Does WebInspect Enterprise able to discover vulnerability from CNNVD (Chinese NVD)

We often come across most of the vulnerability management tool or web scanner only able to detect vulnerability based on NVD (National Vulnerability Database, US)

Does WebInspect Enterprise able to discover vulnerability from CNNVD (Chinese NVD) as well?

  • Suggested Answer

    As our Software Security Research (SSR) team does not rely solely on any third-party database we should be able to detect vulnerabilities across multiple repositories/references. Here is some additional information about our SSR teams:

    The Software Security Research (SSR) team specializes in approaching security from the perspective of how we build and use software. SSR is responsible for conducting security research which leads to enhanced security products as well as contributions to the Micro Focus Security Research Blog, whitepapers, conference presentations, and annual Cyber Risk Report.

    SSR in the past has identified new types of software vulnerabilities, defined the taxonomy used by all Fortify products, and highlighted broad security problems in development practices. The team regularly speaks about these topics at major industry conferences, such as RSA, BlackHat, DefCon, and OWASP APPSEC.

    In addition, the SSR team is responsible for quarterly releases of security content for Enterprise Security Fortify products (Static Code Analyzer, WebInspect, Fortify on Demand, Application Defender, and Software Security Center Server). These updates expand the types of issues detected and platforms and libraries supported. Content updates are driven by customer needs and the SSR team’s broader research agenda, allowing the Fortify products to keep up with a rapidly evolving development and security landscape.