Revision as of 02:59, 15 August 2020 edit Jericho347 (talk \| contribs) 291 edits extensive additions and clarifications, added citations, more people involved, better explanation of 'process', and more Tag: Visual edit ← Previous edit		Revision as of 23:33, 1 January 2021 edit undo WikiCleanerBot (talk \| contribs) Bots 1,007,735 edits m v2.04b - Bot T20 CW#61 - Fix errors for CW project (Reference before punctuation) Tag: WPCleaner Next edit →
Line 5: }} The '''Open Sourced Vulnerability Database''' ('''OSVDB''') was an independent and open-sourced [[vulnerability database]]. The goal of the project was to provide accurate, detailed, current, and unbiased technical information on [[Information security\|security]] vulnerabilities.<ref>{{Cite web\|last=Rosencrance\|first=Linda\|date=2004-04-16\|title=Brief: Vulnerability database goes live\|url=https://www.computerworld.com/article/2563666/brief--vulnerability-database-goes-live.html\|access-date=2020-08-15\|website=Computerworld\|language=en}}</ref> The project promoted greater and more open collaboration between companies and individuals. The database's motto was "Everything is Vulnerable".<ref>{{cite web \|title=Biased software vulnerability stats praising Microsoft were 101% misleading \|url=https://www.csoonline.com/article/2226625/biased-software-vulnerability-stats-praising-microsoft-were-101--misleading.html \|accessdate=20 May 2020}}</ref>. The core of OSVDB was a relational database which tied various information about security vulnerabilities into a common, cross-referenced [[open security]] data source. As of December 2013, the database cataloged over 100,000 vulnerabilities.<ref>{{cite web \|url=https://blog.osvdb.org/2014/01/20/we-hit-the-100000-mark/ \|title=We hit the 100,000 mark… \|date=20 January 2014 \|access-date=22 January 2020}}</ref> While the database was maintained by a 501(c)(3) non-profit public organization and volunteers, the data was prohibited for commercial use without a license. Despite that, many large commercial companies used the data in violation of the license without contributing employee volunteer time or financial compensation.<ref>{{Cite web\|title=McAfee accused of McSlurping Open Source Vulnerability Database\|url=https://www.theregister.com/2014/05/08/whats_copyright_mcafee_mcslurps_vuln_database/\|access-date=2020-08-15\|website=www.theregister.com\|language=en}}</ref> Line 16: On 5 April 2016, the database was shut down, while the blog was initially continued by Brian Martin.<ref>{{cite web \|url=https://blog.osvdb.org/2016/04/05/osvdb-fin/ \|title=OSVDB: Fin \|date=5 April 2016 \|access-date=22 January 2020 \|archive-url=https://web.archive.org/web/20160528152631/https://blog.osvdb.org/2016/04/05/osvdb-fin/ \|archive-date=28 May 2016 \|url-status=dead }}</ref> The reason for the shut down was the ongoing commercial but uncompensated use by security companies.<ref>{{Cite web\|last=Kovacs\|first=Eduard\|title=McAfee Issues Response to OSVDB Accusations Regarding Data Scraping\|url=https://news.softpedia.com/news/McAfee-Issues-Response-to-OSVDB-Accusations-Regarding-Data-Scraping-441323.shtml\|access-date=2020-08-15\|website=softpedia\|language=english}}</ref> As of January 2012, vulnerability entry was performed by full-time employees of Risk Based Security ,<ref>{{Cite web\|title=Homepage\|url=https://www.riskbasedsecurity.com/\|access-date=2020-08-15\|website=RBS\|language=en-US}}</ref>, who provided the personnel to do the work in order to give back to the community. Every new entry included a full title, disclosure timeline, description, solution (if known), classification metadata, references, products, and researcher who discovered the vulnerability (creditee). ==Process==

Open Source Vulnerability Database: Difference between revisions