Organizations Participating

GRAND TOTALS

Products & Services: 299
Organizations Participating: 152

All organizations participating in the Compatibility Program are listed below, including those with CVE-Compatible Products and Services and those with Declarations to Be CVE-Compatible.

Organizations are listed alphabetically:

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
ADTsys Software Date Declared: Jan 30 2014

Web Site:

Quote/Declaration: We wish to join the CVE Compatibility Program to contribute to the correction of vulnerabilities and also assure our customers security.

Name: ADTsys Cloud Security
Type: Cloud Security    
CVE Coverage: Yes
CVE Output: Yes
CVE Searchable: Planned
  Last Updated: Feb 27, 2014
AdventNet, Inc.

Web Site:

Quote/Declaration: AdventNet is pleased to support CVE names in the vulnerability database of the SecureCentral product line, as part of our commitment to embracing industry standards.

Name: ManageEngine Security Manager Plus
Type: Vulnerability Management Software for Windows and Linux Systems  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: SecureCentral PatchQuest
Type: Patch Management Software for Windows and Linux systems  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Feb 20, 2014
Altex-Soft Date Declared: February 6, 2013

Web Sites:

(English) altx-soft.com
(Russian) altx-soft.ru
Name: Altex-Soft Ovaldb
Type: Vulnerability, Patch, and Compliance Assessment  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Apr 16, 2014
Apple Computer, Inc.

Web Site:

Name: Apple Product Security
Type: Security Updates for Apple Products    
CVE Output: Yes
CVE Searchable: Yes
 
Application Security, Inc.

Web Site:

Quote/Declaration: Application Security, Inc. is committed to delivering solutions that are compatible and interoperable with the IT security environment at large. In the vulnerability management marketplace, that means speaking CVE. We've kept our SHATTER knowledgebase, the world's most comprehensive list of database vulnerabilities and misconfigurations, up-to-date with CVE references since 2004.

— Josh Shaul, CTO
Name: AppDetectivePro
Type: Database Vulnerability Assessment Tool  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: AppDetectivePro for IBM DB2
Type: Database Vulnerability Assessment Tool    
CVE Output: Yes
CVE Searchable: Yes
Name: AppDetectivePro for Lotus Notes/Domino
Type: Database Vulnerability Assessment Tool    
CVE Output: Yes
CVE Searchable: Yes
Name: AppDetectivePro for Microsoft SQL Server
Type: Database Vulnerability Assessment Tool    
CVE Output: Yes
CVE Searchable: Yes
Name: AppDetectivePro for MySQL
Type: Database Vulnerability Assessment Tool    
CVE Output: Yes
CVE Searchable: Yes
Name: AppDetectivePro for Oracle
Type: Database Vulnerability Assessment Tool    
CVE Output: Yes
CVE Searchable: Yes
Name: AppDetectivePro for Sybase
Type: Database Vulnerability Assessment Tool    
CVE Output: Yes
CVE Searchable: Yes
Name: DbProtect
Type: Database Intrusion Protection, Detection, and Prevention  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: TeamSHATTER.com
Type: Threat Resource Database  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Assuria Limited

Web Site:

Quote/Declaration: Assuria Auditor (formerly ISS System Scanner) was previously certified as ISS System Scanner. Assuria have enhanced and added functionality and features around CVE reporting in the product.

Name: Assuria Auditor
Type: Vulnerability Assessment and Remediation  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Backbone Security.com, Inc.

Web Site:

Quote/Declaration: We aim to provide our customers with the best information available on how to protect their infrastructure. By integrating CVE into our product, we are providing up-to-date vulnerability information that can be used to enable a network administrator to defend their enterprise data and resources.

Name: 24 x 7 Monitoring
Type: Network Appliance and Managed Service    
CVE Output: Yes
CVE Searchable: Yes
Name: One Stop PCI Scan
Type: PCI Approved Scanning Service    
CVE Output: Yes
CVE Searchable: Yes
 
Beijing Leadsec Technology Co., Ltd. Date Declared: March 13, 2011

Web Site:

Name: Leadsec Intrusion Prevention System
Type: Intrusion Protection System  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Leadsec Security Intrusion Detection System
Type: Intrusion Detection System  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Beijing Netpower Technologies Inc.

Web Site:

Quote/Declaration: Beijing Netpower Technologies Inc. is a leading network security products producer in China. We assure that Netpower Network Security Assessment System is fully compatible with CVE standards.

Name: Netpower Network Security Assessment System
Type: Vulnerability Assessment Tool    
CVE Output: Yes
CVE Searchable: Yes
 
Beijing Topsec Co., Ltd.

Web Site:

Name: TopSentry Intrusion Detection System
Type: Intrusion Detection and Management  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Topsec Intrusion Protection System (TopIDP)
Type: Intrusion Protection and Management  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Topsec Vulnerability Assessment and Management System (TopScanner)
Type: Vulnerability Assessment and Remediation System  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Dec 23, 2013
Beijing Venustech Cybervision Co., Ltd.'s

Web Site:

Quote/Declaration: Beijing Venustech provides users with a series of network security products, which along with our own independent intellectual property, are compliant with the international standard, CVE. Beyond products, we deliver our customers life-cycle services including consulting, design, implementation, maintenance, and training.

— Helen Wang
Name: Cybervision Intrusion Detection System
Type: Intrusion Detection System  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Cybervision Vulnerability Assessment and Mangement System
Type: Vulnerability Scanner  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Venusense Intrusion Prevention System
Type: Intrusion Prevention System  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Venusense Threat Detection and Intelligent Analysis System
Type: Intrusion Detection and Intelligent Analysis  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Venusense Unified Security Gateway
Type: Unified Threats Management (UTM)  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Venusense Web Application Gateway
Type: Web Application Firewall  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Beyond Security Ltd.

Web Site:

Quote/Declaration: Beyond Security Ltd.'s Automated Scanning provides users with a complete picture of the security of their organization by leveraging the huge SecuriTeam.com knowledgebase. As such, we see high importance for the CVE naming scheme, which provides a global independent reference for known security vulnerabilities.

Name: AVDS
Type: Automated Vulnerabilities Scanner  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: AVDS Server
Type: Automated Vulnerabilities Scanner Platform For Service Providers  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: AVDS Services
Type: Automated Vulnerabilities Scanning Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Sep 23, 2013
Beyond Trust

Web Site:

Quote/Declaration: Beyond Trust is an innovative leader in vulnerability and security research, providing security solutions that help businesses and users protect their systems and intellectual property from compromise. eEye enables secure computing through world-renowned research and innovative technology, supplying the world's largest businesses with an integrated and research-driven vulnerability assessment, intrusion prevention, and client security solution. eEye is pleased to support the CVE Initiative and will continue to promote the standardization of the CVE naming convention and vulnerability identification.

Name: Retina Network Security Scanner
Type: Vulnerability Assessment Tool  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Feb 25, 2014
Black Box Corporation Date Declared: March 29, 2010

Web Site:

Quote/Declaration: As a global leader in data, voice and enterprise security solutions, Black Box Corporation (BBOX) fully supports the MITRE CVE® standard. We are pleased to deploy our award winning CVE-compatible Veri-NAC appliances into the market with a faster, less invasive vulnerability scanning system with direct links into the National Vulnerability Database (NVD) for a deeper understanding of common vulnerabilities and exposures as well as faster remediation.

Name: Veri-NAC Appliances
Type: Veri-NAC is a one-box vulnerability management and network access control (NAC) appliance  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
BlackStratus

Web Site:

Quote/Declaration: As a leader in security information management, BlackStratus understands the complexity of managing and mitigating risks. Because effective security management is based on the accuracy and timely recognition of an attack, only improved knowledge will enable the proper response mechanism. With the combination of cross-device correlated events from netForensics and the detailed information from CVE, security experts are able to understand the conditions of their enterprise and map threats to exposures. Active support for CVE will improve the knowledge of the security community and fortify enterprise security management.

Name: BlackStratus SIEM Storm
Type: Security Information Management  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Feb 25, 2014
BroadWeb Corporation, Ltd. Date Declared: July 10, 2012

Web Site:

Name: EnforcerX
Type: Intrusion and Prevention Systems (IPS)    
CVE Output: Planned
CVE Searchable: Planned
Name: NetKeeper
Type: Gigabit-level Multi-port Intrusion and Prevention Systems (IPS)    
CVE Output: Planned
CVE Searchable: Planned
 
Catbird Networks, Inc.

Web Site:

Quote/Declaration: Catbird V-Security is a comprehensive security and compliance solution for virtual and physical infrastructures, delivering best-practice security for Hypervisor, Guest VMs and Policy/Regulatory Compliance. Cross-indexing the CVE in reports we present to our partners and customers assists them in building effective security programs.

Name: Catbird vSecurity
Type: Security Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Cenzic, Inc.

Web Site:

Quote/Declaration: Cenzic is pleased to integrate CVE information with our Hailstorm application security assessment product. Customers benefit from a widely supported standard while taking advantage of the leading application security assessment product.

Name: Cenzic ClickToSecure
Type: Application Security Assessment Service    
CVE Output: Yes
CVE Searchable: Planned
Name: Cenzic Hailstorm Enterprise ARC
Type: Application Security Assessment Tool    
CVE Output: Yes
CVE Searchable: Planned
Name: Cenzic Hailstorm Professional
Type: Application Security Assessment Tool    
CVE Output: Yes
CVE Searchable: Planned
 
CERIAS/Purdue University

Web Site:

Quote/Declaration: CVE is the key to vulnerability database compatibility. The CERIAS Cooperative Vulnerability Database and the Cassandra tool currently provide CVE Output and are also CVE Searchable. The CERIAS ESP is entirely based on CVE. The CIRDB (CERIAS Incident Response Database) already provides CVE output. The growing importance and recognition of CVE requires the CIRDB to be searchable and fully CVE-compatible, which we will do for the release currently under development.

— Pascal Meunier, Assistant Research Scientist, CERIAS
Name: CERIAS Cooperative Vulnerability Database
Type: Vulnerability Database    
CVE Output: Yes
CVE Searchable: Yes
Name: Cassandra
Type: Profiled Search Tool of Vulnerability Database    
CVE Output: Yes
CVE Searchable: Yes
 
CERT Coordination Center

Web Site:

Quote/Declaration: We will begin directly contributing new CVE entries, as well as using existing CVE entries to annotate our published advisories.

— (Bill Fithen, Sep 29, 1999 press conference)
Name: CERT Vulnerability Notes Database
Type: Database    
CVE Output: Yes
CVE Searchable: Yes
Name: CERT/CC Advisories
Type: Archives    
CVE Output: Yes
CVE Searchable: Yes
 
Cert-IST

Web Site:

Quote/Declaration: Cert-IST offers its partners and clients a Security Advisory and Alert service, both in French and English. Cert-IST offers also a vulnerability database, accessible through Web interface, created in September 97, and maintained by a dedicated team. Cert-IST uses CVE in its advisory database, with the objective to improve the information and knowledge level in the security community.

Name: Cert-IST Knowledge Base
Type: Vulnerability Database  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Check Point Software Technologies, Ltd.

Web Site:

Quote/Declaration: Check Point is pleased to participate in the CVE Compatibility program, which will benefit the worldwide computing community by providing a common terminology for tracking security threats and make discourse among all community members (users, vendors, service providers, and others) more intelligible and productive.

Name: Check Point IPS-1
Type: Intrusion Detection and Prevention    
CVE Output: Yes
CVE Searchable: Yes
Name: VPN-1/FireWall-1 with SmartDefense
Type: Scalable VPN and Firewall    
CVE Output: Yes
CVE Searchable: Yes
 
China National Computer Software & Technology Service Corporation (CSS)

Web Site:

Quote/Declaration: China National Computer Software & Technology Service Corporation (CSS) is a leading company in the field of software development in the People's Republic of China. We believe it is important for our security solution to be fully compatible with the Common Vulnerabilities and Exposures (CVE) standard.

— Ph. D. Dongping Ma, Chief of Information Security Lab of CSS
Name: Distributed Intrusion Detection, DIDSystem
Type: Intrusion Detection System    
CVE Output: Yes
CVE Searchable: Yes
 
Cisco Systems, Inc.

Web Site:

Quote/Declaration: Cisco sees CVE as an important step in the collaborative efforts of the vulnerability science community. It is a tool that allows our security research and product development teams to focus on adding value for our customers. Cisco will incorporate the CVE dictionary into its products.

— Andrew Balinsky, Cisco Secure Encyclopedia Project Manager
Name: Cisco Secure Intrusion Protection System
Type: Intrusion Detection System    
CVE Output: Yes
CVE Searchable: Yes
Name: Cisco Security Center
Type: Vulnerability Database    
CVE Output: Yes
CVE Searchable: Yes
Name: Cisco Security IntelliShield Alert Manager Service
Type: Security Intelligence Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Feb 28, 2014
Clear North Technologies, Inc.

Web Site:

Quote/Declaration: The objective of the Clear North Technologies penetration study is to identify and report vulnerabilities in the client's perimeter network which may provide attackers with an opportunity to gain unauthorized access to private computer systems and networks. In performing the penetration study, Clear North Technologies will employ techniques and tools similar to those used by external threats with the intention of compromising perimeter network safeguards in an effort to gain access to the client's private computer systems and networks.

Name: Penetration Study
Type: Penetration Study    
CVE Output: Yes
CVE Searchable: Yes
 
Codenomicon Ltd. Date Declared: Mar 14 2014

Web Site:

Quote/Declaration: Codenomicon is a cyber-security company that focuses on vulnerability management and situational awareness of cyber abuse. Our proven cost effective solutions help organizations to quickly identify, manage, and remediate security issues associated with known and unknown software vulnerabilities and abuse information from interactive visualizations of real-time network information.

Name: Codenomicon Appcheck
Type: Binary Scanner    
CVE Output: Yes
CVE Searchable: Yes
  Last Updated: Mar 14, 2014
Computec.ch

Web Site:

Name: Attack Tool Kit (ATK)
Type: Security Auditing and Penetration Testing    
CVE Output: Yes
CVE Searchable: Yes
 
Computer Security Laboratory, Dept. of Computer Science, UC Davis

Web Site:

Quote/Declaration: We will put the CVE names into this database in order to provide a cross reference to that enumeration.

— Matt Bishop
Name: DOVES
Type: Vulnerability Database    
CVE Output: Planned
CVE Searchable: Planned
 
Core Security Technologies

Web Site:

Quote/Declaration:  As the provider of CORE IMPACT, the industry's first automated penetration testing product, Core Security Technologies is pleased to support the CVE standard. CVE provides a critical common language for naming vulnerabilities and allows us to not only link exploits to vulnerabilities within IMPACT, but also to provide interoperability with vulnerability scanners, intrusion detection and remediation products and other risk assesment and management solutions.

— Ivan Arce, CTO, Core Security Technologies
Name: CORE IMPACT
Type: Automated Penetration Testing    
CVE Output: Yes
CVE Searchable: Yes
 
CounterSnipe LLC

Web Site:

Quote/Declaration: CounterSnipe aims to ensure that our customers' networks are provided with maximum protection and we believe that it is absolutely critical to at least guard against known and published vulnerabilities. There is no better way than ensuring CVE compatibility.

Name: Countersnipe
Type: Knowledge based Intrusion Prevention Systems    
CVE Output: Yes
CVE Searchable: Yes
 
Cr0security Date Declared: October 1, 2013

Web Site:

Name: Cr0security Certified Security Testing
Type: Professional Security Testing Certification  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Cr0security Penetration Testing and Consultant Services
Type: Network Penetration Testing and Vulnerability Assessment Services    
CVE Coverage: Yes
CVE Output: Yes
CVE Searchable: Yes
  Last Updated: Dec 11, 2013
Critical Watch

Web Site:

Quote/Declaration: Critical Watch supports MITRE's CVE program for standardizing a naming scheme for vulnerabilities. Incorporating CVE names into our enterprise vulnerability management solution enables our customers to act swiftly and confidently to collapse windows of exposure.

— Nelson Bunker Chief Security Officer
Name: FusionVM Consultant
Type: Appliance-Based Managed Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: FusionVM Enterprise System
Type: Appliance-Based Managed Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: FusionVM MSSP
Type: Appliance-Based Managed Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: FusionVM PCI
Type: Remote Scanning Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: FusionVM Software as a Service (SaaS)
Type: Remote Scanning Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
CXSecurity Date Declared: January 3, 2012

Web Site:

Name: World Laboratory of Bugtraq (WLB) 2
Type: Vulnerability Database  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
DBAPPSecurity Limited

Web Site:

Quote/Declaration: DBAPPSecurity focuses on web application security and database security. It provides web vulnerability scanner (MatriXay), web application firewall, database scanner, database auditor, log auditor, web monitor and professional security services for information security and risk management, which compliance with many kinds of laws and regulations.

Name: Database Auditor
Type: Database Auditing    
CVE Output: Yes
CVE Searchable: Yes
Name: Database Vulnerability Scanner
Type: Database Vulnerability Scanner    
CVE Output: Yes
CVE Searchable: Yes
Name: Intrusion Monitoring
Type: Intrusion Monitoring    
CVE Output: Yes
CVE Searchable: Yes
Name: Web Application Firewall
Type: Web Application Firewall    
CVE Output: Yes
CVE Searchable: Yes
Name: Web Application Vulnerabilities Scanner
Type: Web Vulnerability Scanner    
CVE Output: Yes
CVE Searchable: Yes
 
Dell SecureWorks

Web Site:

Quote/Declaration: MITRE's CVE standard helps SecureWorks provide our clients with a seamless, consolidated view of their security and risk environment, and aids our security analysts in correlating valuable threat information from disparate sources.

Name: Security Information Management
Type: Managed Security Service    
CVE Output: Yes
CVE Searchable: Planned
Name: Security Monitoring Service
Type: Managed Security Monitoring    
CVE Output: Yes
CVE Searchable: Yes
Name: Threat Intelligence
Type: Security Intelligence Service    
CVE Output: Yes
CVE Searchable: Yes
Name: Vulnerability Scanning Service
Type: Managed Security Service    
CVE Output: Yes
CVE Searchable: Yes
  Last Updated: Feb 25, 2014
DragonSoft Security Associates, Inc.

Web Site:

Quote/Declaration: DragonSoft Security Associates, Inc. believes that CVE provides the correct direction to a uniform and consistent representation of vulnerabilities and exposures information. As a company which research and design vulnerabilities and exposures detecting software, we are very desirous to providing CVE compatible product to our customers that researches and designs software for detecting vulnerabilities and exposures, we believe it is important to provide CVE-compatible products to our customers.

Name: DragonSoft Secure Scanner
Type: Vulnerabilities and Exposures Assessment Software  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: DragonSoft Vulnerability Database
Type: Online Vulnerabilities and Exposures Database  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
e-Project s.r.l.

Web Site:

Quote/Declaration: e-Project believes that those wishing to contribute to improving information security should collaborate with the MITRE Corporation to support the CVE standard. e-Project has made its Scan-edge vulnerability assessment and remediation service CVE-compatible so our customers will have the best information available. We will contribute to this effort in every way possible and continue to support CVE on an ongoing basis.

Name: Scan-edge
Type: Vulnerability Assessment and Remediation Service    
CVE Output: Yes
CVE Searchable: Yes
 
Easy Solutions, Inc.

Web Site:

Quote/Declaration: As a leader and innovation in the security industry, Easy Solutions, Inc. is pleased to announce compatibility with the CVE Initiative

— Ricardo E. Villadiego, Regional Director, Americas, Easy Solutions, Inc.
Name: Detect Vulnerability Scanning Service - External
Type: Vulnerability Scanning and Assessment Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Detect Vulnerability Scanning Service - External/Internal
Type: Vulnerability Scanning and Assessment Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Edgeos, Inc.

Web Site:

Quote/Declaration: Edgeos' services fully support and implement CVE.

Name: Edgeos Security Services Platform
Type: Network Security Analysis Service    
CVE Output: Yes
CVE Searchable: Yes
 
Emaze Networks S.p.A.

Web Site:

Quote/Declaration: Emaze, which offers proactive security solutions to help large organizations handle security risks as well as to fulfill compliance and conformity requirements, is pleased to support the CVE initiative.

— Rodolfo G. Rosini, CEO
Name: ipLegion - Informed Security Management (ISM) Product Suite
Type: Vulnerability Assessment and Management Platform    
CVE Output: Yes
CVE Searchable: Yes
 
EMC Corporation and RSA (The Security Division of EMC)

Web Site:

Quote/Declaration: RSA Archer eGRC Solutions are knowledge management system for the collection, management and distribution of critical security content such as vulnerabilities, technical baselines, control standards and information security policies as they relate to specific risk that IT assets face within the enterprise. The RSA Archer eGRC Solutions suite strongly supports the CVE standard, which greatly assists in our integration with other security products and vendors. The CVE mapping enables our clients to intelligently analyze, cross reference and search vulnerabilities that affect their organization.

Name: RSA Archer GRC
Type: Threat Management  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Feb 25, 2014
esCERT-UPC: The UPC University Computer Emergency Response Team

Web Site:

Quote/Declaration: At esCERT, we have adapted all our procedures and services to CVE notation since we consider that it is the best way to handle and distribute vulnerability information in a complete and reliable way.

Name: ALTAIR
Type: Vulnerability Database and Vulnerability Alerts    
CVE Output: Yes
CVE Searchable: Yes
 
EventTracker

Web Site:

Quote/Declaration: Use of a standard such as CVE enables security experts and IT managers to cross-correlate information and references about different threats reported by disparate security products and solutions - a necessity to understand the real impact of vulnerabilities and attacks.

Name: EventTracker Enterprise
Type: Change and Vulnerability Assessment Tool    
CVE Output: Planned
CVE Searchable: Planned
  Last Updated: Feb 25, 2014
Extreme Networks

Web Site:

Quote/Declaration: Many of our IDS signatures already have CVE tags. Our vulnerability signatures will also have CVE tags. Our IPS uses these tags to link users directly to the CVE Web site which allows them to get concise and updated vulnerability information.

— Ron Gula, Vice President of Intrusion Detection Systems
Name: Intrusion Prevention System
Type: Packet Based Intrusion Detection System    
CVE Output: Yes
CVE Searchable: Planned
  Last Updated: Feb 25, 2014
Fortinet, Inc. Date Declared: April 5, 2011

Web Site:

Quote/Declaration: Fortinet has been an established security vendor for some time, and regularly discovers third-party security vulnerabilities for which we request CVE Identifiers from MITRE. We also monitor the security space, develop IPS signatures, and map/reference the CVEs for all of these in our advisories and encyclopedia.

Name: FortiGuard
Type: Vulnerability Compliance Management Service and Security Advisories Archive  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
FuJian RongJi Software Company, Ltd

Web Site:

Quote/Declaration: FuJian RongJi Software Company, Ltd., in association with the Institute of High Energy Physics, the Chinese Academy of Sciences, has developed the RJ-iTop Network Vulnerability Scanner System, which provides CVE Output and is CVE Searchable. In addition, its database is fully searchable by keyword or CVE name. We have made our product compatible with CVE so that administrators can easily differentiate which is the best product for them among the different security products.

— C. Shanmao Lin, RongJi Enterprise
Name: RJ-iTop Network Vulnerability Scanner System
Type: Vulnerability Assessment Tool  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
GamaSec Ltd.

Web Site:

Quote/Declaration: Gamasec's GamaScan Web application Scanner is an automated security service that searches for software vulnerabilities within Web applications and validates any potential security breaches and risks against a continually updated service database. By incorporating CVE Identifiers into GamaScan, we are providing our customers with the ability to enhance their vulnerability handling processes and further leverage their vulnerability scanners to verify that updates and fixes have been applied.

Name: GamaScan
Type: Web Site Vulnerability-Assessment Service    
CVE Output: Yes
CVE Searchable: Yes
 
Gentoo Foundation

Web Site:

Quote/Declaration: The Gentoo Linux Security Project actively supports the CVE Initiative by referencing corresponding CVE entries in all of our security advisories where appropriate.

Name: Gentoo Linux Security Advisories
Type: Security Advisories    
CVE Output: Yes
CVE Searchable: Planned
 
GFI Software Ltd.

Web Site:

Quote/Declaration: GFI recognizes the importance of standards in a field which is encountering even bigger challenges, variation of attacks and abuses of IT systems. While searching for a standard which will allow us to adhere to as well as encourage our customers to refer to vulnerabilities in a particular format, we found a perfect synergy between our technology and CVE. We believe that such integration will provide a common ground for our customers and security administrators out there to share and unify experiences against these ever increasing threats.

Name: GFI LANguard Network Security Scanner
Type: Network Vulnerability Assessment & Remediation Product  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Globant

Web Site:

Quote/Declaration: Globant is pleased to support MITRE's initiative of standardizing vulnerability identification in our managed security services. The adoption of MITRE's CVE standard benefits users, community and vendors by providing a consistent and single way of identifying vulnerabilities across different products.

Name: ATTAKA
Type: On Demand Vulnerability Management and Assessment Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Grupo S21sec Gestion S.A. (S21sec)

Web Site:

Name: Vulnera
Type: Daily Vulnerability Mail Service Based on a Daily Updated Database    
CVE Output: Yes
CVE Searchable: Yes
 
H3C Technologies Co., Limited

Web Site:

Quote/Declaration: H3C Technologies Co., Limited has made our IPS product compatible with CVE for the benefit of our customers and to support industry standards.

Name: SecBlade IPS
Type: Intrusion Prevention System As A Network Switch Module  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: SecPath T Series IPS
Type: Intrusion Prevention System  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Hangzhou DPtech Technologies Co., Ltd. Date Declared: March 23, 2011

Web Site:

Quote/Declaration: Hangzhou DPtech Technologies Co., Ltd. is pleased to support MITRE on the CVE effort to standardize vulnerability identification not only for the security industry, but for our customers. DPtech IPS2000, our network-based intrusion prevention system, and DPtech Scanner1000, our network and application vulnerability assessment scanner, have incorporated CVE names to provide the most valuable information for our customers.

Name: DPtech IPS2000
Type: Network and Application Vulnerability Assessment  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: DPtech Scanner1000
Type: Vulnerability Scanner System  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
High-Tech Bridge SA Date Declared: June 19, 2012

Web Site:

Quote/Declaration: At High-Tech Bridge we strongly believe that CVE information security standard makes security measurable and universal, from which customers, vendors and security researchers benefit. We are grateful to the efforts of MITRE Corporation for continuous CVE standard development and support.

Name: High-Tech Bridge Security Advisories
Type: Security Advisories  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: ImmuniWeb
Type: SaaS Web Application Vulnerability Assessment Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Jun 11, 2013
Hillstone Networks Date Declared: January 13, 2014

Web Site:

Name: Hillstone Networks Intrusion Protection System
Type: Intrusion Protection System    
CVE Coverage: Yes
CVE Output: Yes
CVE Searchable: Yes
  Last Updated: Jan 14, 2014
HP

Web Site:

Quote/Declaration: By integrating CVE into our security assessment and management products we enable our customers to promptly and effectively track and respond to security vulnerabilities.

Name: HP EnterpriseView
Type: Risk Management    
CVE Documentation: Yes
CVE Output: Yes
CVE Searchable: Yes
Name: HP Live Network Service
Type: Internet Community Portal and Subscription Service    
CVE Output: Yes
CVE Searchable: Yes
Name: HP Network Automation Software
Type: Data Center Automation    
CVE Output: Yes
CVE Searchable: Yes
Name: HP Server Automation Software
Type: Data Center Automation    
CVE Output: Yes
CVE Searchable: Yes
Name: HP WebInspect Software
Type: Web Assessment    
CVE Output: Yes
CVE Searchable: Yes
Name: TippingPoint Next Generation Intrusion Prevention System (NGIPS)
Type: Network-Based Intrusion Prevention System  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Feb 25, 2014
HP - Arcsight ESM

Web Site:

Quote/Declaration: As a pioneer and leading provider of security management solutions for the enterprise ArcSight actively promotes and supports open systems standards such as CVE. ArcSight uses cross-device correlation to detect sophisticated multi-source, multi-target attacks while keying into the correct policies and procedures for response via the CVE names. It enables security experts and IT managers to cross-correlate information and references about different threats reported by disparate security products and solutions — a necessity to understand the real impact of vulnerabilities and attacks.

Name: Arcsight ESM Event Security Manager
Type: Real-Time Security Awareness/Incident Response  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Feb 25, 2014
Huawei Technologies Co., Ltd. Date Declared: July 11, 2012

Web Site:

Quote/Declaration: CVE compliance as a high priority requirement throughout Huawei security product/service development process helps our customers to easily get broader vulnerability/exploit information.

Name: Huawei Network Intelligent Protection System (NIP)
Type: Intrusion Prevention System (IPS)  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Huawei Network Intrustion Detection System (NIP D)
Type: Intrusion Detection System (IDS)  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: December 17, 2012
IBM

Web Site:

Quote/Declaration: IBM actively promotes, supports, and contributes to the emerging open systems standards such as CVE that enable technology management software in the IBM Security portfolio of intrusion detection, vulnerability assessment, end point management, and security management components to inter-operate and share management information. We know that open system standards are a critical step in this direction. We support CVE as the first and the most complete naming convention for vulnerability mapping in the industry and we are committed to using CVE within our product in a tightly integrated fashion.

Name: IBM Endpoint Manager
Type: Vulnerability and Security Configuration Management Suite    
CVE Output: Yes
CVE Searchable: Yes
Name: IBM QRadar Vulnerability Manager
Type: Vulnerability Management    
CVE Output: Yes
CVE Searchable: Yes
Name: IBM Tivoli Risk Manager
Type: Enterprise Risk Management Tool    
CVE Output: Yes
CVE Searchable: Yes
Name: IBM Tivoli Security Operations Manager
Type: Enterprise Security Event Management/Security Information Management    
CVE Output: Yes
CVE Searchable: Yes
Name: Rational AppScan
Type: Application Security Assessment Tool  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Feb 25, 2014
IBM Internet Security Systems

Web Site:

Quote/Declaration: The CVE naming standard developed by MITRE represents a significant leap forward for the information security industry and end user community. As a technology pioneer and leading provider of security management software and services, IBM Internet Security Systems is pleased to be a part of this important initiative as we move toward a standard that is crucial to the effective protection of every organization's critical digital assets.

— Christopher Klaus, Founder and Chief Technology Officer
Name: Internet Scanner
Type: Vulnerability Assessment Tool  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Proventia Enterprise Scanner
Type: Vulnerability Management Assessment System  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Proventia Management SiteProtector
Type: Security Management Platform  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: RealSecure Network 10/100
Type: Network-Based IDS/IPS  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: RealSecure Network Gigabit
Type: Network-Based IDS/IPS  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: RealSecure Server Sensor
Type: Host-Based IDS/IPS  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: X-Force Alerts and Advisories
Type: Alerts & Advisories Archive  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: X-Force Database
Type: Vulnerability Database  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Information Risk Management Plc

Web Site:

Quote/Declaration: IRM ensures that clients acquire and maintain the core elements of information security by providing product-independent, expert, and impartial consulting services to organisations wishing to examine and improve the security of their information assets. It is essential that open and standardised vulnerability descriptions and metrics integrate into IRM's methodology and output so that clients may be assured of a common reference to findings and recommendations. CVE provides such a mechanism and is vital in providing meaningful security threat results.

Name: Security Risk Assessment
Type: Security Risk Assessment Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Information-technology Promotion Agency, Japan (IPA)

Web Site:

Quote/Declaration: IPA is proud to incorporate CVE in our product line. Our main product, JVN iPedia is a vulnerability database that stores summary and countermeasure information on domestic and overseas software products used in Japan. JVN iPedia is equipped with search functions (Keyword, Product, CVSS, CVE, etc.) and RSS feeds, which provides the accumulated data in a comprehensive manner.

Name: Filtered Vulnerability Countermeasure Information Tool (MyJVN)
Type: Filtered Warnings Application  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Vulnerability Countermeasure Information Database (JVN iPedia)
Type: Online Vulnerability Database  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Mar 3, 2014
Integrigy Corporation

Web Site:

Quote/Declaration: CVE compatibility is an important feature of AppSentry that provides a standardized cross-reference of included vulnerabilities. Inclusion of CVE names in policies and reports allows AppSentry users to quickly and accurately locate critical vulnerability information and to correlate findings with other security tools.

Name: AppSentry
Type: Vulnerability Assessment Tool    
CVE Output: Yes
CVE Searchable: Yes
 
iPolicy Networks (Security Product Division Of Tech Mahindra Ltd.)

Web Site:

Quote/Declaration: iPolicy Networks delivers an advanced and comprehensive network security solution for protecting enterprise, carrier and service-provider networks. The intrusion detection and prevention function in the iPolicy Intrusion Prevention Firewalls analyzes network traffics for known vulnerabilities and malware signatures. We strongly support CVE compatibility in our products. It not only ensure for us that we cover entire spectrum of vulnerabilities, it also gives opportunity to our customers to cross reference and verify the effectiveness of the solution provided to them by our products.

Name: iPolicy Intrusion Prevention Firewall
Type: Network Security Product    
CVE Output: Yes
CVE Searchable: Yes
Name: iPolicy Security Manager
Type: Network Security Product    
CVE Output: Yes
CVE Searchable: Yes
 
Japan Computer Emergency Response Team Coordination Center (JPCERT/CC) and Information-technology Promotion Agency, Japan (IPA)

Web Site:

Quote/Declaration: Under the Information Security Early Warning Partnership in Japan, IPA receives private vulnerability reports and JPCERT/CC coordinates with developers to prepare patches or remedies. JVN provides infomation such as solution, vulnerability analysis by JPCERT/CC, and vender notes. JVN contains CVE information as well as vulnerability attribute information.

Name: Japan Vulnerability Notes (JVN)
Type: Vulnerability Information Portal Site  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Juniper Networks, Inc.

Web Site:

Quote/Declaration: As an advocate of initiatives that improve customers' understanding of network security, Juniper believes the CVE standardized list of vulnerabilities and exposures is a significant step towards eradicating the confusion caused by disparate security information. Juniper has incorporated CVE into its intrusion detection and prevention system to help customers understand incidents so that they can quickly respond and effectively protect their networks.

Name: Intrusion Detection and Prevention (IDP)
Type: Intrusion Detection and Protection System    
CVE Output: Yes
CVE Searchable: Yes
Name: Juniper Networks ISG Series with IDP
Type: Intrusion Detection and Protection System    
CVE Output: Yes
CVE Searchable: Yes
 
Kingnet Security, Inc.

Web Site:

Quote/Declaration: Kingnet Security plays a leading role in network security industry in China. We want our KIDS intrusion detection system to be compatible to the CVE standard so as to bring as much value to our customers as possible.

Name: Kingnet Intrusion Detection System (KIDS)
Type: Intrusion Detection System  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
LANDesk Software Inc.

Web Site:

Quote/Declaration: LANDesk Security and Patch manager supports the CVE naming standard, it's a simple and practical way to ensure that a vulnerability definition means the same thing to different people.

Name: LANDesk Patch Manager
Type: Patch Management System  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: LANDesk Security Suite
Type: Active Endpoint Security Management  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Oct 4, 2013
Legendsec Technology Co. Ltd

Web Site:

Quote/Declaration: For the benefit of our customers, we believe it is important to be fully compatible with the international CVE standard.

Name: Legendsec SecIDS 3600 Intrusion Detection System
Type: Intrusion Detection System  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Legendsec SecIPS 3600 Intrusion Prevention System
Type: Intrusion Prevention System  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
LEXSI

Web Site:

Quote/Declaration: The CSI service of laboratory LEXSI gathers applications and services offering a coherent and complete IT security watch solution to its subscribers. At the core of the CSI, ten experts supervise new security failures, carry out integrity tests, provide manual avoidance solutions, reference and enrich the Vulnerabilities Database. Compatibility between referred vulnerabilities and CVE dictionary provides to our subscribers and partners full interworking of our watch system with all third party products and services.

Le service CSI du laboratoire LEXSI regroupe un ensemble d'applications et de services à même d'offrir à ses abonnés une solution cohérente et complète de veille en sécurité informatique. Au coeur du CSI, une dizaine d'experts surveille l'apparition de failles de sécurité, effectue des tests d'intégrité, élabore des solutions de contournement, référence et enrichit la Base de Vulnérabilités. La compatibilité entre les vulnérabilités référencées et le dictionnaire CVE offre à nos abonnés et partenaires l'interopérabilité totale de notre système de veille avec l'ensemble des services et produits tiers.

Name: CSI
Type: Vulnerability Database and Notification Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Lumension Security, Inc.

Web Site:

Quote/Declaration: Lumension Security (formerly PatchLink Corporation) is in the vulnerability management business and as such fully recognizes the value of using CVE names. All of our patches have CVE codes in them.

Name: PatchLink Scan
Type: Assessment Tool  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: PatchLink Update
Type: Enterprise-Wide Patch Management and Vulnerability Remediation    
CVE Output: Yes
CVE Searchable: Yes
 
Mandriva

Web Site:

Quote/Declaration: Mandriva recognizes the importance of a vendor-neutral list of vulnerabilities that can be cross-referenced by anyone; this is especially important in the growing number of mixed networks, and allows individuals to cross-reference vulnerabilities with ease. All Mandriva advisories will now contain CVE names to provide this service to our users.

Name: Mandriva Advisories
Type: Linux Operating System Security Advisory Web Site    
CVE Output: Yes
CVE Searchable: Yes
 
McAfee, Inc.

Web Site:

Quote/Declaration: Because of today's ever changing threats, and vulnerability data a consent must be had to properly identify each. In the malicious code area these naming conventions exist and are very beneficial. The MITRE CVE program provides a naming standard that can be relied on when there is confusion or no standards agreed upon providing a method by which system administrators and other users can search the Internet to get the information on the same vulnerability via various sources.

— Carl Banzhof - Vice President and Chief Technology Evangelist, McAfee
Name: McAfee Foundstone Appliances
Type: Vulnerability Assessment Appliance  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: McAfee Foundstone Practice
Type: Managed Security Assessment Service    
CVE Output: Yes
CVE Searchable: Yes
Name: McAfee Host Intrusion Prevention for Desktops
Type: Desktop-level Host Protection    
CVE Output: Yes
CVE Searchable: Planned
Name: McAfee Host Intrusion Prevention for Servers
Type: Server-level Host Protection System    
CVE Output: Yes
CVE Searchable: Planned
Name: McAfee Network Security Manager
Type: Network-Based Intrusion Detection System    
CVE Output: Yes
CVE Searchable: Yes
Name: McAfee Network Security Platform
Type: Network-Based Intrusion Detection System    
CVE Output: Yes
CVE Searchable: Yes
Name: McAfee Policy Auditor
Type: Automated Vulnerability Remediation  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: McAfee Remediation Manager
Type: Automated Vulnerability Remediation    
CVE Output: Yes
CVE Searchable: Yes
Name: McAfee Risk and Compliance Manager
Type: Automated Audit and Policy Assurance System    
CVE Output: Yes
CVE Searchable: Yes
Name: McAfee Secure
Type: Security Auditing and Certification    
CVE Output: Yes
CVE Searchable: Yes
Name: McAfee Total Protection for Endpoint
Type: Enterprise-Level Host Protection System    
CVE Output: Yes
CVE Searchable: Planned
Name: McAfee Vulnerability Manager
Type: Vulnerability Management and Risk Mitigation    
CVE Output: Yes
CVE Searchable: Yes
  Last Updated: Aug 7, 2013
MITRE Corporation

Web Site:

Quote/Declaration: OVAL provides a common language for security experts to discuss the technical details of how to check for the presence of vulnerabilities and configuration issues on local systems. The results of the discussions are collaboratively developed XML vulnerability, patch, and compliance definitions that are based on a common OVAL Schema and perform the checks. CVE names are used as the basis for all OVAL vulnerability definitions currently collected on the OVAL Web site. For each CVE name, there are one or more OVAL vulnerability definitions that measure the presence of that vulnerability on an end system. OVAL vulnerability definitions on the OVAL Web site can be searched by CVE name, and vulnerability definitions called up for review include CVE names.

— Pete Tasker, Executive Director, Security and Info Operations Division
Name: Open Vulnerability and Assessment Language (OVAL) Web site
Type: Standard for Describing Vulnerability and Configuration Criteria  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
N-Stalker, Inc.

Web Site:

Quote/Declaration: N-Stalker, Inc. is pleased to support MITRE on the CVE Initiative to standardize vulnerability identification. It's a simple and practical way to ensure that a vulnerability definition means the same thing to different people.

Name: N-Stalker Enterprise Edition
Type: Vulnerability Assessment Tool    
CVE Output: Yes
CVE Searchable: Planned
Name: N-Stalker Infrastructure Edition
Type: Vulnerability Assessment Tool    
CVE Output: Yes
CVE Searchable: Planned
Name: N-Stalker QA Edition
Type: Vulnerability Assessment Tool    
CVE Output: Yes
CVE Searchable: Planned
 
National Institute of Standards and Technology

Web Site:

Quote/Declaration: The National Vulnerability Database contains all CVE information as well as vulnerability attribute information (e.g. vulnerable version numbers), direct access to U.S. government vulnerability resources, and annotated links to industry resources. The underlying data in the database is provided license free via an XML feed.

Name: National Vulnerability Database (NVD)
Type: Online Vulnerability Database  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
NetClarity

Web Site:

Quote/Declaration: NetClarity is a strong proponent of the CVE dictionary. The Auditor family of appliances automatically audit networks and reports those vulnerabilities discovered by our patent-pending vulnerability assessment engine. With CVE-specific information and remediation instructions, we enable our customers to better manage their risks, comply with regulations, and protect their assets.

— Gary S. Miliefsky, CTO, CISSP, NetClarity, Inc.
Name: NetClarity Analyst and Update Service
Type: Vulnerability Assessment Appliance and Update Service For Small Mobile Networks  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: NetClarity Auditor 128 and Update Service
Type: Vulnerability Assessment Appliance and Update Service For Small Mobile Networks  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: NetClarity Auditor Enterprise and Update Service
Type: Vulnerability Assessment Appliance and Update Service For Large Networks  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: NetClarity Auditor XL and Update Service
Type: Vulnerability Assessment Appliance and Update Service For Small to Medium Enterprises  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Netcraft Ltd.

Web Site:

Quote/Declaration: Netcraft is pleased to be able to offer mappings between its vulnerability scanner and the CVE dictionary. We see CVE as an important security administration tool, linking our services to a wider variety of other security devices, services and sources of security information.

Name: Audited by Netcraft
Type: Managed Vulnerability Scanning Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
NetentSec, Inc. Date Declared: February 5, 2013

Web Site:

Quote/Declaration: NetentSec is a network security company in Beijing of China. We assure that NetentSec Next Generation Firewall is fully compatible with CVE standards.

Name: Next Generation Firewall (NGFW)
Type: Firewall  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Dec 3, 2013
NetIQ Corporation

Web Site:

Quote/Declaration: NetIQ sees great value in providing CVE compatibility in our NetIQ Vulnerability Manager product. Industry standards such as CVE make it easier for customers to make sense of the constant barrage of security issues, bugs, and vulnerabilities.

Name: NetIQ Vulnerability Manager
Type: Vulnerability Assessment Tool    
CVE Output: Yes
CVE Searchable: Yes
 
NETpeas, SA Date Declared: January 19, 2012

Web Site:

Quote/Declaration: COREvidence initiates, correlates, and aggregates different results from multi-engines and APIs vulnerability and malware scanners providing dashboards and deliverable with relevant CVE information combined with other open standards. This helps our customers to better understand their findings.

Name: COREvidence
Type: Cloud-Based, Multi-Engines Vulnerability Management Service    
CVE Output: Yes
CVE Searchable: Planned
 
netVigilance, Inc.

Web Site:

Quote/Declaration: The SecureScout line of vulnerability assessment solutions, fully supports CVE references; our speed and ease of use enable users to more efficiently verify CVE coverage.

Name: SecureScout EagleBox
Type: Network Scanning Appliance-Based Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: SecureScout NX
Type: Single User Network-Based Vulnerability Assessment Tool  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: SecureScout Perimeter
Type: Web-Based, Internet-Side Vulnerability Assessment Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: SecureScout SP
Type: Enterprise Network-Based Vulnerability Assessment Tool  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Network Box Corporation Ltd.

Web Site:

Quote/Declaration: Network Box Corporation provides integrated security appliances and a managed security service for our clients. We have standardized on using the CVE system for all our vulnerability announcements, and product output. We are in the process of extending our product to report detected intrusions in CVE format and provide a searchable database.

— Mark Webb-Johnson, Technical Director, Network Box Corporation
Name: Network Box Internet Threat Protection Device
Type: Network Intrusion Detection    
CVE Output: Yes
CVE Searchable: Planned
Name: Network Box Web Site
Type: Vulnerability Database, Security Advisories and Archives    
CVE Output: Yes
CVE Searchable: Planned
 
Neusoft Corporation Date Declared: January 25, 2011

Web Site:

Name: NISG-IPS
Type: Intrusion Prevention Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
NGSSecure, a Division of NCC Group UK PLC Date Declared: February 6, 2012

Web Site:

Quote/Declaration: Since its inception in 2001, NGSSoftware has always made great strides to ensure its software is compatible with the CVE initiative.

Name: NGS Auditor
Type: Enterprise Class Vulnerability Management Software Product    
CVE Output: Yes
CVE Searchable: Yes
Name: NGS DominoScan II
Type: Standalone Vulnerability Assessment Software Product    
CVE Output: Yes
CVE Searchable: Yes
Name: NGS OraScan
Type: Standalone Vulnerability Assessment Software Product    
CVE Output: Yes
CVE Searchable: Yes
Name: NGS SQuirreL for DB2
Type: Standalone Vulnerability Assessment Software Product    
CVE Output: Yes
CVE Searchable: Yes
Name: NGS SQuirreL for Informix
Type: Standalone Vulnerability Assessment Software Product    
CVE Output: Yes
CVE Searchable: Yes
Name: NGS SQuirreL for MySQL
Type: Standalone Vulnerability Assessment Software Product    
CVE Output: Yes
CVE Searchable: Yes
Name: NGS SQuirreL for Oracle
Type: Standalone Vulnerability Assessment Software Product  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: NGS SQuirreL for SQL Server
Type: Standalone Vulnerability Assessment Software Product    
CVE Output: Yes
CVE Searchable: Yes
Name: NGS SQuirreL for Sybase ASE
Type: Standalone Vulnerability Assessment Software Product    
CVE Output: Yes
CVE Searchable: Yes
Name: NGS Typhon III
Type: Standalone Vulnerability Assessment Software Product    
CVE Output: Yes
CVE Searchable: Yes
  Last Updated: November 28, 2012
NII Consulting

Web Site:

Quote/Declaration: NII strongly believes in adding value to its AuditPro suite of security auditing products. The reports produced by AuditPro and its vulnerability database are now CVE-compatible. This standardization of vulnerabilities will help users locate, understand and fix the vulnerabilities in the easiest and fastest way.

Name: AuditPro for SQL Server
Type: Vulnerability Assessment Tool    
CVE Output: Yes
CVE Searchable: Yes
 
NileSOFT Ltd.

Web Site:

Quote/Declaration: NileSOFT is proud to incorporate CVE in our product line. Our main products, Secuguard SSE (Host based Vulnerability Assessment Tool), Secuguard NSE (Network based Vulnerability Assessment Tool), mySSE for Web (Online PC Vulnerability Assessment Service), and LogCOPS (Enterprise Log Analysis and Management System) will continue to maintain the latest version of CVE.

Name: LogCOPS (Enterprise Log Analysis and Management System)
Type: Enterprise Log Analysis and Management System    
CVE Output: Yes
CVE Searchable: Yes
Name: Secuguard NSE (Network Security Explorer)
Type: Network based Vulnerability Assessment Tool  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Secuguard SSE (System Security Explorer)
Type: Host based Vulnerability Assessment Tool  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: mySSE for Web (Online PC Vulnerability Assessment Service)
Type: Online PC Vulnerability Assessment Service    
CVE Output: Yes
CVE Searchable: Yes
  Last Updated: Feb 25, 2014
Novell, Inc. Date Declared: July 5, 2010

Web Site:

Quote/Declaration: We have found using CVE instrumental both for tracking our security incidents for completeness by using the database, and also for talking about incidents with our customers in a clear way.

— Marcus Meissner, Engineering Lead SUSE Security Team
Name: Published Novell/SUSE Linux Security Updates by CVE Number
Type: Vulnerability/Security Advisory Database    
CVE Output: Yes
CVE Searchable: Yes
 
NSFocus Information Technology (Beijing) Co., Ltd.

Web Site:

Quote/Declaration: CVE has made significant efforts to standardize the names for vulnerabilities, eliminate the potential gap in security coverage and provide easier interoperability among different security products. NSFocus strives to deliver customers the enhanced security by series of products with full support for the CVE standard.

Name: AURORA RSAS
Type: Vulnerability Assessment Tool  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: ICEYE NIDS
Type: Intrusion Detection System  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: ICEYE SCM (Security Content Management System)
Type: Security Content Management System    
CVE Output: Yes
CVE Searchable: Yes
Name: ICEYE WAF (Web Application Firewall)
Type: Firewall, IDS and Integrated Antivirus    
CVE Output: Yes
CVE Searchable: Yes
Name: NSFOCUS Network Intrusion Prevention System (NIPS)
Type: Network-Based Intrusion Prevention System  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: NSFOCUS Next-Generation Firewall (NF)
Type: Next Generation Firewall  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: NSFOCUS Security Gateway (SG)
Type: Firewall, IDS and Integrated Antivirus  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Mar 11, 2014
Offensive Security Date Declared: November 16, 2010

Web Site:

Name: Exploit Database
Type: Searchable Website  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Open Source Vulnerability Database (OSVDB)

Web Site:

Quote/Declaration: The OSVDB will contain full mapping to CVE entries in order to promote correlation, correction and discussion between the OSVDB project, CVE and multiple third-party security products.

Name: Open Source Vulnerability Database (OSVDB)
Type: Vulnerability Database    
CVE Output: Yes
CVE Searchable: Yes
 
Opzoon Technology Co., Ltd. Date Declared: December 11, 2012

Web Site:

Name: Application Firewall
Type: Commercial Application Firewall    
CVE Output: Yes
CVE Searchable: Yes
Name: Data Center Firewall
Type: Commercial Firewall    
CVE Output: Yes
CVE Searchable: Yes
Name: Security Gateway
Type: Commercial Security Gateway    
CVE Output: Yes
CVE Searchable: Yes
  Last Updated: December 11, 2012
Outpost24

Web Site:

Name: HIAB
Type: Plug-and-play appliance for Internal Vulnerability Assessment    
CVE Output: Yes
CVE Searchable: Yes
Name: OUTSCAN
Type: On-demand service for Perimeter Vulnerability Assessment    
CVE Output: Yes
CVE Searchable: Yes
 
Packet Storm Date Declared: October 20, 2011

Web Site:

Quote/Declaration: Packet Storm Security, the Internet's largest free security web site housing tools, exploits, advisories, papers, and more, includes CVE names.

Name: Packet Storm Security Web Site
Type: Vulnerability, Tool, and Whitepaper Database  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
PatchAdvisor, Inc.

Web Site:

Quote/Declaration: The CVE tracking standard represents a recognized means by which the multitude of vulnerabilities within PatchAdvisor's database can be easily cross-referenced and standardized. We look forward to becoming fully CVE-compatible, adding yet another layer of intelligence to PatchAdvisor's product offerings.

Name: PatchAdvisor Alert!
Type: Patch Management Vulnerability Notification Service and Database  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: PatchAdvisor Enterprise
Type: Patch Management    
CVE Output: Yes
CVE Searchable: Yes
Name: PatchAdvisor Flash!
Type: Patch Management Vulnerability Notification Service for Small Businesses    
CVE Output: Yes
CVE Searchable: No
Name: PatchAdvisor Source
Type: Historical and Current Patch Management Vulnerability Notification Service in XML Format    
CVE Output: Yes
CVE Searchable: No
 
Positive Technologies CJSC Date Declared: September 30, 2010

Web Site:

Name: MaxPatrol
Type: Vulnerabilities and Compliance Management System  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Apr 3, 2014
Privacyware

Web Site:

Quote/Declaration: Privacyware's products resolve many of the acute security problems within Microsoft Windows software which has been achieved by working closely with research groups to contribute and exchange information obtained through experience. MITRE's CVE Compatibility Program represents an important core group for industry wide security information and with CVE Compatibility, Privacyware will continue to build and maintain important security measures that are extensible with most IT security strategies.

— Ben Campbell, Privacyware
Name: ThreatSentry
Type: Host-based Intrusion Prevention for Microsoft Web Servers    
CVE Output: Yes
CVE Searchable: Planned
 
Protegrity Corporation

Web Site:

Quote/Declaration: As a leading provider of application-layer security solutions, Protegrity is proud to support the CVE standard. Protegrity will continue to advance the CVE Initiative and contribute toward the consolidation of the security community.

Name: Defiance Threat Management System
Type: Web Application Firewall    
CVE Output: Yes
CVE Searchable: Yes
 
Proximis Date Declared: March 24, 2014

Web Site:

Name: Apache CouchDB JSON Database
Type: JSON Database System    
CVE Output: Yes
CVE Searchable: Yes
  Last Updated: Apr 3, 2014
Qualys

Web Site:

Quote/Declaration: Qualys is pleased to support MITRE's CVE Initiative of standardizing vulnerability identification and has incorporated the CVE naming scheme into its QualysGuard Web Services Architecture.

— Wolfgang Kandek, CTO & Vice President of Engineering
Name: QualysGuard Consultant
Type: Network and Application Vulnerability Assessment Platform  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: QualysGuard Enterprise and Express Suite
Type: Network and Application Vulnerability Assessment Platform For Large Distributed Organizations    
CVE Output: Yes
CVE Searchable: Yes
Name: QualysGuard Express
Type: Network and Application Vulnerability Assessment Platform  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: QualysGuard MSP
Type: Network and Application Vulnerability Assessment Platform  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: QualysGuard PCI Compliance (Enterprise and Express Editions)
Type: Network and Application Vulnerability Assessment Platform For Large Distributed Organizations    
CVE Output: Yes
CVE Searchable: Yes
Name: QualysGuard SANS/FBI Top 20 Vulnerabilities Scanner
Type: Free Vulnerability Assessment Service    
CVE Output: Yes
CVE Searchable: Yes
Name: QualysGuard Vulnerability Management
Type: Network and Application Vulnerability Assessment Platform  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Radware Ltd. Date Declared: December 30, 2010

Web Site:

Quote/Declaration: Radware is pleased to participate in CVE Initiative with its DefensePro, intrusion prevention and attack mitigation product.

Name: DefensePro
Type: Network Intrusion Prevention and Attack Mitigation System    
CVE Output: Planned
CVE Searchable: Planned
 
Rapid7 LLC

Web Site:

Quote/Declaration: As a leader in both vulnerability management and penetration testing, Rapid7 appreciates MITRE's efforts to provide unique CVE Identifiers across both of these areas. This enables our customers to easily reference vulnerabilities and exploits across systems.

Name: Metasploit Express
Type: Vulnerability Management and Penetration Testing  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Metasploit Pro
Type: Vulnerability Management and Penetration Testing  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: NeXpose
Type: Vulnerability Assessment Tool  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Red Hat, Inc.

Web Site:

Quote/Declaration: It is often confusing when the same security issues get fixed by different vendors in different ways with different names and descriptions. We see the CVE Initiative as the way to solve this problem, giving the community accurate information on which they can base their security decisions. We are working with MITRE to contribute and validate new entries as well as publish CVE entries in our security advisories.

— Mark Cox, Senior Director of Engineering
Name: Apache Week Web Server
Type: Apache Web Server Vulnerability Database    
CVE Output: Yes
CVE Searchable: Yes
Name: Red Hat Security Advisories
Type: Advisory Capability  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: October 24, 2012
RedSeal Systems, Inc. Date Declared: April 2, 2010

Web Site:

Quote/Declaration: RedSeal Vulnerability Advisor transforms vulnerability scanning into actionable risk management through correlation of multiple scanning results from a variety of vulnerability assessment scanners through their reported CVEs, combined with the configuration information from all the network devices - firewalls, routers, load balancers, wireless access points, to identify the specific vulnerabilities that cause the greatest business risk.

Name: RedSeal Vulnerability Advisor
Type: Near Real-Time Risk Management    
CVE Output: Yes
CVE Searchable: Yes
 
Rsam Date Declared: February 7, 2011

Web Site:

Quote/Declaration: Rsam's Enterprise GRC platform has integrated CVE throughout all vulnerability management and assessment modules. Since 2005, customers have utilized Rsam and CVE to declare, search, and reporting on common vulnerabilities, and to harmonize common vulnerability data across disparate data sources.

Name: Rsam
Type: Enterprise Governance, Risk and Compliance (EGRC) Platform  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
RUS-CERT University of Stuttgart

Web Site:

Quote/Declaration: The announcement service run by RUS-CERT already uses CVE as the reference dictionary for vulnerability identification for a long time.

— Oliver Goebel
Name: Security Announcement Service RUS-CERT
Type: Security Announcement Information Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
SAINT Corporation

Web Site:

Quote/Declaration: SAINT, WebSAINT, and SAINTbox vulnerability reports and tutorials include relevant CVE links, providing the user with easy reference to related information and a basis for determining the extent of each product's capabilities. SAINTmanager vulnerability reports and tutorials include relevant CVE links, providing the user with easy reference to related information and a basis for determining the extent of SAINTmanager's capabilities. SAINT, WebSAINT, and SAINTbox are also CVE searchable with a CVE cross-reference that maps the CVE entries to the SAINT tutorials, while SAINTmanager is CVE searchable with a CVE cross-reference that maps the CVE entries to the corresponding SAINTmanager vulnerability IDs. We will continue to keep all SAINT products updated with the latest CVE numbers as they become available.

Name: SAINTbox
Type: Network Vulnerability Scanning Appliance  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: SAINTmanager
Type: Network Vulnerability Assessment Management Console  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Security Administrator's Integrated Network Tool (SAINT)
Type: Vulnerability Assessment Tool  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: WebSAINT
Type: Web-based Vulnerability Scanning Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Sandvine Incorporated

Web Site:

Quote/Declaration: Because of the ever-increasing number of network traffic attacks and vulnerabilities they exploit, tracking quickly becomes a complex and difficult task across attacks, subsequent variants, and four geographic continents, and all the languages therein. It is the intention of Sandvine to use the CVE naming scheme mechanism not only for commonly identifying the vulnerabilities within our hardware and software but also as a taxonomy to group the network attacks our systems are intended to prevent.

Name: Worm/DoS Traffic Mitigation (W/DTM)
Type: Service Provider Network Attack Traffic Monitoring and Mitigation System    
CVE Output: Planned
CVE Searchable: Planned
 
Sangfor Technologies Co., Ltd. Date Declared: February 6, 2012

Web Site:

Quote/Declaration: Sangfor Technologies Co., Ltd. is a leading network security company in China. We fully support MITRE's CVE standard in our security products, which allows our security research and product development teams to focus on adding value for our customers and enables our customers to easily reference vulnerabilities information.

Name: Next Generation Application Firewall (NGAF)
Type: Next Generation Application Firewall  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
SANS Institute

Web Site:

Quote/Declaration: The SANS GIAC training is CVE-compatible. Student assignments for intrusion detection and hacker exploits reference CVE. In addition, ID'Net is CVE-compatible.

— Steve Northcutt, Director, SANS Global Incident Analysis Center
Name: SANS GIAC Security Training
Type: Educational Material    
CVE Output: Yes
CVE Searchable: Yes
 
scip AG

Web Site:

Quote/Declaration: We are ensuring our users can identify the correct vulnerabilities by using CVEs.

Name: )pallas(
Type: Vulnerability Consulting Service    
CVE Output: Yes
CVE Searchable: Yes
Name: Verletzbarkeits-Datenbank
Type: Free Vulnerability Database    
CVE Output: Yes
CVE Searchable: Yes
 
SECNAP Network Security Corporation

Web Site:

Quote/Declaration: It it our intention, and commitment to support the MITRE CVE efforts in order to assist the user community by providing a standard and consistent way to gather and validate information on security vulnerabilities.

Name: SECNAP Managed Security Services
Type: Managed Network Security Services For Precise Attack Prevention    
CVE Output: Yes
CVE Searchable: Planned
 
SecPod Technologies Date Declared: July 18, 2012

Web Site:

Quote/Declaration: SecPod SCAP Repo is a repository of SCAP content. CVEs are searchable based on all the attributes. The repo supports natural language based search. CVE is referred in all the vulnerability content in the repository.

Name: SecPod SCAP Repo
Type: SCAP Content Repository    
CVE Output: Yes
CVE Searchable: Yes
  Last Updated: Feb 27, 2014
SecPoint ApS

Web Site:

Quote/Declaration: SecPoint's vulnerability assessment, vulnerability scanning solution integrates CVE to allow users the best searchable way for vulnerabilities.

Name: SecPoint Cloud Penetrator
Type: Web Vulnerability Scanner  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: SecPoint Penetrator
Type: Vulnerability Scanner  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: SecPoint Portable Penetrator
Type: Wi-Fi Security Audit Suite  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: SecPoint Protector UTM Firewall
Type: UTM Firewall with Vulnerability Scanning and Vulnerability Assessment  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Aug 13, 2013
SECUI.COM Corporation Date Declared: June 22, 2011

Web Site:

Quote/Declaration: With the increasing number of vulnerabilities in various areas, it is worthwhile to define a common vulnerability naming and enumerating standard such as CVE List. By providing this information to our customers through our product, they can quickly and accurately identify vulnerabilities. Especially, customers can cross-link the information with other CVE-Compatible products and services.

Name: SECUI SCAN
Type: Vulnerability Assessment Tool  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Secunia

Web Site:

Quote/Declaration: Secunia constantly monitors and reviews CVE entries to ensure that these are appropriately and accurately matched with the verified Secunia Vulnerability Intelligence provided in our Advisories, Secunia PSI, Secunia CSI, Secunia OSI, Secunia VIM, and on our Web site.

Name: Secunia CSI (Corporate Software Inspector)
Type: Automated Authenticated Vulnerability Scanner, for Networks    
CVE Output: Yes
CVE Searchable: Yes
Name: Secunia OSI (Online Software Inspector)
Type: Enterprise Tool for Tracking, Mapping, and Managing Vulnerabilities in Corporate Networks    
CVE Output: Yes
CVE Searchable: Yes
Name: Secunia PSI (Personal Software Inspector)
Type: Enterprise Tool for Tracking, Mapping, and Managing Vulnerabilities in Corporate Servers    
CVE Output: Yes
CVE Searchable: Yes
Name: Secunia VIM (Vulnerability Intelligence Manager)
Type: Vulnerability Intelligence, Alerting, Management, and Vulnerability Database  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Secunia Website
Type: Vulnerability Database and Security Advisory Archive  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Sep 30, 2013
SecureInfo Corporation

Web Site:

Quote/Declaration: SecureInfo RMS, award-winning certification and accreditation software, is CVE-compatible. Supporting CVE is an important part of our vision in providing continuous monitoring capabilities in support of FISMA and our customer's information security programs.

— Roberto R. Garcia, V.P. Product Engineering
Name: Risk Management System (RMS)
Type: Compliance Framework Tool  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Security-Database

Web Site:

Quote/Declaration: Security Database uses the publicly known vulnerabilities identified in the CVE List as the basis for most of the queries. All data are relayed in realtime.

Name: Security Database Website
Type: Web site services  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Mar 3, 2014
SecurityReason

Web Site:

Quote/Declaration: To protect our customers from security problems we implemented CVE in our system, because we know that CVE is authoritative and dependable source of information about vulnerabilities and one of the first sites putting information about new vulnerabilities. SecurityReason realizes the importance of common security identifiers in security vulnerability advisories. We are pleased to support the CVE Initiative.

Name: SecurityAlert
Type: Security Advisories, Database, and Archive  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
SecurityTracker

Web Site:

Quote/Declaration: SecurityTracker is proud to integrate support for CVE. The SecurityTracker database of vulnerability alerts now includes CVE numbers.

Name: SecurityTracker
Type: Vulnerability Alerts    
CVE Output: Yes
CVE Searchable: Yes
 
SecurView Inc.

Web Site:

Name: CASPER
Type: Risk Management and Event Monitoring    
CVE Output: Planned
CVE Searchable: Planned
 
Shavlik Technologies, LLC

Web Site:

Quote/Declaration: Shavlik is committed to providing the best information possible to our customers. We include CVE references in our patch database and display this data in our patch management product. We are now formalizing the presentation of this data by declaring CVE compatibility.

Name: MSSecure.XML
Type: Patch Data Repository    
CVE Output: Yes
CVE Searchable: No
Name: Shavlik Technologies HFNetChkPro
Type: Patch Management    
CVE Output: Yes
CVE Searchable: Planned
Name: Shavlik Technologies Website
Type: Patch Data WebSite    
CVE Output: Yes
CVE Searchable: Yes
 
Silicomp-AQL

Web Site:

Quote/Declaration: CVE compatibility ensures that administrators can easily use different security products in order to find additional information they need.

Name: Vigil@nce
Type: Online Vulnerability Database (French)  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
SIMCommander LLC

Web Site:

Quote/Declaration: SIMCommander is a leading developer of solutions to manage, monitor, analyze, report on, and respond to security information for large enterprises, government institutions, and service providers. SIMCommander's solution for enterprises is a software platform that enables any business or organization to visualize and correlate security information in real-time. Enterprises use SIMCommander technology to lower their day-to-day security operational costs and at the same time ensure compliance with regulatory requirements such as Sarbanes-Oxley and ISO-17799.

Name: SIMCommander
Type: Security Information Management    
CVE Output: Yes
CVE Searchable: Yes
Name: SIMCommander Analyzer
Type: Security Information Management    
CVE Output: Yes
CVE Searchable: Yes
 
Skybox Security Inc.

Web Site:

Quote/Declaration: Skybox Security maintains CVE Compatibility because CVE is the standard reference in the industry for vulnerability information and allows correlation of information coming from different security solutions.

Name: Skybox View Enterprise Suite
Type: Network Security Management Software  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Sep 5, 2013
Snort Development Team

Web Site:

Quote/Declaration: CVE provides an excellent mapping between various tools that allows Snort users to quickly and accurately link together information providedby various other security tools and informational databases.

— Brian Caswell and Martin Roesch
Name: Snort
Type: Intrusion Detection System    
CVE Output: Yes
CVE Searchable: Yes
 
SoftRun, Inc.

Web Site:

Quote/Declaration: Softrun is the leading provider of Patch Management System in Korea and serving patch management service to hundreds of local corporations. Softrun is pleased to support CVE and will continue to promote the standardization of vulnerabilities.

Name: Inciter Vulnerability Manager
Type: Vulnerability Assessment Tool  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Software in the Public Interest, Inc.

Web Site:

Quote/Declaration: Debian developers understand the need to provide accurate and up-to-date information of the security status of the Debian distribution, allowing users to manage the risk associated with new security vulnerabilities. CVE enables us to provide standardized references that allow users to develop a CVE-enabled security management process.

Name: Debian Security Advisories
Type: Advisories  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Sourcefire, Inc.

Web Site:

Quote/Declaration: Sourcefire's intelligent security monitoring solutions provide a fully integrated security monitoring infrastructure for identifying and protecting against network threats. Sourcefire is dedicated to providing actionable insight into security threats on a network and is pleased to support open system standards such as MITRE's CVE.

Name: Sourcefire 3D System
Type: Enterprise Threat Management Solution    
CVE Output: Yes
CVE Searchable: Yes
 
Spirenet Communications

Web Site:

Name: ThreatEx
Type: Vulnerability Assessment Appliance and Database    
CVE Output: Yes
CVE Searchable: Yes
 
StillSecure

Web Site:

Quote/Declaration: StillSecure is pleased to offer CVE compatibility in VAM, our vulnerability management system. A common language for tracking security threats is critical to managing the vulnerability lifecycle. StillSecure products are cost-effective and easy-to-use, and we will continue to participate in and leverage industry-wide standards such as CVE.

— Mitchell Ashley, CTO and VP Engineering
Name: StillSecure VAM
Type: Vulnerability Management System    
CVE Output: Yes
CVE Searchable: Yes
 
Stonesoft Corporation

Web Site:

Quote/Declaration: Our customers like to have their vulnerability information in standard format and from a reliable source.

Name: StoneGate IPS
Type: Network Intrusion Protection System    
CVE Output: Yes
CVE Searchable: Yes
 
Syhunt, Inf. Ltd.

Web Site:

Quote/Declaration: CVE enhances our security database and helps Syhunt defend our customers from exposure to vulnerabilities.

Name: Sandcat Pro
Type: Web Application Security Scanner    
CVE Output: Yes
CVE Searchable: Yes
 
Symantec Corporation

Web Site:

Quote/Declaration: Symantec maintains one of the largest vulnerability databases available today. Consisting of over 9000 distinct vulnerability records, we have strived to maintain CVE compliance from the outset of the CVE Initiative.

Symantec fully supports an industry-wide standard for the indexing of vulnerabilities. Our public web sites (SecurityFocus and SecurityResponse), and our commercial alerting services (DeepSight Alert Services) fully conform to the CVE requirements. This allows our customers to search for, and research vulnerabilities and blended threats using this common nomenclature. Symantec's wide range of security products utilize the industry-leading vulnerability database and employ trusted, fast and automated response capabilities to identify threats identified by CVE.

Name: DeepSight Alert Services
Type: Vulnerability Alerting Service and Database  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: SecurityFocus Vulnerability Database
Type: Vulnerability Database  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Symantec Control Compliance Suite
Type: Comprehensive, Policy-Based Security Assessment and Manager    
CVE Output: Planned
CVE Searchable: Planned
Name: Symantec Security Response Web site
Type: Vulnerability Database, Security Advisories and Archives    
CVE Output: Yes
CVE Searchable: Yes
 
TecForte Sdn Bhd

Web Site:

Quote/Declaration: TecForte is an ICT Security company focused on developing enterprise-class security management solutions. Our product provides customizable correlation tools to monitor and cross-check disparate devices, hence exposing security threats and facilitating vulnerability management. We are committed to supporting a high-level of security, and are pleased to promote and support the CVE naming standards.

Name: Log Radar
Type: Security Information Management (SIM) Software  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Telos Corporation

Web Site:

Quote/Declaration: Xacta IA Manager is a risk/compliance management/measurement software that incorporates vulnerabilities as part of the overall risk assessment. Because our principle customer is the Department of Defense, we recognize the importance of being compatible with CVE. We expect to have the product fully CVE compatible with the release of our 5.0 version of Xacta IA Manager.

Name: Xacta IA Manager
Type: Vulnerability Assessment and Remediation    
CVE Output: Planned
CVE Searchable: Planned
  Last Updated: Feb 25, 2014
Tenable Network Security Inc.

Web Site:

Quote/Declaration: Tenable Network Security utilizes the CVE program to reference each of the vulnerabilities detected by Nessus and the Passive Vulnerability Scanner. This information is also heavily used through SecurityCenter for reporting, education, IDS event correlation and linking with third-party security information.

Name: Nessus Security Scanner
Type: Vulnerability and Compliance Scanner  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Passive Vulnerability Scanner
Type: Passive Network Monitor  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Security Center
Type: Enterprise Security Management System  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
ThreatGuard, Inc.

Web Site:

Quote/Declaration: Recognizing the importance of common indexing of known vulnerabilities, ThreatGuard has included CVE references in ThreatGuard VMS and ThreatGuard Traveler. These references are seamlessly integrated with the ThreatGuard Navigator client application, reports, and search engine. As we release new vulnerability tests, it is among ThreatGuard's top priorities to ensure CVE referencing is included and accurate, extending the efforts of the CVE initiative.

Name: ThreatGuard On Demand
Type: Continuous Security Auditing and Compliance Management    
CVE Output: Yes
CVE Searchable: Yes
Name: ThreatGuard Traveler
Type: Continuous Security Auditing and Compliance Management for Service Providers  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: ThreatGuard Vulnerability Management System
Type: Continuous Security Auditing and Compliance Management  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
TMC y Cia

Web Site:

Quote/Declaration: We have aligned our service/appliance FAV with the CVE vulnerabilities standard for the benefit of our customers.

Name: FAV - Falcon Vulnerabilities Analysis
Type: Vulnerability Analysis Service/Appliance  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
TraceSecurity, Inc.

Web Site:

Name: TraceAlert
Type: Vulnerability and Malicious Code Alert Service    
CVE Output: Yes
CVE Searchable: Yes
Name: TraceAssess
Type: Vulnerability Lifecycle Management Utility    
CVE Output: Yes
CVE Searchable: Yes
 
Trend Micro, Inc.

Web Site:

Name: Trend Micro Vulnerability Assessment
Type: Vulnerability Assessment Product with Virus Info Association  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Tripwire, Inc.

Web Site:

Quote/Declaration: Tripwire actively supports standardization efforts in the security market, including the CVE's common lexicon for the vulnerability namespace. As a member of the CVE editorial board, we are committed to ensuring Tripwire's IP360 product continues to support CVE names and provides customers with an enterprise-class complete lifecycle approach to vulnerability management. Ultimately, this enables customer to find and eliminate vulnerabilities before they can be exploited, ensure security policy compliance and meaningfully measure and manage business risk.

— Tim Keanini
Name: Tripwire IP360
Type: Appliance-Based Enterprise-Class Vulnerability Management System  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Feb 25, 2014
TrustSign Date Declared: December 28, 2011

Web Site:

Quote/Declaration: TrustSign is a certificate authority and a security company that works to identify and correct common vulnerabilities in enterprise networks and service providers. We believe that it is important to our services and clients to be a fully compatible with the CVE standard.

Name: Selos de Seguranca
Type: Vulnerability Assessment and Remediation Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
Trustwave

Web Site:

Quote/Declaration: We are pleased to partner with MITRE on the CVE Compatibility program. As a leader in the enterprise security management software technology, we believe that the CVE standardization of multi-vendor security exploits information will greatly benefit our customers. Our current product offering leverages CVE to offer intelligent correlation and threat and incident management solutions and our future offerings will continue to leverage the widely accepted CVE standard.

— Paul MacGyver Carman, Technical Product Manager
Name: TrustKeeper
Type: Vulnerability Scanning Service  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: Trustwave SIEM Portfolio
Type: Information Security Management    
CVE Output: Yes
CVE Searchable: Yes
  Last Updated: Feb 25, 2014
ViewTrust Technology, Inc. Date Declared: January 28, 2014

Web Site:

Quote/Declaration: ViewTrust would like to solidify our use of a standards based solution by working with the MITRE CVE Team to certify our Analytic Continuous Monitoring Engine (ACE) product as CVE-Compatible.

Name: Analytic Continuous Monitoring Engine (ACE)
Type: Aggregation Capability    
CVE Coverage: Yes
CVE Output: Yes
CVE Searchable: Yes
  Last Updated: Jan 28, 2014
Visionael

Web Site:

Name: Visionael Service Automation Suite
Type: Vulnerability Assessment and Remediation Tool    
CVE Output: Yes
CVE Searchable: Yes
 
VUPEN Security

Web Site:

Quote/Declaration: VUPEN Security (formerly FrSIRT) personalized vulnerability and threat alerts, 24/7, 365 days a year, to inform organizations of new potential threats. Our services are designed to deliver notification of vulnerabilities and exploits as they are identified, providing timely, actionable information and guidance to help mitigate risks before they are exploited.

Name: VUPEN Security - Vulnerability Alerting and Management Solutions
Type: Vulnerability and Exploit Tracking and Alerting Service    
CVE Output: Yes
CVE Searchable: Yes
Name: VUPEN Security Advisories
Type: Security Advisories, Database and Archives    
CVE Output: Yes
CVE Searchable: Yes
 
Westpoint Ltd.

Web Site:

Quote/Declaration: Westpoint, and more importantly its customers, have long since realised the value of the CVE unified vulnerability referencing scheme in helping to eradicate risks from the organisation. As such Westpoint is happy to participate in any programme that gives the Internet community greater freedom of choice in the security products and services they choose to adopt.

Name: Westpoint Enterprise Scan
Type: Managed Vulnerability Assessment Service    
CVE Output: Yes
CVE Searchable: Yes
 
WINS Co., Ltd.

Web Site:

Quote/Declaration: WINS Co., Ltd. is pleased to support MITRE on the CVE effort to standardize vulnerability identification not only for the security industry, but for our customers. SNIPER IPS, our network-based intrusion prevention system, and SecureCast, our vulnerability database, have incorporated CVE names to provide the most valuable information for our customers.

Name: SNIPER IPS
Type: Network-Based Intrusion Prevention System  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: SecureCAST
Type: Vulnerability Database  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
  Last Updated: Apr 4, 2014
Xentinel Digital Security, Inc.

Web Site:

Quote/Declaration: Xentinel Digital Security provides daily remote vulnerability assesment to e-merchants through its HACKER FREE Certification and PCIPass (Payment Card Industry Security Standards Compliance Passport). Xentinel tools support the CVE standard to facilitate the integration with other security tools. Additionally, our mapping to CVE makes it easy for customer's to reference key information to protect their organzation from internet security threats.

Name: HACKER FREE
Type: Remote Vulnerability Assessment    
CVE Output: Yes
CVE Searchable: Yes
 
Xi'an Jiaotong University Jump Network Technology Co., Ltd.

Web Site:

Quote/Declaration: We have incorporated CVE to improve the quality of our product.

Name: Jump NVAS
Type: Network Vulnerability Assessment System (NVAS)  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
Name: JumpIPS
Type: Intrusion Prevention System  
CVE Output: Yes
CVE Searchable: Yes
Review Completed Questionnaire
 
XMCO Partners Date Declared: July 7, 2010

Web Site:

Name: CERT-XMCO
Type: Vulnerability Database and Notification Service    
CVE Output: Yes
CVE Searchable: Yes
 
 
Page Last Updated: April 16, 2014