Open Source Vulnerability Database: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 11:50, 27 August 2006 edit Smith.norton (talk \| contribs) 18 edits cat changed to Computer Security ← Previous edit		Latest revision as of 01:37, 13 August 2025 edit undo InternetArchiveBot (talk \| contribs) Bots, Pending changes reviewers 5,679,459 edits Rescuing 0 sources and tagging 2 as dead.) #IABot (v2.0.9.5
(73 intermediate revisions by 49 users not shown)
Line 1: {{Use dmy dates\|date=June 2019}} '''Open Source Vulnerability Database (OSVDB)''' is an independent and [[open source]] [[database]] created by and for the community. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on [[Information security\|security]] vulnerabilities. The project promotes greater, open collaboration between companies and individuals, eliminates redundant works, and reduce expenses inherent with the development and maintenance of in-house vulnerability databases. {{multiple issues\| {{more footnotes\|date=May 2009}} {{refimprove\|date=May 2009}} }} The '''Open Sourced Vulnerability Database''' ('''OSVDB''') was an independent and open-sourced [[vulnerability database]]. The goal of the project was to provide accurate, detailed, current, and unbiased technical information on [[Information security\|security]] vulnerabilities.<ref>{{Cite web\|last=Rosencrance\|first=Linda\|date=2004-04-16\|title=Brief: Vulnerability database goes live\|url=https://www.computerworld.com/article/2563666/brief--vulnerability-database-goes-live.html\|access-date=2020-08-15\|website=Computerworld\|language=en}}</ref> The project promoted greater and more open collaboration between companies and individuals. The database's motto was "Everything is Vulnerable".<ref>{{cite web \|title=Biased software vulnerability stats praising Microsoft were 101% misleading \|url=https://www.csoonline.com/article/2226625/biased-software-vulnerability-stats-praising-microsoft-were-101--misleading.html \|accessdate=20 May 2020}}</ref> The core of OSVDB was a relational database which tied various information about security vulnerabilities into a common, cross-referenced [[open security]] data source. As of December 2013, the database cataloged over 100,000 vulnerabilities.<ref>{{cite web \|url=https://blog.osvdb.org/2014/01/20/we-hit-the-100000-mark/ \|title=We hit the 100,000 mark… \|date=20 January 2014 \|access-date=22 January 2020 }}{{Dead link\|date=August 2025 \|bot=InternetArchiveBot \|fix-attempted=yes }}</ref> While the database was maintained by a 501(c)(3) non-profit public organization and volunteers, the data was prohibited for commercial use without a license. Despite that, many large commercial companies used the data in violation of the license without contributing employee volunteer time or financial compensation.<ref>{{Cite web\|title=McAfee accused of McSlurping Open Source Vulnerability Database\|url=https://www.theregister.com/2014/05/08/whats_copyright_mcafee_mcslurps_vuln_database/\|access-date=2020-08-15\|website=www.theregister.com\|language=en}}</ref> ==History== The project was started in August [[2002]] at the [[Black Hat Briefings\|Blackhat]] and [[DEF CON]] Conferences by several industry notables (including [[H. D. Moore]], rain.~~forrest~~forest.puppy, and others). Under mostly-new management, the database officially launched to the public on [[March 31]], [[2004]].<ref>{{cite news \|url=https://www.networkworld.com/article/3053613/open-source-vulnerabilities-database-shuts-down.html \|title=Open-source vulnerabilities database shuts down \|first=Jon \|last=Gold \|work=Network World \|date=7 April 2016 \|access-date=22 January 2020}}</ref> The original implementation was written in PHP by Forrest Rae (FBR). Later, the entire site was re-written in Ruby on Rails by David Shettler. The [[Open Security Foundation]] (OSF) was created to ensure the project's continuing support. ~~[[Brian~~Jake ~~Martin]]~~Kouns ~~AKA Jericho~~(Zel), [[Chris Sullo]], Kelly Todd (AKA ~~Sullo~~Lyger), ofDavid ~~Nikto~~Shettler (AKA ~~fame~~D2D), and ~~[[Jake~~Brian ~~Kouns]]~~Martin ~~are~~(AKA Jericho) were project leaders for the OSVDB project, and ~~currently hold~~held leadership roles in the OSF at various times. On 5 April 2016, the database was shut down, while the blog was initially continued by Brian Martin.<ref>{{cite web \|url=https://blog.osvdb.org/2016/04/05/osvdb-fin/ \|title=OSVDB: Fin \|date=5 April 2016 \|access-date=22 January 2020 \|archive-url=https://web.archive.org/web/20160528152631/https://blog.osvdb.org/2016/04/05/osvdb-fin/ \|archive-date=28 May 2016 \|url-status=dead }}</ref> The reason for the shut down was the ongoing commercial but uncompensated use by security companies.<ref>{{Cite web\|last=Kovacs\|first=Eduard\|title=McAfee Issues Response to OSVDB Accusations Regarding Data Scraping\|url=https://news.softpedia.com/news/McAfee-Issues-Response-to-OSVDB-Accusations-Regarding-Data-Scraping-441323.shtml\|access-date=2020-08-15\|website=softpedia\|language=english}}</ref> ~~==Mission==~~ Its goal is to provide accurate, unbiased information about security vulnerabilities in computerized equipment. The core of OSVDB is a relational database which ties various information about security vulnerabilities into a common, cross-referenced data source. As of January 2012, vulnerability entry was performed by full-time employees of Risk Based Security,<ref>{{Cite web\|title=Homepage\|url=https://www.riskbasedsecurity.com/\|access-date=2020-08-15\|website=RBS\|language=en-US}}</ref> who provided the personnel to do the work in order to give back to the community. Every new entry included a full title, disclosure timeline, description, solution (if known), classification metadata, references, products, and researcher who discovered the vulnerability (creditee). ==Process== ~~Vulnerability reports~~Originally, ~~advisories~~vulnerability ~~and exploits~~disclosures posted in various security lists ~~enter~~and web sites were entered into the database as a new entry in the New Data Mangler (NDM) queue. The new entry ~~contains~~contained only a title and links to ~~entries of~~ the ~~same vulnerability in other security lists~~disclosure. ~~However,~~At ~~at this~~that stage the page for the new entry ~~doesn~~didn't contain any detailed description of the vulnerability. ~~After~~or ~~the~~any ~~new~~associated ~~entries~~metadata. ~~are~~As ~~thoroughly~~time ~~scrutinized~~permitted, new entries were analyzed and refined, by ~~us,~~adding wea ~~add~~description of the vulnerability ~~description,~~as ~~technical~~well ~~description,~~as a solution ~~description,~~if ~~manual~~available. ~~testing~~This ~~notes,~~general ~~etc~~activity was called "data mangling" and someone who performed this task a "mangler". ~~Then~~Mangling ~~these~~was done by core or casual volunteers. Details submitted by ~~details~~volunteers ~~are~~were reviewed by ~~other~~the ~~members~~core ofvolunteers, called ~~'''OSVDB'''~~"moderators", further ~~refined~~refining ifthe ~~necessary~~entry ~~and~~or ~~then~~rejecting ~~made~~the ~~stable~~volunteer changes if necessary. ~~Once~~New itinformation isadded ~~stable,~~to ~~the~~an ~~detailed~~entry ~~information~~that ~~appears~~was onapproved ~~the~~was ~~page~~then ~~for~~available to anyone browsing the ~~entry~~site. ==Contributors== Some of the key people that volunteered and maintained '''OSVDB''': ~~Some enthusiastic hackers are volunteering to maintain '''OSVDB'''. Some of the active members are as follows:~~ * Jake Kouns (Officer of OSF, Moderator) * Brian Martin a.k.a. Jericho (Officer of OSF, Moderator) * Kelly Todd a.k.a. Lyger (Officer of OSF, Moderator) * David Shettler (Officer of OSF, Developer) * [[Chris Sullo]] (~~Mangler~~Moderator)▼ * Daniel Moeller (Moderator) * Forrest Rae (Developer) Other volunteers who have helped in the past include:<ref>{{Cite web \|date=2014-05-02 \|title=OSVDB: Open Sourced Vulnerability Database \|url=http://osvdb.com/contributors \|access-date=2024-08-06 \|archive-url=https://web.archive.org/web/20140502042016/http://osvdb.com/contributors \|archive-date=2 May 2014 }}</ref> * [[Steve Tornio]] (Moderator~~, Mangler~~)▼ * Zach Shue (Moderator) * Alexander Koren a.k.a. ph0enix (Mangler) * Carsten Eiram a.k.a. Chep (Moderator) * ~~[[Susam Pal]]~~Marlowe (Mangler)▼ * [[Travis Schack]] (Mangler)▼ * Susam Pal (Mangler) * [[Christian Seifert]] (Mangler)▼ * Zain Memon == References == * [[H. D. Moore]] (Creator, Mangler) <references /> * [[Brian Martin]] (Moderator, Mangler) ▲* [[Chris Sullo]] (Mangler) ▲* [[Steve Tornio]] (Moderator, Mangler) ▲* [[Travis Schack]] (Mangler) ▲* [[Susam Pal]] (Mangler) ▲* [[Christian Seifert]] (Mangler) == External links == * [https://blog.osvdb.org/ OSVDB Blog]{{Dead link\|date=August 2025 \|bot=InternetArchiveBot \|fix-attempted=yes }} * [http://www.osvdb.org/ Open Source Vulnerability Database (OSVDB)] * [~~http~~https://www.~~opensecurityfoundation~~riskbasedsecurity.~~org~~com/ ~~Open~~Risk Based Security ~~Foundation (OSF)~~] [[Category:~~5-letter~~Security ~~acronyms~~vulnerability databases]] [[Category:~~Computer~~Internet ~~security~~properties established in 2002]] [[Category:Internet properties disestablished in 2016]]