Quote/Declaration: We wish to join the CVE Compatibility Program to contribute to the correction of vulnerabilities and also assure our customers security.

Quote/Declaration: AdventNet is pleased to support CVE names in the vulnerability database of the SecureCentral product line, as part of our commitment to embracing industry standards.

Name: ManageEngine Security Manager Plus
Type: Vulnerability Management Software for Windows and Linux Systems
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: SecureCentral PatchQuest
Type: Patch Management Software for Windows and Linux systems
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: Application Security, Inc. is committed to delivering solutions that are compatible and interoperable with the IT security environment at large. In the vulnerability management marketplace, that means speaking CVE. We've kept our SHATTER knowledgebase, the world's most comprehensive list of database vulnerabilities and misconfigurations, up-to-date with CVE references since 2004.

Name: AppDetectivePro
Type: Database Vulnerability Assessment Tool
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: DbProtect
Type: Database Intrusion Protection, Detection, and Prevention
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: TeamSHATTER.com
Type: Threat Resource Database
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: Assuria Auditor (formerly ISS System Scanner) was previously certified as ISS System Scanner. Assuria have enhanced and added functionality and features around CVE reporting in the product.

Name: Assuria Auditor
Type: Vulnerability Assessment and Remediation
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: AVATARES cyber security products and services provides seamless compatibility with new CVE ID formats.

Name: Pandora-CSF
Type: Vulnerability Analysis Service/Appliance
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: We aim to provide our customers with the best information available on how to protect their infrastructure. By integrating CVE into our product, we are providing up-to-date vulnerability information that can be used to enable a network administrator to defend their enterprise data and resources.

Quote/Declaration: Beijing Netpower Technologies Inc. is a leading network security products producer in China. We assure that our Netpower Network Vulnerability Scanner (NPNS) and Netpower Network Intrusion Detection System (NPIDS) are fully compatible with CVE standards.

Name: Netpower Network Intrusion Detection System (NPIDS)
Type: Intrusion Detection and Management
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: Netpower Network Vulnerability Scanner (NPNS)
Type: Vulnerability Database and Scanner
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: Beijing Venustech provides users with a series of network security products, which along with our own independent intellectual property, are compliant with the international standard, CVE. Beyond products, we deliver our customers life-cycle services including consulting, design, implementation, maintenance, and training.

Name: Cybervision Intrusion Detection System
Type: Intrusion Detection System
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: Cybervision Vulnerability Assessment and Mangement System
Type: Vulnerability Scanner
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: Venusense Intrusion Prevention System
Type: Intrusion Prevention System
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: Venusense Threat Detection and Intelligent Analysis System
Type: Intrusion Detection and Intelligent Analysis
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: Venusense Unified Security Gateway
Type: Unified Threats Management (UTM)
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: Venusense Web Application Gateway
Type: Web Application Firewall
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: Beyond Security Ltd.'s Automated Scanning provides users with a complete picture of the security of their organization by leveraging the huge SecuriTeam.com knowledgebase. As such, we see high importance for the CVE naming scheme, which provides a global independent reference for known security vulnerabilities.

Name: AVDS
Type: Automated Vulnerabilities Scanner
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: AVDS Server
Type: Automated Vulnerabilities Scanner Platform For Service Providers
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: AVDS Services
Type: Automated Vulnerabilities Scanning Service
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: Beyond Trust is an innovative leader in vulnerability and security research, providing security solutions that help businesses and users protect their systems and intellectual property from compromise. eEye enables secure computing through world-renowned research and innovative technology, supplying the world's largest businesses with an integrated and research-driven vulnerability assessment, intrusion prevention, and client security solution. eEye is pleased to support the CVE Initiative and will continue to promote the standardization of the CVE naming convention and vulnerability identification.

Name: Retina Network Security Scanner
Type: Vulnerability Assessment Tool
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: As a global leader in data, voice and enterprise security solutions, Black Box Corporation (BBOX) fully supports the MITRE CVE® standard. We are pleased to deploy our award winning CVE-compatible Veri-NAC appliances into the market with a faster, less invasive vulnerability scanning system with direct links into the National Vulnerability Database (NVD) for a deeper understanding of common vulnerabilities and exposures as well as faster remediation.

Name: Veri-NAC Appliances
Type: Veri-NAC is a one-box vulnerability management and network access control (NAC) appliance
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: As a leader in security information management, BlackStratus understands the complexity of managing and mitigating risks. Because effective security management is based on the accuracy and timely recognition of an attack, only improved knowledge will enable the proper response mechanism. With the combination of cross-device correlated events from netForensics and the detailed information from CVE, security experts are able to understand the conditions of their enterprise and map threats to exposures. Active support for CVE will improve the knowledge of the security community and fortify enterprise security management.

Quote/Declaration: Catbird V-Security is a comprehensive security and compliance solution for virtual and physical infrastructures, delivering best-practice security for Hypervisor, Guest VMs and Policy/Regulatory Compliance. Cross-indexing the CVE in reports we present to our partners and customers assists them in building effective security programs.

Name: Catbird vSecurity
Type: Security Service
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: Cenzic is pleased to integrate CVE information with our Hailstorm application security assessment product. Customers benefit from a widely supported standard while taking advantage of the leading application security assessment product.

Quote/Declaration: CVE is the key to vulnerability database compatibility. The CERIAS Cooperative Vulnerability Database and the Cassandra tool currently provide CVE Output and are also CVE Searchable. The CERIAS ESP is entirely based on CVE. The CIRDB (CERIAS Incident Response Database) already provides CVE output. The growing importance and recognition of CVE requires the CIRDB to be searchable and fully CVE-compatible, which we will do for the release currently under development.

Quote/Declaration: We will begin directly contributing new CVE entries, as well as using existing CVE entries to annotate our published advisories.

Quote/Declaration: Cert-IST offers its partners and clients a Security Advisory and Alert service, both in French and English. Cert-IST offers also a vulnerability database, accessible through Web interface, created in September 97, and maintained by a dedicated team. Cert-IST uses CVE in its advisory database, with the objective to improve the information and knowledge level in the security community.

Quote/Declaration: Check Point is pleased to participate in the CVE Compatibility program, which will benefit the worldwide computing community by providing a common terminology for tracking security threats and make discourse among all community members (users, vendors, service providers, and others) more intelligible and productive.

Quote/Declaration: China National Computer Software & Technology Service Corporation (CSS) is a leading company in the field of software development in the People's Republic of China. We believe it is important for our security solution to be fully compatible with the Common Vulnerabilities and Exposures (CVE) standard.

Quote/Declaration: Cisco sees CVE as an important step in the collaborative efforts of the vulnerability science community. It is a tool that allows our security research and product development teams to focus on adding value for our customers. Cisco will incorporate the CVE dictionary into its products.

Name: Cisco Security IntelliShield Alert Manager Service
Type: Security Intelligence Service
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: The objective of the Clear North Technologies penetration study is to identify and report vulnerabilities in the client's perimeter network which may provide attackers with an opportunity to gain unauthorized access to private computer systems and networks. In performing the penetration study, Clear North Technologies will employ techniques and tools similar to those used by external threats with the intention of compromising perimeter network safeguards in an effort to gain access to the client's private computer systems and networks.

Quote/Declaration: Codenomicon is a cyber-security company that focuses on vulnerability management and situational awareness of cyber abuse. Our proven cost effective solutions help organizations to quickly identify, manage, and remediate security issues associated with known and unknown software vulnerabilities and abuse information from interactive visualizations of real-time network information.

Quote/Declaration: We will put the CVE names into this database in order to provide a cross reference to that enumeration.

Quote/Declaration:  As the provider of CORE IMPACT, the industry's first automated penetration testing product, Core Security Technologies is pleased to support the CVE standard. CVE provides a critical common language for naming vulnerabilities and allows us to not only link exploits to vulnerabilities within IMPACT, but also to provide interoperability with vulnerability scanners, intrusion detection and remediation products and other risk assesment and management solutions.

Quote/Declaration: CounterSnipe aims to ensure that our customers' networks are provided with maximum protection and we believe that it is absolutely critical to at least guard against known and published vulnerabilities. There is no better way than ensuring CVE compatibility.

Quote/Declaration: Critical Watch supports MITRE's CVE program for standardizing a naming scheme for vulnerabilities. Incorporating CVE names into our enterprise vulnerability management solution enables our customers to act swiftly and confidently to collapse windows of exposure.

Name: FusionVM Consultant
Type: Appliance-Based Managed Service
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: FusionVM Enterprise System
Type: Appliance-Based Managed Service
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: FusionVM MSSP
Type: Appliance-Based Managed Service
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: FusionVM PCI
Type: Remote Scanning Service
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: FusionVM Software as a Service (SaaS)
Type: Remote Scanning Service
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: Cronus Cyber Technologies, introducing the CyBot Suite is a CVE-vulnerabilities based system that identifies potential attack path scenarios and cyber threats.

Name: CyBot Suite
Type: Attack Path Scenarios Detection
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: DBAPPSecurity focuses on web application security and database security. It provides web vulnerability scanner (MatriXay), web application firewall, database scanner, database auditor, log auditor, web monitor and professional security services for information security and risk management, which compliance with many kinds of laws and regulations.

Quote/Declaration: MITRE's CVE standard helps SecureWorks provide our clients with a seamless, consolidated view of their security and risk environment, and aids our security analysts in correlating valuable threat information from disparate sources.

Quote/Declaration: DragonSoft Security Associates, Inc. believes that CVE provides the correct direction to a uniform and consistent representation of vulnerabilities and exposures information. As a company which research and design vulnerabilities and exposures detecting software, we are very desirous to providing CVE compatible product to our customers that researches and designs software for detecting vulnerabilities and exposures, we believe it is important to provide CVE-compatible products to our customers.

Name: DragonSoft Secure Scanner
Type: Vulnerabilities and Exposures Assessment Software
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: DragonSoft Vulnerability Database
Type: Online Vulnerabilities and Exposures Database
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: e-Project believes that those wishing to contribute to improving information security should collaborate with the MITRE Corporation to support the CVE standard. e-Project has made its Scan-edge vulnerability assessment and remediation service CVE-compatible so our customers will have the best information available. We will contribute to this effort in every way possible and continue to support CVE on an ongoing basis.

Quote/Declaration: As a leader and innovation in the security industry, Easy Solutions, Inc. is pleased to announce compatibility with the CVE Initiative

Name: Detect Vulnerability Scanning Service - External
Type: Vulnerability Scanning and Assessment Service
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: Detect Vulnerability Scanning Service - External/Internal
Type: Vulnerability Scanning and Assessment Service
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: Edgeos' services fully support and implement CVE.

Quote/Declaration: Emaze, which offers proactive security solutions to help large organizations handle security risks as well as to fulfill compliance and conformity requirements, is pleased to support the CVE initiative.

Quote/Declaration: RSA Archer eGRC Solutions are knowledge management system for the collection, management and distribution of critical security content such as vulnerabilities, technical baselines, control standards and information security policies as they relate to specific risk that IT assets face within the enterprise. The RSA Archer eGRC Solutions suite strongly supports the CVE standard, which greatly assists in our integration with other security products and vendors. The CVE mapping enables our clients to intelligently analyze, cross reference and search vulnerabilities that affect their organization.

Name: RSA Archer GRC
Type: Threat Management
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: At esCERT, we have adapted all our procedures and services to CVE notation since we consider that it is the best way to handle and distribute vulnerability information in a complete and reliable way.

Quote/Declaration: Use of a standard such as CVE enables security experts and IT managers to cross-correlate information and references about different threats reported by disparate security products and solutions - a necessity to understand the real impact of vulnerabilities and attacks.

Quote/Declaration: Many of our IDS signatures already have CVE tags. Our vulnerability signatures will also have CVE tags. Our IPS uses these tags to link users directly to the CVE Web site which allows them to get concise and updated vulnerability information.

Quote/Declaration: Fortinet has been an established security vendor for some time, and regularly discovers third-party security vulnerabilities for which we request CVE Identifiers from MITRE. We also monitor the security space, develop IPS signatures, and map/reference the CVEs for all of these in our advisories and encyclopedia.

Name: FortiGuard
Type: Vulnerability Compliance Management Service and Security Advisories Archive
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: FuJian RongJi Software Company, Ltd., in association with the Institute of High Energy Physics, the Chinese Academy of Sciences, has developed the RJ-iTop Network Vulnerability Scanner System, which provides CVE Output and is CVE Searchable. In addition, its database is fully searchable by keyword or CVE name. We have made our product compatible with CVE so that administrators can easily differentiate which is the best product for them among the different security products.

Name: RJ-iTop Network Vulnerability Scanner System
Type: Vulnerability Assessment Tool
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: Gamasec's GamaScan Web application Scanner is an automated security service that searches for software vulnerabilities within Web applications and validates any potential security breaches and risks against a continually updated service database. By incorporating CVE Identifiers into GamaScan, we are providing our customers with the ability to enhance their vulnerability handling processes and further leverage their vulnerability scanners to verify that updates and fixes have been applied.

Quote/Declaration: The Gentoo Linux Security Project actively supports the CVE Initiative by referencing corresponding CVE entries in all of our security advisories where appropriate.

Quote/Declaration: GFI recognizes the importance of standards in a field which is encountering even bigger challenges, variation of attacks and abuses of IT systems. While searching for a standard which will allow us to adhere to as well as encourage our customers to refer to vulnerabilities in a particular format, we found a perfect synergy between our technology and CVE. We believe that such integration will provide a common ground for our customers and security administrators out there to share and unify experiences against these ever increasing threats.

Name: GFI LANguard Network Security Scanner
Type: Network Vulnerability Assessment & Remediation Product
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: Globant is pleased to support MITRE's initiative of standardizing vulnerability identification in our managed security services. The adoption of MITRE's CVE standard benefits users, community and vendors by providing a consistent and single way of identifying vulnerabilities across different products.

Name: ATTAKA
Type: On Demand Vulnerability Management and Assessment Service
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: H3C Technologies Co., Limited has made our IPS product compatible with CVE for the benefit of our customers and to support industry standards.

Name: SecBlade IPS
Type: Intrusion Prevention System As A Network Switch Module
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: SecPath T Series IPS
Type: Intrusion Prevention System
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: Hangzhou DPtech Technologies Co., Ltd. is pleased to support MITRE on the CVE effort to standardize vulnerability identification not only for the security industry, but for our customers. DPtech IPS2000, our network-based intrusion prevention system, and DPtech Scanner1000, our network and application vulnerability assessment scanner, have incorporated CVE names to provide the most valuable information for our customers.

Name: DPtech IPS2000
Type: Network and Application Vulnerability Assessment
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: DPtech Scanner1000
Type: Vulnerability Scanner System
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: By integrating CVE into our security assessment and management products we enable our customers to promptly and effectively track and respond to security vulnerabilities.

Name: TippingPoint Next Generation Intrusion Prevention System (NGIPS)
Type: Network-Based Intrusion Prevention System
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: At High-Tech Bridge we strongly believe that CVE information security standard makes security measurable and universal, from which customers, vendors and security researchers benefit. We are grateful to the efforts of MITRE Corporation for continuous CVE standard development and support.

Name: High-Tech Bridge Security Advisories
Type: Security Advisories
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: ImmuniWeb
Type: SaaS Web Application Vulnerability Assessment Service
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: As a pioneer and leading provider of security management solutions for the enterprise ArcSight actively promotes and supports open systems standards such as CVE. ArcSight uses cross-device correlation to detect sophisticated multi-source, multi-target attacks while keying into the correct policies and procedures for response via the CVE names. It enables security experts and IT managers to cross-correlate information and references about different threats reported by disparate security products and solutions — a necessity to understand the real impact of vulnerabilities and attacks.

Name: Arcsight ESM Event Security Manager
Type: Real-Time Security Awareness/Incident Response
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: CVE compliance as a high priority requirement throughout Huawei security product/service development process helps our customers to easily get broader vulnerability/exploit information.

Name: Huawei Network Intelligent Protection System (NIP)
Type: Intrusion Prevention System (IPS)
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: Huawei Network Intrustion Detection System (NIP D)
Type: Intrusion Detection System (IDS)
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: IBM actively promotes, supports, and contributes to the emerging open systems standards such as CVE that enable technology management software in the IBM Security portfolio of intrusion detection, vulnerability assessment, end point management, and security management components to inter-operate and share management information. We know that open system standards are a critical step in this direction. We support CVE as the first and the most complete naming convention for vulnerability mapping in the industry and we are committed to using CVE within our product in a tightly integrated fashion.

Name: Rational AppScan
Type: Application Security Assessment Tool
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: The CVE naming standard developed by MITRE represents a significant leap forward for the information security industry and end user community. As a technology pioneer and leading provider of security management software and services, IBM Internet Security Systems is pleased to be a part of this important initiative as we move toward a standard that is crucial to the effective protection of every organization's critical digital assets.

Name: Internet Scanner
Type: Vulnerability Assessment Tool
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: Proventia Enterprise Scanner
Type: Vulnerability Management Assessment System
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: Proventia Management SiteProtector
Type: Security Management Platform
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: RealSecure Network 10/100
Type: Network-Based IDS/IPS
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: RealSecure Network Gigabit
Type: Network-Based IDS/IPS
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: RealSecure Server Sensor
Type: Host-Based IDS/IPS
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: X-Force Alerts and Advisories
Type: Alerts & Advisories Archive
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: X-Force Database
Type: Vulnerability Database
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: IRM ensures that clients acquire and maintain the core elements of information security by providing product-independent, expert, and impartial consulting services to organisations wishing to examine and improve the security of their information assets. It is essential that open and standardised vulnerability descriptions and metrics integrate into IRM's methodology and output so that clients may be assured of a common reference to findings and recommendations. CVE provides such a mechanism and is vital in providing meaningful security threat results.

Name: Security Risk Assessment
Type: Security Risk Assessment Service
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: IPA is proud to incorporate CVE in our product line. Our main product, JVN iPedia is a vulnerability database that stores summary and countermeasure information on domestic and overseas software products used in Japan. JVN iPedia is equipped with search functions (Keyword, Product, CVSS, CVE, etc.) and RSS feeds, which provides the accumulated data in a comprehensive manner.

Name: Filtered Vulnerability Countermeasure Information Tool (MyJVN)
Type: Filtered Warnings Application
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: Vulnerability Countermeasure Information Database (JVN iPedia)
Type: Online Vulnerability Database
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: CVE compatibility is an important feature of AppSentry that provides a standardized cross-reference of included vulnerabilities. Inclusion of CVE names in policies and reports allows AppSentry users to quickly and accurately locate critical vulnerability information and to correlate findings with other security tools.

Quote/Declaration: Sparqlycode is a RDF/OWL representation of knowledge in the SDLC; for example, the code, its configuration, the developers that worked on it, and its deployment configuration. It also includes common vulnerability and exposure information from NIST.

Quote/Declaration: iPolicy Networks delivers an advanced and comprehensive network security solution for protecting enterprise, carrier and service-provider networks. The intrusion detection and prevention function in the iPolicy Intrusion Prevention Firewalls analyzes network traffics for known vulnerabilities and malware signatures. We strongly support CVE compatibility in our products. It not only ensure for us that we cover entire spectrum of vulnerabilities, it also gives opportunity to our customers to cross reference and verify the effectiveness of the solution provided to them by our products.

Quote/Declaration: iScan Online sees CVE as a key component of our data breach risk intelligence platform. Customers can now visualize which vulnerabilities are providing a backdoor to unencrypted data. iScan Online will incorporate CVE into Data Breach Risk Analytics and vulnerability reporting.

Quote/Declaration: Under the Information Security Early Warning Partnership in Japan, IPA receives private vulnerability reports and JPCERT/CC coordinates with developers to prepare patches or remedies. JVN provides infomation such as solution, vulnerability analysis by JPCERT/CC, and vender notes. JVN contains CVE information as well as vulnerability attribute information.

Name: Japan Vulnerability Notes (JVN)
Type: Vulnerability Information Portal Site
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: As an advocate of initiatives that improve customers' understanding of network security, Juniper believes the CVE standardized list of vulnerabilities and exposures is a significant step towards eradicating the confusion caused by disparate security information. Juniper has incorporated CVE into its intrusion detection and prevention system to help customers understand incidents so that they can quickly respond and effectively protect their networks.

Quote/Declaration: Kingnet Security plays a leading role in network security industry in China. We want our KIDS intrusion detection system to be compatible to the CVE standard so as to bring as much value to our customers as possible.

Name: Kingnet Intrusion Detection System (KIDS)
Type: Intrusion Detection System
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: LANDesk Security and Patch manager supports the CVE naming standard, it's a simple and practical way to ensure that a vulnerability definition means the same thing to different people.

Name: LANDesk Patch Manager
Type: Patch Management System
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: LANDesk Security Suite
Type: Active Endpoint Security Management
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: For the benefit of our customers, we believe it is important to be fully compatible with the international CVE standard.

Name: Legendsec SecIDS 3600 Intrusion Detection System
Type: Intrusion Detection System
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: Legendsec SecIPS 3600 Intrusion Prevention System
Type: Intrusion Prevention System
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: The CSI service of laboratory LEXSI gathers applications and services offering a coherent and complete IT security watch solution to its subscribers. At the core of the CSI, ten experts supervise new security failures, carry out integrity tests, provide manual avoidance solutions, reference and enrich the Vulnerabilities Database. Compatibility between referred vulnerabilities and CVE dictionary provides to our subscribers and partners full interworking of our watch system with all third party products and services.

Le service CSI du laboratoire LEXSI regroupe un ensemble d'applications et de services à même d'offrir à ses abonnés une solution cohérente et complète de veille en sécurité informatique. Au coeur du CSI, une dizaine d'experts surveille l'apparition de failles de sécurité, effectue des tests d'intégrité, élabore des solutions de contournement, référence et enrichit la Base de Vulnérabilités. La compatibilité entre les vulnérabilités référencées et le dictionnaire CVE offre à nos abonnés et partenaires l'interopérabilité totale de notre système de veille avec l'ensemble des services et produits tiers.

Name: CSI
Type: Vulnerability Database and Notification Service
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: Our solution LBN Watch is already fully compatible with CVE but LINKBYNET wants to formalize this compatibility and make a statement about seriousness and reliability of our solution.

Quote/Declaration: Lumension Security (formerly PatchLink Corporation) is in the vulnerability management business and as such fully recognizes the value of using CVE names. All of our patches have CVE codes in them.

Name: PatchLink Scan
Type: Assessment Tool
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: Mandriva recognizes the importance of a vendor-neutral list of vulnerabilities that can be cross-referenced by anyone; this is especially important in the growing number of mixed networks, and allows individuals to cross-reference vulnerabilities with ease. All Mandriva advisories will now contain CVE names to provide this service to our users.

Quote/Declaration: Because of today's ever changing threats, and vulnerability data a consent must be had to properly identify each. In the malicious code area these naming conventions exist and are very beneficial. The MITRE CVE program provides a naming standard that can be relied on when there is confusion or no standards agreed upon providing a method by which system administrators and other users can search the Internet to get the information on the same vulnerability via various sources.

Name: McAfee Foundstone Appliances
Type: Vulnerability Assessment Appliance
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: McAfee Policy Auditor
Type: Automated Vulnerability Remediation
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: N-Stalker, Inc. is pleased to support MITRE on the CVE Initiative to standardize vulnerability identification. It's a simple and practical way to ensure that a vulnerability definition means the same thing to different people.

Quote/Declaration: The National Vulnerability Database contains all CVE information as well as vulnerability attribute information (e.g. vulnerable version numbers), direct access to U.S. government vulnerability resources, and annotated links to industry resources. The underlying data in the database is provided license free via an XML feed.

Name: National Vulnerability Database (NVD)
Type: Online Vulnerability Database
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: NetClarity is a strong proponent of the CVE dictionary. The Auditor family of appliances automatically audit networks and reports those vulnerabilities discovered by our patent-pending vulnerability assessment engine. With CVE-specific information and remediation instructions, we enable our customers to better manage their risks, comply with regulations, and protect their assets.

Name: NetClarity Analyst and Update Service
Type: Vulnerability Assessment Appliance and Update Service For Small Mobile Networks
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: NetClarity Auditor 128 and Update Service
Type: Vulnerability Assessment Appliance and Update Service For Small Mobile Networks
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: NetClarity Auditor Enterprise and Update Service
Type: Vulnerability Assessment Appliance and Update Service For Large Networks
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: NetClarity Auditor XL and Update Service
Type: Vulnerability Assessment Appliance and Update Service For Small to Medium Enterprises
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: Netcraft is pleased to be able to offer mappings between its vulnerability scanner and the CVE dictionary. We see CVE as an important security administration tool, linking our services to a wider variety of other security devices, services and sources of security information.

Name: Audited by Netcraft
Type: Managed Vulnerability Scanning Service
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: NetentSec is a network security company in Beijing of China. We assure that NetentSec Next Generation Firewall is fully compatible with CVE standards.

Name: Next Generation Firewall (NGFW)
Type: Firewall
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: NetIQ sees great value in providing CVE compatibility in our NetIQ Vulnerability Manager product. Industry standards such as CVE make it easier for customers to make sense of the constant barrage of security issues, bugs, and vulnerabilities.

Quote/Declaration: COREvidence initiates, correlates, and aggregates different results from multi-engines and APIs vulnerability and malware scanners providing dashboards and deliverable with relevant CVE information combined with other open standards. This helps our customers to better understand their findings.

Quote/Declaration: The SecureScout line of vulnerability assessment solutions, fully supports CVE references; our speed and ease of use enable users to more efficiently verify CVE coverage.

Name: SecureScout EagleBox
Type: Network Scanning Appliance-Based Service
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: SecureScout NX
Type: Single User Network-Based Vulnerability Assessment Tool
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: SecureScout Perimeter
Type: Web-Based, Internet-Side Vulnerability Assessment Service
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: SecureScout SP
Type: Enterprise Network-Based Vulnerability Assessment Tool
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: Network Box Corporation provides integrated security appliances and a managed security service for our clients. We have standardized on using the CVE system for all our vulnerability announcements, and product output. We are in the process of extending our product to report detected intrusions in CVE format and provide a searchable database.

Quote/Declaration: Since its inception in 2001, NGSSoftware has always made great strides to ensure its software is compatible with the CVE initiative.

Name: NGS SQuirreL for Oracle
Type: Standalone Vulnerability Assessment Software Product
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: NII strongly believes in adding value to its AuditPro suite of security auditing products. The reports produced by AuditPro and its vulnerability database are now CVE-compatible. This standardization of vulnerabilities will help users locate, understand and fix the vulnerabilities in the easiest and fastest way.

Quote/Declaration: NileSOFT is proud to incorporate CVE in our product line. Our main products, Secuguard SSE (Host based Vulnerability Assessment Tool), Secuguard NSE (Network based Vulnerability Assessment Tool), mySSE for Web (Online PC Vulnerability Assessment Service), and LogCOPS (Enterprise Log Analysis and Management System) will continue to maintain the latest version of CVE.

Name: Secuguard NSE (Network Security Explorer)
Type: Network based Vulnerability Assessment Tool
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: Secuguard SSE (System Security Explorer)
Type: Host based Vulnerability Assessment Tool
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: Secuguard Web Security Explorer (WSE) Webscan
Type: Web Server and Application Vulnerability Assessment Tool
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: We have found using CVE instrumental both for tracking our security incidents for completeness by using the database, and also for talking about incidents with our customers in a clear way.

Quote/Declaration: CVE has made significant efforts to standardize the names for vulnerabilities, eliminate the potential gap in security coverage and provide easier interoperability among different security products. NSFocus strives to deliver customers the enhanced security by series of products with full support for the CVE standard.

Name: AURORA RSAS
Type: Vulnerability Assessment Tool
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: ICEYE NIDS
Type: Intrusion Detection System
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: NSFOCUS Network Intrusion Prevention System (NIPS)
Type: Network-Based Intrusion Prevention System
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: NSFOCUS Next-Generation Firewall (NF)
Type: Next Generation Firewall
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: NSFOCUS Security Gateway (SG)
Type: Firewall, IDS and Integrated Antivirus
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: Nurun IT Consulting Services offers a vulnerabilities management solution to help customers to simplify and improve their vulnerability process. To achieve this goal, compatibility with best security standards as CVE is a necessity.

Quote/Declaration: Packet Storm Security, the Internet's largest free security web site housing tools, exploits, advisories, papers, and more, includes CVE names.

Name: Packet Storm Security Web Site
Type: Vulnerability, Tool, and Whitepaper Database
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: The CVE tracking standard represents a recognized means by which the multitude of vulnerabilities within PatchAdvisor's database can be easily cross-referenced and standardized. We look forward to becoming fully CVE-compatible, adding yet another layer of intelligence to PatchAdvisor's product offerings.

Quote/Declaration: Positive Technologies is a leading provider of vulnerability and compliance management, application security, SCADA security and penetration testing. As one of the development directions, we decided to use the SCAP technology in our products. We are implementing OVAL standards, supporting FDCC/USGCB, and maximizing integration with other open security standards in our products. We also provide an open OVAL repository containing vulnerability descriptions collected from various sources.

Name: MaxPatrol
Type: Vulnerabilities and Compliance Management System
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: Privacyware's products resolve many of the acute security problems within Microsoft Windows software which has been achieved by working closely with research groups to contribute and exchange information obtained through experience. MITRE's CVE Compatibility Program represents an important core group for industry wide security information and with CVE Compatibility, Privacyware will continue to build and maintain important security measures that are extensible with most IT security strategies.

Quote/Declaration: As a leading provider of application-layer security solutions, Protegrity is proud to support the CVE standard. Protegrity will continue to advance the CVE Initiative and contribute toward the consolidation of the security community.

Quote/Declaration: Qualys is pleased to support MITRE's CVE Initiative of standardizing vulnerability identification and has incorporated the CVE naming scheme into its QualysGuard Web Services Architecture.

Name: QualysGuard Consultant
Type: Network and Application Vulnerability Assessment Platform
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: QualysGuard Express
Type: Network and Application Vulnerability Assessment Platform
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: QualysGuard MSP
Type: Network and Application Vulnerability Assessment Platform
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: QualysGuard Vulnerability Management
Type: Network and Application Vulnerability Assessment Platform
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: Radware is pleased to participate in CVE Initiative with its DefensePro, intrusion prevention and attack mitigation product.

Quote/Declaration: As a leader in both vulnerability management and penetration testing, Rapid7 appreciates MITRE's efforts to provide unique CVE Identifiers across both of these areas. This enables our customers to easily reference vulnerabilities and exploits across systems.

Name: Metasploit Express
Type: Vulnerability Management and Penetration Testing
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: Metasploit Pro
Type: Vulnerability Management and Penetration Testing
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: NeXpose
Type: Vulnerability Assessment Tool
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: It is often confusing when the same security issues get fixed by different vendors in different ways with different names and descriptions. We see the CVE Initiative as the way to solve this problem, giving the community accurate information on which they can base their security decisions. We are working with MITRE to contribute and validate new entries as well as publish CVE entries in our security advisories.

Name: Red Hat Security Advisories
Type: Advisory Capability
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: RedSeal Vulnerability Advisor transforms vulnerability scanning into actionable risk management through correlation of multiple scanning results from a variety of vulnerability assessment scanners through their reported CVEs, combined with the configuration information from all the network devices - firewalls, routers, load balancers, wireless access points, to identify the specific vulnerabilities that cause the greatest business risk.

Quote/Declaration: Rsam's Enterprise GRC platform has integrated CVE throughout all vulnerability management and assessment modules. Since 2005, customers have utilized Rsam and CVE to declare, search, and reporting on common vulnerabilities, and to harmonize common vulnerability data across disparate data sources.

Name: Rsam
Type: Enterprise Governance, Risk and Compliance (EGRC) Platform
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: The announcement service run by RUS-CERT already uses CVE as the reference dictionary for vulnerability identification for a long time.

Quote/Declaration: SAINTbox and SAINT Security Suite vulnerability analysis, reports and tutorials include relevant CVE links, providing the user with easy reference to related information and a basis for determining the extent of the product's capabilities. SAINTbox and SAINT Security Suite are also CVE Searchable with a CVE cross-reference that maps the CVE entries to the SAINT tutorials. SAINTCloud is a hosted security tool suite that includes vulnerability analysis, penetration testing, configuration auditing and reporting. Analytics, Reports and Tutorials include relevant CVE links, providing the user with easy reference to related information. SAINT Cloud is also CVE Searchable with a CVE cross-reference in the Scan Policy grid that maps the CVE entries to tutorials.

Name: SAINT Security Suite
Type: Network Vulnerability Scanning Appliance
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: SAINTCloud
Type: Network Vulnerability Scanning and Remediation
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: SAINTbox
Type: Network Vulnerability Scanning Appliance
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: Because of the ever-increasing number of network traffic attacks and vulnerabilities they exploit, tracking quickly becomes a complex and difficult task across attacks, subsequent variants, and four geographic continents, and all the languages therein. It is the intention of Sandvine to use the CVE naming scheme mechanism not only for commonly identifying the vulnerabilities within our hardware and software but also as a taxonomy to group the network attacks our systems are intended to prevent.

Quote/Declaration: Sangfor Technologies Co., Ltd. is a leading network security company in China. We fully support MITRE's CVE standard in our security products, which allows our security research and product development teams to focus on adding value for our customers and enables our customers to easily reference vulnerabilities information.

Name: Next Generation Application Firewall (NGAF)
Type: Next Generation Application Firewall
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Quote/Declaration: The SANS GIAC training is CVE-compatible. Student assignments for intrusion detection and hacker exploits reference CVE. In addition, ID'Net is CVE-compatible.

Quote/Declaration: We are ensuring our users can identify the correct vulnerabilities by using CVEs.

Quote/Declaration: It it our intention, and commitment to support the MITRE CVE efforts in order to assist the user community by providing a standard and consistent way to gather and validate information on security vulnerabilities.

Quote/Declaration: SecPod SCAP Repo is a repository of SCAP content. CVEs are searchable based on all the attributes. The repo supports natural language based search. CVE is referred in all the vulnerability content in the repository.

Quote/Declaration: SecPoint's vulnerability assessment, vulnerability scanning solution integrates CVE to allow users the best searchable way for vulnerabilities.

Name: SecPoint Cloud Penetrator
Type: Web Vulnerability Scanner
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: SecPoint Penetrator
Type: Vulnerability Scanner
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire

Name: SecPoint Portable Penetrator
Type: Wi-Fi Security Audit Suite
CVE Output: Yes CVE Searchable: Yes
Review Completed Questionnaire