Cybellum’s Product Security Platform achieves MITRE’s CWE-compatible designation
Cybellum announced that its Product Security Platform has been formally designated as “CWE-Compatible” by the MITRE Corporation’s Common Weakness Enumeration (CWE) Compatibility and Effectiveness Program.
The designation means that Chief Product Security Officers (CPSOs) and their teams are able to manage the vulnerabilities and associated risks identification posed to their connected devices within a globally trusted framework.
CWE is a community-developed list of software and hardware weakness types. It serves as a common language, a benchmark for security tools, and as a baseline for weakness identification, mitigation, and prevention efforts.
CWE-Compatible Products and Services must meet four requirements. The first is that they must be CWE searchable whereby users may search security elements using CWE identifiers. In addition, they must present CWE output, in which security elements presented to users include, or allow users to obtain, associated CWE identifiers.
They must have mapping accuracy of security elements that accurately link to the appropriate CWE identifiers and there must be documentation describing the CWE, CWE compatibility, and how CWE-related functionality in the capability is used.
“Securing official recognition as CWE-Compatible is a great achievement for Cybellum that not only affirms our commitment to excellence but places Cybellum at the forefront of product security innovation,” said Michael Engstler, CTO of Cybellum.
“Cybellum’s Product Security Platform aligns security and compliance teams, developers, and executives around one source of security truth that they can all rely on for ongoing vulnerability monitoring and compliance with the ever-changing landscape of emerging regulations,” added Engstler.
CWE has emerged as the de facto reference resource that guides security-conscious developers, especially those involved in developing embedded systems for safety critical products. Cybellum’s Product Security Platform uncovers and manages vulnerabilities in Java files and supported OS components and in executables from any of the supported CPU architectures including Intel x86/x64, ARM, PowerPC,MIPS and more.
The threats can also be detected in UNIX/Linux ELF and Microsoft Windows PE executable files. It also can uncover vulnerabilities in executables from any of the supported microcontroller architectures including ARM, Renesas RH850/V850,Infineon TriCore, and others.
“At Cybellum, we understand the profound impact that vulnerabilities can have on embedded systems, particularly those that underpin critical sectors,” said Roman Kesler, VP of Research at Cybellum. “Achieving CWE compatibility is not just a validation of our product’s robustness, it also signifies our alignment with the industry’s best practices and our dedication to equipping product security practitioners with the tools they need to fortify their systems against potential threats.”
Mitre CWE is continually updated and maintained by a community of security experts, developers, researchers, and organizations from both the public and private sectors. The collaborative nature of CWE ensures that it remains a dynamic and evolving resource that reflects the latest insights into product security.
Cybellum supports companies that rely on the Mitre CWE program by:
- Focusing on multi-team collaborative product security – from asset management and software assurance to incident response and cyber-compliance
- Aggregating and managing product assets based on data coming from multiple sources, from SBOMs to CWE and other vulnerability databases
- Syncing MITRE’s database with Cybellum’s VM CoPilot to triage vulnerabilities automatically, saving the time and resources needed for vulnerability prioritization
- Providing a customizable Policy Engine that automates requirement validation and allows teams to produce reports for 50+ cybersecurity regulations, accelerating compliance with regulations and your own policies
- Refining intelligence monitoring, automated relevance assessments, and impact-focused investigation workflows for rapid remediation of post-market incidents