Type: Vulnerability Assessment Appliance and Update Service For Large Networks
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Netcraft Ltd.

Quote/Declaration: "Netcraft is pleased to be able to offer mappings between its vulnerability scanner and the CVE dictionary. We see CVE as an important security administration tool, linking our services to a wider variety of other security devices, services and sources of security information."

Name: Audited by Netcraft
Type: Managed Vulnerability Scanning Service
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

netForensics, Inc.

Quote/Declaration: "As a leader in security information management, netForensics understands the complexity of managing and mitigating risks. Because effective security management is based on the accuracy and timely recognition of an attack, only improved knowledge will enable the proper response mechanism. With the combination of cross-device correlated events from netForensics and the detailed information from CVE, security experts are able to understand the conditions of their enterprise and map threats to exposures. Active support for CVE will improve the knowledge of the security community and fortify enterprise security management."

NetIQ

Quote/Declaration: "NetIQ sees great value in providing CVE compatibility in our NetIQ Vulnerability Manager product. Industry standards such as CVE make it easier for customers to make sense of the constant barrage of security issues, bugs, and vulnerabilities."

netVigilance, Inc.

Quote/Declaration: "The SecureScout line of vulnerability assessment solutions, fully supports CVE references; our speed and ease of use enable users to more efficiently verify CVE coverage."

Name: SecureScout EagleBox
Type: Network Scanning Appliance-Based Service
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: SecureScout NX
Type: Single User Network-Based Vulnerability Assessment Tool
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: SecureScout Perimeter
Type: Web-Based, Internet-Side Vulnerability Assessment Service
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: SecureScout SP
Type: Enterprise Network-Based Vulnerability Assessment Tool
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Network Box Corporation Ltd.

Quote/Declaration: "Network Box Corporation provides integrated security appliances and a managed security service for our clients. We have standardized on using the CVE system for all our vulnerability announcements, and product output. We are in the process of extending our product to report detected intrusions in CVE format and provide a searchable database."
— Mark Webb-Johnson, Technical Director, Network Box Corporation

NII Consulting

Quote/Declaration: "NII strongly believes in adding value to its AuditPro suite of security auditing products. The reports produced by AuditPro and its vulnerability database are now CVE-compatible. This standardization of vulnerabilities will help users locate, understand and fix the vulnerabilities in the easiest and fastest way."

NileSOFT Ltd.

Quote/Declaration: "NileSOFT is proud to incorporate CVE in our product line. Our main products, Secuguard SSE (Host based Vulnerability Assessment Tool), Secuguard NSE (Network based Vulnerability Assessment Tool), mySSE for Web (Online PC Vulnerability Assessment Service), and LogCOPS (Enterprise Log Analysis and Management System) will continue to maintain the latest version of CVE."

Name: Secuguard NSE (Network Security Explorer)
Type: Network based Vulnerability Assessment Tool
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: Secuguard SSE (System Security Explorer)
Type: Host based Vulnerability Assessment Tool
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Niscent s.l.r.

Quote/Declaration: "We have included CVE naming scheme into our patch management framework PatchAgent to support this initiative aimed at creating a common vulnerabilities naming scheme and give to our customers the best interoperability with other security tools. Adding the CVE/CAN codes, Niscent ensures that its customers can gain from a broader information cross-reference, thus making easier identifying vulnerabilities across different products and services."

Nowcom Co., Ltd.

Quote/Declaration: "Wins Technet is pleased to support MITRE on the CVE to standardize vulnerability identification not only for the security industry, but for our customers. SNIPER, our network-based intrusion detection system, has incorporated CVE effort names to provide the most valuable information for our customers."

NSFocus Information Technology (Beijing) Co., Ltd.

Quote/Declaration: "CVE has made significant efforts to standardize the names for vulnerabilities, eliminate the potential gap in security coverage and provide easier interoperability among different security products. NSFocus strives to deliver customers the enhanced security by series of products with full support for the CVE standard."

Name: ICEYE NIDS
Type: Intrusion Detection System
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: AURORA RSAS
Type: Vulnerability Assessment Tool
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

NX Security

Name: NX Enterprise
Type: Vulnerability Assessment Service
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: NX Express
Type: Vulnerability Assessment Service
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

OpenService, Inc.

Quote/Declaration: "OpenService's Security Threat Manager (STM) uses CVE to correlate incoming intrusion detection system (IDS) signatures and targeted systems-specific vulnerabilities in real-time. Soon, STM will provide CVE output and searchability."

Open Source Vulnerability Database (OSVDB)

Quote/Declaration: "The OSVDB will contain full mapping to CVE entries in order to promote correlation, correction and discussion between the OSVDB project, CVE and multiple third-party security products."

Openware

Quote/Declaration: "Openware is pleased to support MITRE's initiative of standardizing vulnerability identification in our managed security services. The adoption of MITRE's CVE standard benefits users, community and vendors by providing a consistent and single way of identifying vulnerabilities across different products."
— Federico Seineldin, CEO and Founder

Outpost24

PatchAdvisor, Inc.

Quote/Declaration: "The CVE tracking standard represents a recognized means by which the multitude of vulnerabilities within PatchAdvisor's database can be easily cross-referenced and standardized. We look forward to becoming fully CVE-compatible, adding yet another layer of intelligence to PatchAdvisor's product offerings."

Prism Microsystems, Inc.

Quote/Declaration: "Use of a standard such as CVE enables security experts and IT managers to cross-correlate information and references about different threats reported by disparate security products and solutions - a necessity to understand the real impact of vulnerabilities and attacks."

Privacyware

Quote/Declaration: "Privacyware's products resolve many of the acute security problems within Microsoft Windows software which has been achieved by working closely with research groups to contribute and exchange information obtained through experience. MITRE's CVE Compatibility Program represents an important core group for industry wide security information and with CVE Compatibility, Privacyware will continue to build and maintain important security measures that are extensible with most IT security strategies."
— Ben Campbell, Privacyware

Protegrity Corporation

Quote/Declaration: "As a leading provider of application-layer security solutions, Protegrity is proud to support the CVE standard. Protegrity will continue to advance the CVE Initiative and contribute toward the consolidation of the security community."

Qualys

Quote/Declaration: "Qualys is pleased to support MITRE's CVE Initiative of standardizing vulnerability identification and has incorporated the CVE naming scheme into its QualysGuard Web Services Architecture."
— Gerhard Eschelbeck, CTO & Vice President of Engineering

Rapid 7, Inc.

Quote/Declaration: "As the provider of NeXpose, an enterprise vulnerability management product developed to accurately identify security weaknesses in an enterprise network, Rapid7 supports the CVE standard. With the volume of new vulnerabilities being found, a standard such as CVE enables all security vendors to be clear about what exposures their products have found, enabling the security staff to better understand what is being reported by disparate security products and how to remedy the issue."

Name: NeXpose
Type: Vulnerability Assessment Tool
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Red Hat

Quote/Declaration: "It is often confusing when the same security issues get fixed by different vendors in different ways with different names and descriptions. We see the CVE Initiative as the way to solve this problem, giving the community accurate information on which they can base their security decisions. We are working with MITRE to contribute and validate new entries as well as publish CVE entries in our security advisories."
— Mark Cox, Senior Director of Engineering

Name: Red Hat Security Advisories
Type: Advisory Capability
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

RUS-CERT University of Stuttgart

Quote/Declaration: "The announcement service run by RUS-CERT already uses CVE as the reference dictionary for vulnerability identification for a long time."
— Oliver Goebel

Safend

Quote/Declaration: "Organizations, from Government entities to Commercial enterprises, have become increasingly aware of the threats that portable devices bring to production networks. Compliance requirements and the proliferation of devices that can freely attach to network PC endpoints are driving these concerns of data theft to malware propagation. With endpoint physical port protection in mind, Safend plays a leading role as a technology solution provider. We will provide meaningful, standardized information to the CVE effort so that effective IT industry protection can be achieved through shared knowledge."

SAINT Corporation

Quote/Declaration: "SAINT, WebSAINT, and SAINTbox vulnerability reports and tutorials include relevant CVE links, providing the user with easy reference to related information and a basis for determining the extent of each product's capabilities. SAINTmanager vulnerability reports and tutorials include relevant CVE links, providing the user with easy reference to related information and a basis for determining the extent of SAINTmanager's capabilities. SAINT, WebSAINT, and SAINTbox are also CVE searchable with a CVE cross-reference that maps the CVE entries to the SAINT tutorials, while SAINTmanager is CVE searchable with a CVE cross-reference that maps the CVE entries to the corresponding SAINTmanager vulnerability IDs. We will continue to keep all SAINT products updated with the latest CVE numbers as they become available."

Name: SAINTbox
Type: Network Vulnerability Scanning Appliance
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: SAINTmanager
Type: Network Vulnerability Assessment Management Console
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: Security Administrator's Integrated Network Tool (SAINT)
Type: Vulnerability Assessment Tool
CVE Searchable: Yes (through a mapping)
CVE Output: Yes
Review Completed Questionnaire

Name: WebSAINT
Type: Web-based Vulnerability Scanning Service
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Sandvine Incorporated

Quote/Declaration: "Because of the ever-increasing number of network traffic attacks and vulnerabilities they exploit, tracking quickly becomes a complex and difficult task across attacks, subsequent variants, and four geographic continents, and all the languages therein. It is the intention of Sandvine to use the CVE naming scheme mechanism not only for commonly identifying the vulnerabilities within our hardware and software but also as a taxonomy to group the network attacks our systems are intended to prevent."

SANS

Quote/Declaration: "The SANS GIAC training is CVE-compatible. Student assignments for intrusion detection and hacker exploits reference CVE. In addition, ID'Net is CVE-compatible."
— Steve Northcutt, Director, SANS Global Incident Analysis Center

scip AG

Quote/Declaration: "We are ensuring our users can identify the correct vulnerabilities by using CVEs."

SECNAP Network Security Corporation

Quote/Declaration: "It it our intention, and commitment to support the MITRE CVE efforts in order to assist the user community by providing a standard and consistent way to gather and validate information on security vulnerabilities."

SecPoint

Quote/Declaration: "The SecPoint Penetrator Appliance is a unique product that combines, Vulnerability Assessment, Launching of Real Exploits, Complete Penetration testing and our use of CVE is a valuable feature for our customers."

Secunia

Quote/Declaration: "Secunia constantly monitors and review CVE entries to ensure that these are appropriately and accurately matched with the verified Secunia Vulnerability Intelligence provided in our Advisories, Secunia PSI, Secunia CSI, Secunia OSI, Secunia VIF, and Secunia EVM. "

Secure Associates

Quote/Declaration: "Secure Associates' MindStorm Enterprise Edition and MindStorm MSSP Edition security information management platforms normalize, correlate, and prioritize security alerts and logs for effective and efficient security information management in a centralized console. With our proven product solution and a set of escalation and implementation methodology - and by incorporating the CVE standard - we enable service providers and enterprise clients to manage, monitor, analysis, report, and respond to their security infrastructure proactively at a cost-effective mean."

Secure Elements, Incorporated

Quote/Declaration: "C5 EVM combines vulnerability information from a myriad of sources to provide the most complete coverage possible for our customers. By relying on CVE, C5 EVM seamlessly integrates the information, providing our customers the highest level of protection available."
— Dan Bezilla, CTO

Name: C5 Enterprise Vulnerability Management (EVM) Suite
Type: Automated Vulnerability Remediation
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

SecureInfo Corporation

Quote/Declaration: "SecureInfo RMS, award-winning certification and accreditation software, is CVE-compatible. Supporting CVE is an important part of our vision in providing continuous monitoring capabilities in support of FISMA and our customer's information security programs."
— Roberto R. Garcia, V.P. Product Engineering

Name: Risk Management System (RMS)
Type: Compliance Framework Tool
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

SecureWorks

Quote/Declaration: "MITRE's CVE standard helps SecureWorks provide our clients with a seamless, consolidated view of their security and risk environment, and aids our security analysts in correlating valuable threat information from disparate sources."

Security Database

Quote/Declaration: "Security Database uses the publicly known vulnerabilities identified in the CVE List as the basis for most of the queries. Security Database's CVE and Compatibility documentation includes the CVE version number used. All data are relayed in realtime."

Security Horizon, Inc.

Quote/Declaration: "Security Horizon, Inc. currently holds a Cooperative Research and Development Agreement (CRADA) with the National Security Agency (NSA) to teach eligible students in the INFOSEC Assessment Methodology (IAM) and INFOSEC Evaluation Methodology (IEM) courses. These two INFOSEC courses are intended to create a standardized baseline of activities that constitute an NSA approved methodology for measuring the security posture of an organization. As part of the development and teaching of these courses, our company has the requirement to ensure that both the courseware and the students understand the value of using the Common Vulnerability and Exposure naming scheme. In addition, the IEM course specifically requires the use of CVE names with entry or candidate status to measure the actual exposure to organizations with each listed finding. Security Horizon, as a co-author of the instructional course, also uses these methodologies to perform assessments and evaluations on its own customer base."

SecurityReason

Quote/Declaration: "To protect our customers from security problems we implemented CVE in our system, because we know that CVE is authoritative and dependable source of information about vulnerabilities and one of the first sites putting information about new vulnerabilities. SecurityReason realizes the importance of common security identifiers in security vulnerability advisories. We are pleased to support the CVE Initiative."

SecurityTracker

Quote/Declaration: "SecurityTracker is proud to integrate support for CVE. The SecurityTracker database of vulnerability alerts now includes CVE numbers."

SecurView Inc.

Shavlik Technologies, LLC

Quote/Declaration: "Shavlik is committed to providing the best information possible to our customers. We include CVE references in our patch database and display this data in our patch management product. We are now formalizing the presentation of this data by declaring CVE compatibility."

Silicomp-AQL

Quote/Declaration: "CVE compatibility ensures that administrators can easily use different security products in order to find additional information they need."

Quote (French): "La compatibilité CVE permet aux administrateurs de naviguer entre les différents produits de sécurité, afin d'y trouver les compléments d'information dont ils ont besoin."

Name: Vigil@nce
Type: Online Vulnerability Database (French)
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

SIMCommander LLC

Quote/Declaration: "SIMCommander is a leading developer of solutions to manage, monitor, analyze, report on, and respond to security information for large enterprises, government institutions, and service providers. SIMCommander's solution for enterprises is a software platform that enables any business or organization to visualize and correlate security information in real-time. Enterprises use SIMCommander technology to lower their day-to-day security operational costs and at the same time ensure compliance with regulatory requirements such as Sarbanes-Oxley and ISO-17799."

Skybox Security Inc.

Quote/Declaration: "Skybox Security supports standards such as CVE that promote interoperability of security products. Skybox View, our exposure risk management solution, uses CVE names in its vulnerability dictionary and cross-references these to vulnerabilities imported by all vulnerability scanners such as Nessus, eEye Retina, ISS Internet Scanner, Qualys, and other market leaders. By running attack simulations against a virtual model of the network, Skybox View reveals vulnerabilities, based on CVE names, that are truly critical because they lie along an attack path to critical business applications. The CVE Initiative allows security professionals to understand risks and exposures in terms that can be cross-referenced to other security products - a growing necessity as more and more solutions automate the risk management process."

Name: Skybox View
Type: Exposure Risk Management Solution
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Snort Development Team

Quote/Declaration: "CVE provides an excellent mapping between various tools that allows Snort users to quickly and accurately link together information providedby various other security tools and informational databases."
— Brian Caswell and Martin Roesch

SoftRun, Inc.

Quote/Declaration: "Softrun is the leading provider of Patch Management System in Korea and serving patch management service to hundreds of local corporations. Softrun is pleased to support CVE and will continue to promote the standardization of vulnerabilities."

Software in the Public Interest, Inc.

Quote/Declaration: "Debian developers understand the need to provide accurate and up-to-date information of the security status of the Debian distribution, allowing users to manage the risk associated with new security vulnerabilities. CVE enables us to provide standardized references that allow users to develop a CVE-enabled security management process."

Name: Debian Security Advisories
Type: Advisories
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Sourcefire, Inc.

Quote/Declaration: "Sourcefire's intelligent security monitoring solutions provide a fully integrated security monitoring infrastructure for identifying and protecting against network threats. Sourcefire is dedicated to providing actionable insight into security threats on a network and is pleased to support open system standards such as MITRE's CVE."

Spirenet Communications

StillSecure

Quote/Declaration: "StillSecure is pleased to offer CVE compatibility in VAM, our vulnerability management system. A common language for tracking security threats is critical to managing the vulnerability lifecycle. StillSecure products are cost-effective and easy-to-use, and we will continue to participate in and leverage industry-wide standards such as CVE."
— Mitchell Ashley, CTO and VP Engineering

Stonesoft Corporation

Quote/Declaration: "Our customers like to have their vulnerability information in standard format and from a reliable source."

Sunbelt Software

Quote/Declaration: "Sunbelt Software's Network Security Inspector (SNSI) utilizes a top-rated commercial grade vulnerability database that integrates the CVE standard, which provides administrators a fast and affordable way to find security holes and address these vulnerabilities quickly with recommended remediation instructions. SNSI delivers specific CVE information where available for any vulnerabilities found, while group scans can be configured for all or specific CVE vulnerabilities based on the administrator's need."
— Stu Sjouwerman, COO and Founder, Sunbelt Software, Inc.

Syhunt, Inf. Ltd.

Quote/Declaration: "CVE enhances our security database and helps Syhunt defend our customers from exposure to vulnerabilities."

Symantec

Quote/Declaration: "Symantec maintains one of the largest vulnerability databases available today. Consisting of over 9000 distinct vulnerability records, we have strived to maintain CVE compliance from the outset of the CVE Initiative."

"Symantec fully supports an industry-wide standard for the indexing of vulnerabilities. Our public web sites (SecurityFocus and SecurityResponse), and our commercial alerting services (DeepSight Alert Services) fully conform to the CVE requirements. This allows our customers to search for, and research vulnerabilities and blended threats using this common nomenclature. Symantec's wide range of security products utilize the industry-leading vulnerability database and employ trusted, fast and automated response capabilities to identify threats identified by CVE."

Name: DeepSight Alert Services
Type: Vulnerability Alerting Service and Database
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: SecurityFocus Vulnerability Database
Type: Vulnerability Database
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Syntek Systems Corporation, Inc.

Quote/Declaration: "Syntek Systems' security lifecycle management product, enables organizations to identify relevant information from the masses of configuration, performance, and security data that must be analyzed, and to finally begin to automate the process of preparedness and remediation. Syntek's distributed analytics engine takes advantage of CVE to map correlated data against a centralized database of known vulnerabilities—a critical step in the process of identifying only the information that is significant and initiating appropriate remediation processes."

TecForte Sdn Bhd

Quote/Declaration: "TecForte is an ICT Security company focused on developing enterprise-class security management solutions. Our product provides customizable correlation tools to monitor and cross-check disparate devices, hence exposing security threats and facilitating vulnerability management. We are committed to supporting a high-level of security, and are pleased to promote and support the CVE naming standards."

Telos Corporation

Quote/Declaration: "Xacta IA Manager is a risk/compliance management/measurement software that incorporates vulnerabilities as part of the overall risk assessment. Because our principle customer is the Department of Defense, we recognize the importance of being compatible with CVE. We expect to have the product fully CVE compatible with the release of our 5.0 version of Xacta IA Manager."

Tenable Network Security Inc.

Quote/Declaration: "Tenable Network Security utilizes the CVE program to tag each of our vulnerabilities detected by Nessus and the Passive Vulnerability Scanner. This information is also heavily used through the Security Center for reporting, education, IDS event correlation and linking with 3rd party security information."

Name: Passive Vulnerability Scanner
Type: Passive Network Monitor
CVE Searchable: Yes (using Security Center)
CVE Output: Yes
Review Completed Questionnaire

Name: Security Center
Type: Enterprise Security Management System
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: Nessus Security Scanner
Type: Vulnerability, Patch and Configuration Auditing Tool
CVE Searchable: Yes (using Security Center)
CVE Output: Yes
Review Completed Questionnaire

ThreatGuard, Inc.

Quote/Declaration: "Recognizing the importance of common indexing of known vulnerabilities, ThreatGuard has included CVE references in ThreatGuard VMS and ThreatGuard Traveler. These references are seamlessly integrated with the ThreatGuard Navigator client application, reports, and search engine. As we release new vulnerability tests, it is among ThreatGuard's top priorities to ensure CVE referencing is included and accurate, extending the efforts of the CVE initiative."

Name: ThreatGuard Traveler
Type: Continuous Security Auditing and Compliance Management for Service Providers
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Name: ThreatGuard Vulnerability Management System
Type: Continuous Security Auditing and Compliance Management
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

TippingPoint Technologies

Quote/Declaration: "TippingPoint is in the business of simplifying security. We are a strong proponent of MITRE's CVE standards initiative."

Name: TippingPoint Intrusion Prevention System (IPS)
Type: Network-Based Intrusion Prevention System
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

TMC y Cia

Quote/Declaration: "We have aligned our service/appliance FAV with the CVE vulnerabilities standard for the benefit of our customers."

Name: FAV - Falcon Vulnerabilities Analysis
Type: Vulnerability Analysis Service/Appliance
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

TraceSecurity, Inc.

Trend Micro, Inc.

Name: Trend Micro Vulnerability Assessment
Type: Vulnerability Assessment Product with Virus Info Association
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

Trustwave

Name: TrustKeeper
Type: Vulnerability Scanning Service
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire

VeriSign, Inc.

Quote/Declaration: "VeriSign supports the efforts of MITRE to standardize vulnerability information."

Visionael

VUPEN Security

Quote/Declaration: "VUPEN Security (formerly FrSIRT) personalized vulnerability and threat alerts, 24/7, 365 days a year, to inform organizations of new potential threats. Our services are designed to deliver notification of vulnerabilities and exploits as they are identified, providing timely, actionable information and guidance to help mitigate risks before they are exploited."

Westpoint Ltd.

Quote/Declaration: "Westpoint, and more importantly its customers, have long since realised the value of the CVE unified vulnerability referencing scheme in helping to eradicate risks from the organisation. As such Westpoint is happy to participate in any programme that gives the Internet community greater freedom of choice in the security products and services they choose to adopt."

Xentinel Digital Security, Inc.

Quote/Declaration: "Xentinel Digital Security provides daily remote vulnerability assesment to e-merchants through its HACKER FREE Certification and PCIPass (Payment Card Industry Security Standards Compliance Passport). Xentinel tools support the CVE standard to facilitate the integration with other security tools. Additionally, our mapping to CVE makes it easy for customer's to reference key information to protect their organzation from internet security threats."

Xi'an Jiaotong University Jump Network Technology Co.,Ltd

Quote/Declaration: "We have incorporated CVE to improve the quality of our product."