普遍的弱点

CWE社区

CWE兼容性and Effectiveness Program

介绍

The CWE Compatibility and Effectiveness Program is a formal review and evaluation process for organizations wishing to declare their information security products and services as CWE-Compatible and CWE-Effective and have them formally evaluated.

Compatible and Effective products and services, as well as those working towards compatibility and effectiveness, will be posted on the "CWE-Compatible and Effective Products and Services" page on the CWE Web site and included on handouts at information security and related tradeshows and events at which MITRE exhibits CWE (see theCWE日历）。

正式的CWE兼容性和有效性计划包括三个阶段：声明，评估和有效性。

Phase 1 – Declaration Phase

声明阶段要求完成简短的信息“ CWE兼容性声明表”，用于注册组织在CWE兼容性和有效性方面的意图声明。在此阶段，您被要求审查兼容性和有效性要求，然后就您的组织是否相信其产品或服务当前满足兼容性要求，或者您的组织是否正在努力满足要求。CWE兼容性和有效性过程的这一阶段不会导致MITER的正式评估或评估；相反，MITER仅审查声明。只要产品或服务是商业或公开可用的，就会在CWE网站上发布声明和认可的报价（如果需要）。

第2阶段 - 评估阶段

The Evaluation Phase requires completion of Phase 1 with "yes" as the answer for support of CWE output, CWE searchable, and CWE documentation. You must also complete an extended "CWE Compatibility Requirements Evaluation Form" that is a more extensive CWE-compatible formal review and includes several evaluation activities. You will also receive the "Compatible Product/Service Organization Welcome Kit" with items for your Web site.

This formal evaluation process includes a "branding program" and logo to indicate successful completion of the compatibility portion of the compatibility and effectiveness evaluation. A major component of this phase requires specific details about how your organization has satisfied each of the mandatory requirements in the要求and Recommendations for CWE Compatibility and CWE Effectiveness文档。第2阶段“ CWE兼容性要求评估表”还需要您组织的授权代表的签名。此外，您必须在MITER向CWE团队提供与CWE相关的用户文档的副本，以供您的产品或服务以及您的功能中的信息，以显示其如何将CWE标识符映射到您的功能分析结果或结果。

将评估您组织的陈述和文档，MITER的CWE团队将安排验证CWE标识符与组织基础数据存储库中的弱点条目之间的映射准确性。在对组织的详细声明进行评估后，描述了您的产品或服务如何满足CWE兼容性的要求，该声明将发布在CWE网站上以供公众审核。成功完成映射准确性审查后，我们将通过授予您官方的CWE兼容性状态来发布MITER与您组织的声明的一致。然后，MITER将为您提供特殊的CWE兼容徽标，并正式允许您在网站，文献，产品包装上使用CWE兼容的徽标和术语“与媒体进行交流”。

第三阶段 - 有效阶段

CWE有效性阶段包括一个品牌计划，对许多联邦机构以及大型企业都非常感兴趣。尽管仍在开发测试案例生成以支持CWE有效性阶段的某些方面，但已经确定了CWE有效性的许多方面。

CWE有效性阶段的主要方面是：

• focused on providing your prospective customers with an understanding of which specific CWE identifiers your capability reviews artifacts for;
• 提供公开的测试结果集合，使潜在客户能够了解哪些CWE识别您的功能有效定位；和，
• 为了阐明软件中哪种复杂性类型，您的功能在寻找标记为弱点的CWE标识符时最成功。

The posting of the test results on the CWE Web site will conclude the CWE Effectiveness Phase and an appropriate CWE-Effective logo and brand will be made available for your use. As more information about CWE Effectiveness test cases is developed, we will make sure to keep everyone informed through email messages and on theCWE新万博下载包闻与活动page. Please contact us atcwe@mitre.org有任何评论或疑虑。

Contact and Submission Instructions

要开始注册过程，请查看上面详述的官方CWE兼容性和有效性计划，然后将电子邮件发送给cwe@mitre.org请求声明表格以及您的公司名称和联系信息，产品类型以及产品或服务的名称。

You will receive specific instructions for completing and submitting additional information as the process continues.