Open Source Vulnerability Database Opens for Public Access

From: fbr (
Date: 03/31/04

  • Next message: Oliver Lavery: "TOOL: Adder - runtime patching in python"
    Date: Wed, 31 Mar 2004 15:19:27 -0600

    (Moderator, My apologies if this isn't appropriate content for this list. I
    believe that having vulnerability information available quickly is something
    that every individual in the security community needs. If this would be more
    appropriate for the pen-test or vuln-dev lists, please let me know and I'll
    forward accordingly. -Forrest)


    Open Source Vulnerability Database Releases Free Security Data to the Public

    The Open Source Vulnerability Database, a project to catalog and describe the
    world's computer security vulnerabilities, opened for public use on 31 March

    According to statistics gathered by CERT, a respected security resource at
    Carnegie Mellon University, the number of new computer security
    vulnerabilities found each year has risen over two thousand percent since
    1995. Tracking these vulnerabilities and their remedies is critical for those
    who protect networked systems against accidental misuse and deliberate
    attack, whether at home, in small businesses, or across globe-spanning

    The Open Source Vulnerability Database (OSVDB) is an open project to collect
    and distribute vulnerability information freely to everyone. The project team
    contains skilled volunteers working together to document every security
    vulnerability that arises. Formed in 2002, the OSVDB project has now
    completed its development of an online system to store and deliver
    vulnerability data.

    "The OSVDB's main goal is to be complete and without bias," says Jake Kouns,
    chief moderator of the OSVDB project team. "This database will serve as
    one-stop shopping for all vulnerability needs."

    The OSVDB collects vulnerability data on every type of computer software and
    operating system. Like other open-source projects, the OSVDB depends on the
    wide expertise of its contributors to provide dependable information on many
    technologies and security problems. The project's open-source license makes
    the results freely available to users worldwide.

    Warren Ward, in charge of research at Winterforce, an e-commerce and security
    consultancy, says "Other vulnerability databases do exist. But there are
    frequently restrictions on their use. The OSVDB's open license frees us to
    serve our clients."

    In addition to its current capabilities, the OSVDB is planning the release of
    several new services and data products in the upcoming months. Some will make
    database access easier for end users, others will support the specialized
    tasks of software developers and security analysts.

    The OSVDB online system can be found at

    More Information:

    Jake Kouns
    Open Source Vulnerability Database Project

    Warren Ward

  • Next message: Oliver Lavery: "TOOL: Adder - runtime patching in python"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #165
      ... Tenable Security ... distribute, manage, and communicate vulnerability and intrusion detection ... Microsoft Internet Explorer MHTML Forced File Execution Vuln... ...
    • SecurityFocus Microsoft Newsletter #174
      ... This issue sponsored by: Tenable Network Security ... the worlds only 100% passive vulnerability ... MICROSOFT VULNERABILITY SUMMARY ... Novell Netware Enterprise Web Server Multiple Vulnerabilitie... ...
    • [NT] Cumulative Security Update for Internet Explorer (MS04-038)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: ... Get your security news from a reliable source. ... CSS Heap Memory Corruption Vulnerability, ... Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6 ...
    • SecurityFocus Microsoft Newsletter #171
      ... Better Management for Network Security ... GoodTech Telnet Server Remote Denial Of Service Vulnerabilit... ... ASPApp PortalAPP Remote User Database Access Vulnerability ...
    • SecurityFocus Microsoft Newsletter #160
      ... MICROSOFT VULNERABILITY SUMMARY ... Geeklog Forgot Password SQL Injection Vulnerability ... Atrium Software Mercur Mailserver IMAP AUTH Remote Buffer Ov... ... Sun Java Virtual Machine Slash Path Security Model Circumven... ...