Open Source Vulnerability Database: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 22:25, 29 November 2023 edit Amirca93 (talk \| contribs) 3 edits m Add name link ← Previous edit		Latest revision as of 01:37, 13 August 2025 edit undo InternetArchiveBot (talk \| contribs) Bots, Pending changes reviewers 5,674,728 edits Rescuing 0 sources and tagging 2 as dead.) #IABot (v2.0.9.5
(5 intermediate revisions by 4 users not shown)
Line 7: The '''Open Sourced Vulnerability Database''' ('''OSVDB''') was an independent and open-sourced [[vulnerability database]]. The goal of the project was to provide accurate, detailed, current, and unbiased technical information on [[Information security\|security]] vulnerabilities.<ref>{{Cite web\|last=Rosencrance\|first=Linda\|date=2004-04-16\|title=Brief: Vulnerability database goes live\|url=https://www.computerworld.com/article/2563666/brief--vulnerability-database-goes-live.html\|access-date=2020-08-15\|website=Computerworld\|language=en}}</ref> The project promoted greater and more open collaboration between companies and individuals. The database's motto was "Everything is Vulnerable".<ref>{{cite web \|title=Biased software vulnerability stats praising Microsoft were 101% misleading \|url=https://www.csoonline.com/article/2226625/biased-software-vulnerability-stats-praising-microsoft-were-101--misleading.html \|accessdate=20 May 2020}}</ref> The core of OSVDB was a relational database which tied various information about security vulnerabilities into a common, cross-referenced [[open security]] data source. As of December 2013, the database cataloged over 100,000 vulnerabilities.<ref>{{cite web \|url=https://blog.osvdb.org/2014/01/20/we-hit-the-100000-mark/ \|title=We hit the 100,000 mark… \|date=20 January 2014 \|access-date=22 January 2020 }}{{Dead link\|date=August 2025 \|bot=InternetArchiveBot \|fix-attempted=yes }}</ref> While the database was maintained by a 501(c)(3) non-profit public organization and volunteers, the data was prohibited for commercial use without a license. Despite that, many large commercial companies used the data in violation of the license without contributing employee volunteer time or financial compensation.<ref>{{Cite web\|title=McAfee accused of McSlurping Open Source Vulnerability Database\|url=https://www.theregister.com/2014/05/08/whats_copyright_mcafee_mcslurps_vuln_database/\|access-date=2020-08-15\|website=www.theregister.com\|language=en}}</ref> ==History== The project was started in August 2002 at the [[Black Hat Briefings\|Blackhat]] and [[DEF CON]] Conferences by several industry notables (including [[H. D. Moore]], rain.forest.puppy, and others). Under mostly-new management, the database officially launched to the public on March 31, 2004.<ref>{{cite news \|url=https://www.networkworld.com/article/3053613/open-source-vulnerabilities-database-shuts-down.html \|title=Open-source vulnerabilities database shuts down \|first=Jon \|last=Gold \|work=Network World \|date=7 April 2016 \|access-date=22 January 2020}}</ref> The original implementation was written in PHP by Forrest Rae (FBR). Later, the entire site was re-written in Ruby on Rails by David Shettler. The [[Open Security Foundation]] (OSF) was created to ensure the project's continuing support. Jake Kouns (Zel), [[Chris Sullo]], Kelly Todd (AKA Lyger), David Shettler (AKA D2D), and Brian Martin (AKA Jericho) were project leaders for the OSVDB project, and held leadership roles in the OSF at various times. On 5 April 2016, the database was shut down, while the blog was initially continued by Brian Martin.<ref>{{cite web \|url=https://blog.osvdb.org/2016/04/05/osvdb-fin/ \|title=OSVDB: Fin \|date=5 April 2016 \|access-date=22 January 2020 \|archive-url=https://web.archive.org/web/20160528152631/https://blog.osvdb.org/2016/04/05/osvdb-fin/ \|archive-date=28 May 2016 \|url-status=dead }}</ref> The reason for the shut down was the ongoing commercial but uncompensated use by security companies.<ref>{{Cite web\|last=Kovacs\|first=Eduard\|title=McAfee Issues Response to OSVDB Accusations Regarding Data Scraping\|url=https://news.softpedia.com/news/McAfee-Issues-Response-to-OSVDB-Accusations-Regarding-Data-Scraping-441323.shtml\|access-date=2020-08-15\|website=softpedia\|language=english}}</ref> Line 22: ==Contributors== Some of the key people that volunteered and maintained '''OSVDB''': * Jake Kouns (Officer of OSF, Moderator) * ~~[[Chris~~Brian ~~Sullo]]~~Martin a.k.a. Jericho (Officer of OSF, Moderator) * ~~Brian~~Kelly ~~Martin~~Todd a.k.a. Lyger (Officer of OSF, Moderator) * Kelly Todd (Officer of OSF, Moderator) * David Shettler (Officer of OSF, Developer) * Chris Sullo (Moderator) * Daniel Moeller (Moderator) * Forrest Rae (Developer) Other volunteers who have helped in the past include:<ref>{{Cite web \|date=2014-05-02 \|title=OSVDB: Open Sourced Vulnerability Database \|url=http://osvdb.com/contributors \|access-date=2024-08-06 \|archive-url=https://web.archive.org/web/20140502042016/http://osvdb.com/contributors \|archive-date=2 May 2014 }}</ref> ~~Other volunteers who have helped in the past include:~~ * Steve Tornio (Moderator) * ~~Alexander~~Zach ~~Koren~~Shue (~~Mangler~~Moderator) * Alexander Koren a.k.a. ph0enix (Mangler) * Carsten Eiram a.k.a. Chep (Moderator) * Marlowe (Mangler) * Travis Schack (Mangler) * Susam Pal (Mangler) Line 44 ⟶ 48: == External links == * [https://blog.osvdb.org/ OSVDB Blog]{{Dead link\|date=August 2025 \|bot=InternetArchiveBot \|fix-attempted=yes }} * [https://www.riskbasedsecurity.com/ Risk Based Security]