HOME

TheInfoList



Click Here for Items Related To - Open Source Vulnerability Database
OR:
Open Source Vulnerability Database on:   [Wikipedia]   [Google]   [Amazon]

The Open Sourced Vulnerability Database (OSVDB) was an independent and open-sourced
vulnerability database A vulnerability database (VDB) is a platform aimed at collecting, maintaining, and disseminating information about discovered computer security vulnerabilities. The database will customarily describe the identified vulnerability, assess the potent ...
. The goal of the project was to provide accurate, detailed, current, and unbiased technical information on
security Security is protection from, or resilience against, potential harm (or other unwanted coercion). Beneficiaries (technically referents) of security may be persons and social groups, objects and institutions, ecosystems, or any other entity or ...
vulnerabilities. The project promoted greater and more open collaboration between companies and individuals. The database's motto was "Everything is Vulnerable". The core of OSVDB was a relational database which tied various information about security vulnerabilities into a common, cross-referenced
open security Open security is the use of open source philosophies and methodologies to approach computer security and other information security challenges. Traditional application security is based on the premise that any application or service (whether it is ...
data source. As of December 2013, the database cataloged over 100,000 vulnerabilities. While the database was maintained by a 501(c)(3) non-profit public organization and volunteers, the data was prohibited for commercial use without a license. Despite that, many large commercial companies used the data in violation of the license without contributing employee volunteer time or financial compensation.


History

The project was started in August 2002 at the Blackhat and
DEF CON DEF CON (also written as DEFCON, Defcon, or DC) is a Computer security conference, hacker convention held annually in Las Vegas Valley, Las Vegas, Nevada. The first DEF CON took place in June 1993 and today many attendees at DEF CON include comp ...
Conferences by several industry notables (including H. D. Moore, rain.forest.puppy, and others). Under mostly-new management, the database officially launched to the public on March 31, 2004. The original implementation was written in PHP by Forrest Rae (FBR). Later, the entire site was re-written in Ruby on Rails by David Shettler. The
Open Security Foundation The Open Security Foundation (OSF) was a 501(c)(3) non-profit public organization "founded and operated by information security enthusiasts". The OSF managed several projects including the Open Source Vulnerability Database (OSVDB), Data Loss Dat ...
(OSF) was created to ensure the project's continuing support. Jake Kouns (Zel), Chris Sullo, Kelly Todd (AKA Lyger), David Shettler (AKA D2D), and Brian Martin (AKA Jericho) were project leaders for the OSVDB project, and held leadership roles in the OSF at various times. On 5 April 2016, the database was shut down, while the blog was initially continued by Brian Martin. The reason for the shut down was the ongoing commercial but uncompensated use by security companies. As of January 2012, vulnerability entry was performed by full-time employees of Risk Based Security, who provided the personnel to do the work in order to give back to the community. Every new entry included a full title, disclosure timeline, description, solution (if known), classification metadata, references, products, and researcher who discovered the vulnerability (creditee).


Process

Originally, vulnerability disclosures posted in various security lists and web sites were entered into the database as a new entry in the New Data Mangler (NDM) queue. The new entry contained only a title and links to the disclosure. At that stage the page for the new entry didn't contain any detailed description of the vulnerability or any associated metadata. As time permitted, new entries were analyzed and refined, by adding a description of the vulnerability as well as a solution if available. This general activity was called "data mangling" and someone who performed this task a "mangler". Mangling was done by core or casual volunteers. Details submitted by volunteers were reviewed by the core volunteers, called "moderators", further refining the entry or rejecting the volunteer changes if necessary. New information added to an entry that was approved was then available to anyone browsing the site.


Contributors

Some of the key people that volunteered and maintained OSVDB: * Jake Kouns (Officer of OSF, Moderator) * Brian Martin a.k.a. Jericho (Officer of OSF, Moderator) * Kelly Todd a.k.a. Lyger (Officer of OSF, Moderator) * David Shettler (Officer of OSF, Developer) * Chris Sullo (Moderator) * Daniel Moeller (Moderator) * Forrest Rae (Developer) Other volunteers who have helped in the past include:{{Cite web , date=2014-05-02 , title=OSVDB: Open Sourced Vulnerability Database , url=http://osvdb.com/contributors , access-date=2024-08-06 , archive-url=https://web.archive.org/web/20140502042016/http://osvdb.com/contributors , archive-date=2 May 2014 * Steve Tornio (Moderator) * Zach Shue (Moderator) * Alexander Koren a.k.a. ph0enix (Mangler) * Carsten Eiram a.k.a. Chep (Moderator) * Marlowe (Mangler) * Travis Schack (Mangler) * Susam Pal (Mangler) * Christian Seifert (Mangler) * Zain Memon


References


External links


OSVDB Blog

Risk Based Security
Security vulnerability databases Internet properties established in 2002 Internet properties disestablished in 2016