Open Source Vulnerability Database: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 19:02, 26 February 2015 edit Henrisalo (talk \| contribs) 8 edits Not true. OSVDB data is not free even it is from free sources and as the code is not free I don't see how it eliminates "redundant works". ← Previous edit		Latest revision as of 01:37, 13 August 2025 edit undo InternetArchiveBot (talk \| contribs) Bots, Pending changes reviewers 5,674,752 edits Rescuing 0 sources and tagging 2 as dead.) #IABot (v2.0.9.5
(27 intermediate revisions by 19 users not shown)
Line 1: {{Use dmy dates\|date=June 2019}} {{multiple issues\| {{more footnotes\|date=May 2009}} Line 4 ⟶ 5: }} The '''Open Sourced Vulnerability Database''' ('''OSVDB)''') iswas an independent and open-sourced [[vulnerability database]] ~~created by and for the community~~. The goal of the project iswas to provide accurate, detailed, current, and unbiased technical information on [[Information security\|security]] vulnerabilities.<ref>{{Cite web\|last=Rosencrance\|first=Linda\|date=2004-04-16\|title=Brief: Vulnerability database goes live\|url=https://www.computerworld.com/article/2563666/brief--vulnerability-database-goes-live.html\|access-date=2020-08-15\|website=Computerworld\|language=en}}</ref> The project ~~promotes~~promoted greater, and more open collaboration between companies and individuals. The database's motto was "Everything is Vulnerable".<ref>{{cite web \|title=Biased software vulnerability stats praising Microsoft were 101% misleading \|url=https://www.csoonline.com/article/2226625/biased-software-vulnerability-stats-praising-microsoft-were-101--misleading.html \|accessdate=20 May 2020}}</ref> The core of OSVDB was a relational database which tied various information about security vulnerabilities into a common, cross-referenced [[open security]] data source. As of December 2013, the database cataloged over 100,000 vulnerabilities.<ref>{{cite web \|url=https://blog.osvdb.org/2014/01/20/we-hit-the-100000-mark/ \|title=We hit the 100,000 mark… \|date=20 January 2014 \|access-date=22 January 2020 }}{{Dead link\|date=August 2025 \|bot=InternetArchiveBot \|fix-attempted=yes }}</ref> While the database was maintained by a 501(c)(3) non-profit public organization and volunteers, the data was prohibited for commercial use without a license. Despite that, many large commercial companies used the data in violation of the license without contributing employee volunteer time or financial compensation.<ref>{{Cite web\|title=McAfee accused of McSlurping Open Source Vulnerability Database\|url=https://www.theregister.com/2014/05/08/whats_copyright_mcafee_mcslurps_vuln_database/\|access-date=2020-08-15\|website=www.theregister.com\|language=en}}</ref> Its goal is to provide accurate, unbiased information about security vulnerabilities in computerized equipment. The core of OSVDB is a relational database which ties various information about security vulnerabilities into a common, cross-referenced [[open security]] data source. As of November, 2013, the database catalogs over 100,000 vulnerabilities. ==History== The project was started in August 2002 at the [[Black Hat Briefings\|Blackhat]] and [[DEF CON]] Conferences by several industry notables (including [[H. D. Moore]], rain.forest.puppy, and others). Under mostly-new management, the database officially launched to the public on March 31, 2004.<ref>{{cite news \|url=https://www.networkworld.com/article/3053613/open-source-vulnerabilities-database-shuts-down.html \|title=Open-source vulnerabilities database shuts down \|first=Jon \|last=Gold \|work=Network World \|date=7 April 2016 \|access-date=22 January 2020}}</ref> The original implementation was written in PHP by Forrest Rae (FBR). Later, the entire site was re-written in Ruby on Rails by David Shettler. The [[Open Security Foundation]] (OSF) was created to ensure the project's continuing support. ~~Brian~~Jake ~~Martin~~Kouns (Zel), Chris Sullo, Kelly Todd (AKA ~~Jericho~~Lyger), David Shettler (AKA D2D), and ~~[[Jake~~Brian ~~Kouns]]~~Martin ~~are~~(AKA Jericho) were project leaders for the OSVDB project,~~<ref>http://opensecurityfoundation.org/</ref>~~ and ~~currently hold~~held leadership roles in the OSF. Itat isvarious ~~a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries~~times. ~~It has a pluggable data store architecture~~ On 5 April 2016, the database was shut down, while the blog was initially continued by Brian Martin.<ref>{{cite web \|url=https://blog.osvdb.org/2016/04/05/osvdb-fin/ \|title=OSVDB: Fin \|date=5 April 2016 \|access-date=22 January 2020 \|archive-url=https://web.archive.org/web/20160528152631/https://blog.osvdb.org/2016/04/05/osvdb-fin/ \|archive-date=28 May 2016 \|url-status=dead }}</ref> The reason for the shut down was the ongoing commercial but uncompensated use by security companies.<ref>{{Cite web\|last=Kovacs\|first=Eduard\|title=McAfee Issues Response to OSVDB Accusations Regarding Data Scraping\|url=https://news.softpedia.com/news/McAfee-Issues-Response-to-OSVDB-Accusations-Regarding-Data-Scraping-441323.shtml\|access-date=2020-08-15\|website=softpedia\|language=english}}</ref> As of January 2012, vulnerability entry was performed by full-time employees of Risk Based Security,<ref>{{Cite web\|title=Homepage\|url=https://www.riskbasedsecurity.com/\|access-date=2020-08-15\|website=RBS\|language=en-US}}</ref> who provided the personnel to do the work in order to give back to the community. Every new entry included a full title, disclosure timeline, description, solution (if known), classification metadata, references, products, and researcher who discovered the vulnerability (creditee). ==Process== Originally, vulnerability ~~reports, advisories and exploits~~disclosures posted in various security lists ~~enter~~and web sites were entered into the database as a new entry in the New Data Mangler (NDM) queue. The new entry ~~contains~~contained only a title and links to ~~entries of~~ the ~~same vulnerability in other security lists~~disclosure. ~~However,~~At ~~at this~~that stage the page for the new entry ~~doesn~~didn't contain any detailed description of the vulnerability. ~~After~~or ~~the~~any ~~new~~associated ~~entries~~metadata. ~~are~~As ~~thoroughly~~time ~~scrutinized~~permitted, new entries were analyzed and refined, ~~descriptions~~by adding a description of the vulnerability, ~~its~~as ~~solutions~~well as a solution if available. This general activity was called "data mangling" and ~~test~~someone ~~notes~~who ~~are~~performed ~~added~~this task a "mangler". ~~Then~~Mangling ~~these~~was done by core or casual volunteers. Details submitted by ~~details~~volunteers ~~are~~were reviewed by ~~other~~the ~~members~~core ofvolunteers, ~~'''OSVDB'''~~called "moderators", further ~~refined~~refining ifthe ~~necessary~~entry ~~and~~or ~~then~~rejecting ~~made~~the ~~stable~~volunteer changes if necessary. ~~Once~~New itinformation isadded ~~stable,~~to ~~the~~an ~~detailed~~entry ~~information~~that ~~appears~~was onapproved ~~the~~was ~~page~~then ~~for~~available to anyone browsing the ~~entry~~site. As of January, 2012, vulnerability entry was performed by full-time employees of the OSF. Every new entry included title, description, solution (if known), classification data, references, products, and creditee. ==Contributors== Some of the key people that volunteered and maintained '''OSVDB''': ~~Some enthusiastic hackers are volunteering to maintain '''OSVDB'''. Some of the active members are as follows:~~ * ~~Brian~~Jake ~~Martin~~Kouns (~~COO~~Officer of OSF, Moderator) * ~~Jake~~Brian ~~Kouns~~Martin a.k.a. Jericho (~~CEO~~Officer of OSF, Moderator) * Kelly Todd a.k.a. Lyger (Officer of OSF, Moderator) * David Shettler (Officer of OSF, Developer) * [[Chris Sullo]] (Moderator)▼ * Daniel Moeller (Moderator) * Forrest Rae (Developer) Other volunteers who have helped in the past include:<ref>{{Cite web \|date=2014-05-02 \|title=OSVDB: Open Sourced Vulnerability Database \|url=http://osvdb.com/contributors \|access-date=2024-08-06 \|archive-url=https://web.archive.org/web/20140502042016/http://osvdb.com/contributors \|archive-date=2 May 2014 }}</ref> ~~Other volunteers that have helped in the past include:~~ ▲* [[Chris Sullo]] (Moderator) * Steve Tornio (Moderator) * Zach Shue (Moderator) * Alexander Koren a.k.a. ph0enix (Mangler) * Carsten Eiram a.k.a. Chep (Moderator) * Marlowe (Mangler) * Travis Schack (Mangler) * Susam Pal (Mangler) * Christian Seifert (Mangler) * Zain Memon ~~== Open Security Foundation ==~~ The Open Security Foundation is a non-profit 501c3 organization established in early 2005 to function as a support organization for [[open source]] security projects. It was originally conceived and founded as a support for the OSVDB project, but its scope is evolving to provide support for numerous other projects. The foundation allows organizations and individuals to provide charitable contributions to support open source security projects that provide value to the global community. The foundation also provides guidance, legal, administrative, policy guidelines, and other support to numerous projects. ~~The Open Security Foundation was conceived by [[Chris Sullo]], Brian Martin, and [[Jake Kouns]] in early 2004, and obtained official US 501(c)3 non-profit status in April, 2005.~~ == References == <references /> == External links == * [https://blog.osvdb.org/ OSVDB Blog]{{Dead link\|date=August 2025 \|bot=InternetArchiveBot \|fix-attempted=yes }} * [http://www.osvdb.org/ Open Source Vulnerability Database (OSVDB)] * [~~http~~https://www.~~opensecurityfoundation~~riskbasedsecurity.~~org~~com/ ~~Open~~Risk Based Security ~~Foundation (OSF)~~] [[Category:~~Computer~~Security ~~security~~vulnerability ~~exploits~~databases]] [[Category:~~Online~~Internet ~~databases~~properties established in 2002]] [[Category:~~Security~~Internet ~~databases~~properties disestablished in 2016]]