CWE compatibility and why does it matter?

We are proud to present the newly certified CWE-compatible Julia as of February 2nd!

Congratulations! But why is it a big deal?

Like any new and innovative company, we work hard to establish and consolidate our reputation as a serious alternative to competing tools. Apart from the continuous improvement of the technology itself, we thought it was important to challenge it and confront it against industry standards and benchmarks in order to see how our tool performs compared to others.

Adherence to standards also makes it easier for users to give our product a try and confront it with other tools.

CWE: industry standard for weakness codification

Julia Certificate of CWE CompatibilityWe chose to start with two important industry standards: the OWASP Benchmark (more about that in my next post) and the CWE Compatibility Program.

The process to obtain CWE Compatibility took us a few months, and here is finally our brand new certificate  ➡

Thank you MITRE, and thank you Pietro Ferrara who cured this process for us!

Now the Julia Analyzer complies with this standard and you can see the respective CWE ID number together with our product-specific weakness name when you use the tool.

Being CWE-Compatible means that:

1. The product is eligible to use the CWE-Compatible Product/Service logoCWE-compatible logo

 ➡ Use of the official CWE-Compatible logo will allow system administrators and other security professionals to look for the logo when adopting SwA products and services for their enterprises

2. A completed and reviewed “CWE Compatibility Requirements Evaluation” questionnaire is posted for the product as part of the organization’s listing on the CWE Web site.

 ➡ The compatibility process questionnaire will help end-users compare how different products and services satisfy the CWE compatibility requirements, and therefore which specific implementations are best for their networks and systems.

What is CWE?

A project by MITRA, targeted to developers and security practitioners, the Common Weakness Enumeration (CWE™) is a formal list of software weakness types created to:

  • Serve as a common language for describing software security weaknesses in architecture, design, or code.
  • Serve as a standard measuring stick for software security tools targeting these weaknesses.
  • Provide a common baseline standard for weakness identification, mitigation, and prevention efforts.

Find out more about the program and its requirements.

If you want to see how the CWE codification is applied in the analyzer, you can take a free trial here.

This entry was posted in CWE, Static analysis and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *