您的组织名称:惠普开发公司L.P. 网站:兼容功能:强化需求 功能主页:
一般能力问题 产品可访问性
Mapping Questions 地图货币指示
Map Currency Update Approach
地图货币更新时间
文档问题 CWE和兼容性文档
使用CWE标识符
|
|
|
|
|
If your documentation includes an index, provide a copy of the items and resources that you have listed under "CWE" in your index. Alternately, provide directions to where these "CWE" items are posted on your web site(受到推崇的):
惠普更新脆弱性分类法www.fortify.com/vulncat/quarterly, to correspond to HP Fortify Secure Coding Rulepacks releases. Individual categories within the taxonomy reference various CWE mappings.
给出详细的示例和解释用户如何通过寻找关联的CWE标识符来定位工具中的任务(必需的):
All interfaces provide users with the ability to group issues by CWE Identifiers.
Users searching for issues relating to specific CWE Identifiers can locate issues using search criteria, such as:
- 单独的CWE标识符:CWE:CWE ID ##
- CWE标识符列表:CWE:CWE ID ## CWE:CWE ID ##(必要时重复)
- 与CWE有关的所有问题:CWE:CWE
HP加固审计工作台搜索特定的CWE。
HP软件安全中心搜索特定的CWE。
HP Fortify on Demand displaying CWE mappings (right column), without specifying CWE search criteria.
给出详细的示例和解释,以说明如何确定单个安全元素的报告,该工具允许用户确定报告中各个安全元素的关联的CWE标识符(必需的):
HP软件安全中心提供CWE映射的开箱即用报告。下图:2009年和2010年CWE/SANS的发现前25名。
Page 1
第2页,等
Give detailed examples and explanations of how a user can obtain a listing of all of the CWE identifiers that the owner claims the tool is effective at locating in software(必需的):
惠普加强脆弱性分类法www.fortify.com/vulncat/包含有关类别和CWE映射的信息。这些产品还提供了其他所有列出的功能。客户可以联系HP加强技术支持以获取更多信息。
强化脆弱性分类法,显示C/C ++缓冲区溢出类别www.fortify.com/vulncat/- CWE mappings are highlighted.
给出详细的示例和解释用户如何获得与工具任务相关联的所有CWE标识符的列表(受到推崇的):
CWE映射可作为参考在漏洞分类法中作为参考www.fortify.com/vulncat/。
客户可以联系HP加强技术支持以获取更多信息。
描述用户通过提供CWE标识符列表的文件来选择一组任务的步骤和格式(受到推崇的):
HP Fortify静态代码分析仪使用提供安全性和代码智能的大量规则对应用程序进行分析。某些规则包含与CWE无关的程序化API定义,但要返回有效结果。例如,只有使用与特定CWE关联的规则可能会禁用可以识别真正积极的支持规则。
为了获得准确的结果,建议用户在查看结果时生成使用所有安全规则的问题,然后在查看结果时缩小到单个CWE标识符。在查看结果时,所有接口都为用户提供了通过CWE标识符分组发现的能力。
Users searching for issues relating to specific CWE Identifiers can locate issues using search criteria, such as:
- 单独的CWE标识符:CWE:CWE ID ##
- CWE标识符列表:CWE:CWE ID ## CWE:CWE ID ##(必要时重复)
- 与CWE有关的所有问题:CWE:CWE
这些查询可以作为过滤器存储在HP Fortify Audit Workbench或HP Fortify软件安全中心中的项目模板文件中,以将结果可见性集中于CWE或任何其他外部列表,例如PCI或OWASP。
描述用户将通过使用单个CWE标识符浏览,选择和取消选择该工具的一组任务的步骤(受到推崇的):
See answer to question <CR_A.2.7>。
给出详细的示例和解释用户如何通过寻找关联的CWE标识符来定位工具中的任务(必需的):
强化需求makes use of HP Fortify Static Code Analyzer (SCA), HP WebInspect, and other methodologies. Support for CWE is the summation of the individual products that produce analysis results, as well as the other products and methods used by backend Fortify On Demand professionals performing security analysis.
给出详细的示例和解释,以说明如何确定单个安全元素的报告,该工具允许用户确定报告中各个安全元素的关联的CWE标识符(必需的):
强化按需使客户能够浏览相关的CWE信息。
客户还可以搜索特定的CWE标识符:
- 单独的CWE标识符:CWE:CWE ID ##
- CWE标识符列表:CWE:CWE ID ## CWE:CWE ID ##(必要时重复)
- 与CWE有关的所有问题:CWE:CWE
HP Fortify on Demand displaying CWE mappings (right column), without specifying CWE search criteria.
Give detailed examples and explanations of how a user can obtain a listing of all of the CWE identifiers that the owner claims the tool is effective at locating in software(必需的):
HP Fortify On Demand makes use of HP Fortify Static Code Analyzer, HP WebInspect, and other products and methodologies performed by security professionals. Support for CWE is the summation of CWE support within each product.
惠普加强脆弱性分类法www.fortify.com/vulncat/包含有关类别和CWE映射的信息。这些产品还提供了其他所有列出的功能。客户可以联系HP加强技术支持以获取更多信息。
强化脆弱性分类法,显示C/C ++缓冲区溢出类别www.fortify.com/vulncat/- CWE mappings are highlighted.
给出详细的示例和解释用户如何获得与工具任务相关联的所有CWE标识符的列表(受到推崇的):
HP加固静态代码分析仪
HP Webinspect
Other products as needed
Give detailed examples and explanations of how a "find" or "search" function is available to the user to locate tasks in the online capability by looking for their associated CWE identifier or through an online mapping that links each element of the capability with its associated CWE identifier(s)(必需的):
所有CWE映射都可以在www.fortify.com/vulncat并且可以使用网站等标准在任何搜索引擎中搜索:fortify.com/vulncat CWE ID 251
强化脆弱性分类法,显示C/C ++缓冲区溢出类别www.fortify.com/vulncat/- CWE mappings are highlighted.
提供有关您提供的不同电子文档格式的详细信息,并描述如何搜索它们与CWE相关的特定文本(必需的):
Software Security Center can produce a SANS/CWE Top 25 Report for 2009 and 2010, in PDF or Word format.
Page 1
第2页,等也可以使用SEERTFORISSUES方法从HP软件安全中心的Web服务API中进行编程查询。该搜索标准接受CWE的相同搜索格式,例如:
- 单独的CWE标识符:CWE:CWE ID ##
- CWE标识符列表:CWE:CWE ID ## CWE:CWE ID ##(必要时重复)
- 与CWE有关的所有问题:CWE:CWE
给出详细的示例和解释GUI如何为用户提供“查找”或“搜索”功能,以通过寻找其关联的CWE标识符来识别您的功能元素(必需的):
所有接口都可以通过CWE标识符对用户进行分组。
Users searching for issues relating to specific CWE Identifiers can locate issues using search criteria, such as:
- 单独的CWE标识符:CWE:CWE ID ##
- CWE标识符列表:CWE:CWE ID ## CWE:CWE ID ##(必要时重复)
- 与CWE有关的所有问题:CWE:CWE
HP Fortify Audit Workbench searching for a particular CWE, using syntax: cwe: cwe id XX
HP软件安全中心搜索特定CWE,使用语法:CWE:CWE ID XX
HP Fortify on Demand displaying CWE mappings (right column), without specifying optional CWE search criteria.
简要描述如何为单个安全元素列出相关的CWE标识符,或讨论用户如何使用CWE标识符和功能元素之间的映射,还描述了映射的格式(必需的):
用户可以控制显示问题的分组,以便更轻松地找到与特定CWE有关的问题。
HP Fortify Audit Workbench enables users to control the grouping criteria, to browse issues by different criteria. Examples may include CWE, CWE then File, or Package then CWE, etc.
HP Software Security Center enables grouping and searching by CWE.
HP Fortify on Demand, showing an individual issue's CWE correlation.
提供有关您提供的不同电子文档格式的详细信息(受到推崇的):
所有接口都可以通过问题搜索标准搜索与CWE相关文本的能力:
- 搜索与单个CWE:CWE:CWE ID ##有关的问题
- 搜索与CWE列表有关的问题:CWE:CWE ID ## CWE:CWE ID ##(必要时重复)
- 搜索for issues relating to any CWE: cwe:cwe
Software Security Center can produce a SANS/CWE Top 25 Report for 2009 and 2010, in PDF or Word format.
Page 1
Report produced by HP Fortify Software Security Center.
第2页,等
Report produced by HP Fortify Software Security Center.
拥有授权的个人标志和日期以下兼容性声明(必需的):
“作为我组织的授权代表,我同意我们将遵守所有强制性的CWE兼容性要求以及适合我们特定类型能力的所有其他强制性CWE兼容性要求。”
名称:Erik Costlow
Title: Product Manager
Have an authorized individual sign and date the following accuracy Statement(受到推崇的):
“作为我组织的授权代表,我同意我们将遵守所有强制性的CWE兼容性要求以及适合我们特定类型能力的所有其他强制性CWE兼容性要求。”
名称:Erik Costlow
Title: Product Manager
FOR TOOLS AND SERVICES ONLY - Have an authorized individual sign and date the following statement about your tools efficiency in identification of security elements(必需的):
“作为我组织的授权代表,我同意我们将遵守所有强制性的CWE兼容性要求以及适合我们特定类型能力的所有其他强制性CWE兼容性要求。”
名称:Erik Costlow
Title: Product Manager
