Open Source Vulnerability Database Opens for Public Access
From: fbr (fbr_at_14x.net)
Date: Wed, 31 Mar 2004 15:19:27 -0600 To: firstname.lastname@example.org
(Moderator, My apologies if this isn't appropriate content for this list. I
believe that having vulnerability information available quickly is something
that every individual in the security community needs. If this would be more
appropriate for the pen-test or vuln-dev lists, please let me know and I'll
forward accordingly. -Forrest)
### BEGIN TRANSMISSION ###
Open Source Vulnerability Database Releases Free Security Data to the Public
The Open Source Vulnerability Database, a project to catalog and describe the
world's computer security vulnerabilities, opened for public use on 31 March
According to statistics gathered by CERT, a respected security resource at
Carnegie Mellon University, the number of new computer security
vulnerabilities found each year has risen over two thousand percent since
1995. Tracking these vulnerabilities and their remedies is critical for those
who protect networked systems against accidental misuse and deliberate
attack, whether at home, in small businesses, or across globe-spanning
The Open Source Vulnerability Database (OSVDB) is an open project to collect
and distribute vulnerability information freely to everyone. The project team
contains skilled volunteers working together to document every security
vulnerability that arises. Formed in 2002, the OSVDB project has now
completed its development of an online system to store and deliver
"The OSVDB's main goal is to be complete and without bias," says Jake Kouns,
chief moderator of the OSVDB project team. "This database will serve as
one-stop shopping for all vulnerability needs."
The OSVDB collects vulnerability data on every type of computer software and
operating system. Like other open-source projects, the OSVDB depends on the
wide expertise of its contributors to provide dependable information on many
technologies and security problems. The project's open-source license makes
the results freely available to users worldwide.
Warren Ward, in charge of research at Winterforce, an e-commerce and security
consultancy, says "Other vulnerability databases do exist. But there are
frequently restrictions on their use. The OSVDB's open license frees us to
serve our clients."
In addition to its current capabilities, the OSVDB is planning the release of
several new services and data products in the upcoming months. Some will make
database access easier for end users, others will support the specialized
tasks of software developers and security analysts.
The OSVDB online system can be found at www.OSVDB.org.
Open Source Vulnerability Database Project