DerScanner, an application code scanner, developed by DerSecur, has received the CWE Compatibility certificate from MITRE, an American non-profit organization. This certificate confirms the effectiveness of DerScanner in solving the problem of detecting vulnerabilities, classified by the CWE system, in the software code.
The Common Weakness Enumeration (CWE) is a generally recognized international system for classifying weaknesses and vulnerabilities in software. The project is sponsored by MITRE and supported by the United States Computer Emergency Readiness Team and the National Cyber Security Division of the US Department of Homeland Security.
Dan Chernov, CTO of DerSecur: “This certificate is very important for us, because CWE is one of the most authoritative global classifications of code security. In addition, it is also important for our potential customers all over the world. Many organizations where CWE is adopted as a standard for categorization of vulnerabilities at the development level, especially North American companies, give preference in competitions to those security solutions that have been highly appreciated by independent and respected expert communities on information security.”
To obtain a certificate, the software product must meet the four mandatory requirements of the CWE for certified security tools. First, the product must classify the vulnerabilities found in accordance with the identifiers in CWE. Secondly, the user must be able to find information about any vulnerability in their application using CWE identifiers which the product must contain. For example, DerScanner vulnerability search rules database contains information about the rules the user may be interested in, which can be searched by the CWE identifier. Third, the product must contain documentation that can be used in accordance with CWE standards. And finally, the product must be commissioned, not a prototype or beta version.