Open Source Vulnerability Database

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Open Source Vulnerability Database (OSVDB) is an independent and open-source database created by and for the community. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project promotes greater, open collaboration between companies and individuals, eliminates redundant works, and reduce expenses inherent with the development and maintenance of in-house vulnerability databases.

Its goal is to provide accurate, unbiased information about security vulnerabilities in computerized equipment. The core of OSVDB is a relational database which ties various information about security vulnerabilities into a common, cross-referenced open security data source. As of November, 2013, the database catalogs over 100,000 vulnerabilities.

History[edit]

The project was started in August 2002 at the Blackhat and DEF CON Conferences by several industry notables (including H. D. Moore, rain.forest.puppy, and others). Under mostly-new management, the database officially launched to the public on March 31, 2004.

The Open Security Foundation (OSF) was created to ensure the project's continuing support. Brian Martin (AKA Jericho) and Jake Kouns are project leaders for the OSVDB project,[1] and currently hold leadership roles in the OSF. It is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. It has a pluggable data store architecture

Process[edit]

Originally, vulnerability reports, advisories and exploits posted in various security lists enter the database as a new entry. The new entry contains only a title and links to entries of the same vulnerability in other security lists. However, at this stage the page for the new entry doesn't contain any detailed description of the vulnerability. After the new entries are thoroughly scrutinized, analyzed and refined, descriptions of the vulnerability, its solutions and test notes are added. Then these details are reviewed by other members of OSVDB, further refined if necessary and then made stable. Once it is stable, the detailed information appears on the page for the entry.

As of January, 2012, vulnerability entry was performed by full-time employees of the OSF. Every new entry included title, description, solution (if known), classification data, references, products, and creditee.

Contributors[edit]

Some enthusiastic hackers are volunteering to maintain OSVDB. Some of the active members are as follows:

  • Brian Martin (COO of OSF, Moderator)
  • Jake Kouns (CEO of OSF, Moderator)

Other volunteers that have helped in the past include:

  • Chris Sullo (Moderator)
  • Steve Tornio (Moderator)
  • Travis Schack (Mangler)
  • Susam Pal (Mangler)
  • Christian Seifert (Mangler)

Open Security Foundation[edit]

The Open Security Foundation is a non-profit 501c3 organization established in early 2005 to function as a support organization for open source security projects. It was originally conceived and founded as a support for the OSVDB project, but its scope is evolving to provide support for numerous other projects.

The foundation allows organizations and individuals to provide charitable contributions to support open source security projects that provide value to the global community. The foundation also provides guidance, legal, administrative, policy guidelines, and other support to numerous projects.

The Open Security Foundation was conceived by Chris Sullo, Brian Martin, and Jake Kouns in early 2004, and obtained official US 501(c)3 non-profit status in April, 2005.

References[edit]

  1. ^ http://opensecurityfoundation.org/

External links[edit]