Open Source Vulnerability Database

From HandWiki

Open Sourced Vulnerability Database (OSVDB) was an independent and open-sourced database. The goal of the project was to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project promoted greater and more open collaboration between companies and individuals.

Its goal was to provide accurate, unbiased information about security vulnerabilities in computerized equipment. The core of OSVDB was a relational database which tied various information about security vulnerabilities into a common, cross-referenced open security data source. As of November, 2013, the database cataloged over 100,000 vulnerabilities.

History

The project was started in August 2002 at the Blackhat and DEF CON Conferences by several industry notables (including H. D. Moore, rain.forest.puppy, and others). Under mostly-new management, the database officially launched to the public on March 31, 2004.

The Open Security Foundation (OSF) was created to ensure the project's continuing support. Brian Martin (AKA Jericho) and Jake Kouns are project leaders for the OSVDB project,[1] and currently hold leadership roles in the OSF. It is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. It has a pluggable data store architecture

On the 5th April 2016, the database was shut down,[2] although the blog will continue.

Process

Originally, vulnerability reports, advisories, and exploits posted in various security lists enter the database as a new entry. The new entry contains only a title and links to entries of the same vulnerability in other security lists. However, at this stage the page for the new entry doesn't contain any detailed description of the vulnerability. After the new entries are thoroughly scrutinized, analyzed and refined, descriptions of the vulnerability, its solutions and test notes are added. Then these details are reviewed by other members of OSVDB, further refined if necessary and then made stable. Once it is stable, the detailed information appears on the page for the entry.

As of January, 2012, vulnerability entry was performed by full-time employees of the OSF. Every new entry included a title, description, solution (if known), classification data, references, products, and creditee.

Contributors

Some enthusiastic hackers are volunteering to maintain OSVDB. Some of the active members are as follows:

  • Brian Martin (COO of OSF, Moderator)
  • Jake Kouns (CEO of OSF, Moderator)

Other volunteers who have helped in the past include:

  • Chris Sullo (Moderator)
  • Steve Tornio (Moderator)
  • Travis Schack (Mangler)
  • Susam Pal (Mangler)
  • Christian Seifert (Mangler)

Open Security Foundation

The Open Security Foundation is a non-profit 501(c)(3) organization established in early 2005 to function as a support organization for open source security projects. It was originally conceived and founded as a support for the OSVDB project, but its scope is evolving to provide support for numerous other projects.

The foundation allows organizations and individuals to provide charitable contributions to support open source security projects that provide value to the global community. The foundation also provides guidance, legal, administrative, policy guidelines, and other support to numerous projects.[3]

The Open Security Foundation was conceived by Chris Sullo, Brian Martin, and Jake Kouns in early 2004, and obtained official US 501(c)3 non-profit status in April, 2005.

References