Open Source Vulnerability Database

The Open Sourced Vulnerability Database (OSVDB) was an independent and open-sourced vulnerability database. The goal of the project was to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project promoted greater and more open collaboration between companies and individuals. The database's motto was "Everything is Vulnerable"[1].

Its goal was to provide accurate, unbiased information about security vulnerabilities in computerized equipment. The core of OSVDB was a relational database which tied various information about security vulnerabilities into a common, cross-referenced open security data source. As of December 2013, the database cataloged over 100,000 vulnerabilities.[2]

History

The project was started in August 2002 at the Blackhat and DEF CON Conferences by several industry notables (including H. D. Moore, rain.forest.puppy, and others). Under mostly-new management, the database officially launched to the public on March 31, 2004.[3]

The Open Security Foundation (OSF) was created to ensure the project's continuing support. Brian Martin (AKA Jericho) and Jake Kouns were project leaders for the OSVDB project, and currently hold leadership roles in the OSF.[4]

On 5 April 2016, the database was shut down, where the blog initially continued.[5] The reason for the shut down was the ongoing commercial but uncompensated use by companies.[6]

Process

Originally, vulnerability reports, advisories, and exploits posted in various security lists entered the database as a new entry. The new entry contained only a title and links to entries of the same vulnerability in other security lists. However, at this stage the page for the new entry didn't contain any detailed description of the vulnerability. After the new entries were thoroughly scrutinized, analyzed and refined, descriptions of the vulnerability, its solutions and test notes were added. Then these details were reviewed by other members of OSVDB, further refined if necessary, and then made stable. Once it was stable, the detailed information appeared on the page for the entry.

As of January 2012, vulnerability entry was performed by full-time employees of the OSF. Every new entry included a title, description, solution (if known), classification data, references, products, and creditee.

Contributors

Some enthusiastic hackers are volunteering to maintain OSVDB. Some of the active members are as follows:

  • Brian Martin (COO of OSF, Moderator)
  • Jake Kouns (CEO of OSF, Moderator)

Other volunteers who have helped in the past include:

  • Chris Sullo (Moderator)
  • Steve Tornio (Moderator)
  • Travis Schack (Mangler)
  • Susam Pal (Mangler)
  • Christian Seifert (Mangler)
  • Zain Memon (Codebase)

References
  1. "Biased software vulnerability stats praising Microsoft were 101% misleading". Retrieved 20 May 2020.
  2. "We hit the 100,000 markā€¦". 20 January 2014. Retrieved 22 January 2020.
  3. Gold, Jon (7 April 2016). "Open-source vulnerabilities database shuts down". Network World. Retrieved 22 January 2020.
  4. "Leadership". Risk Based Security. Retrieved 22 January 2020.
  5. "OSVDB: Fin". 5 April 2016. Archived from the original on 28 May 2016. Retrieved 22 January 2020.
  6. "OSVDB/VulnDB Open Source Vulnerability Database". Retrieved 5 June 2020.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.