Menu
Home Explore People Places Arts History Plants & Animals Science Life & Culture Technology
On this page
Open Source Vulnerability Database

The Open Sourced Vulnerability Database (OSVDB) was an independent, open-sourced project aimed at providing accurate, detailed, and unbiased information on security vulnerabilities. Its relational database connected data into a comprehensive open security resource, promoting collaboration between companies and individuals. By December 2013, OSVDB cataloged over 100,000 vulnerabilities. Although maintained by a nonprofit and volunteers, its data was restricted from commercial use without a license. Nonetheless, many large companies used the database unlawfully, often without contributing to the project. The database’s motto was “Everything is Vulnerable,” reflecting its commitment to transparency and security awareness.

We don't have any images related to Open Source Vulnerability Database yet.
We don't have any YouTube videos related to Open Source Vulnerability Database yet.
We don't have any PDF documents related to Open Source Vulnerability Database yet.
We don't have any Books related to Open Source Vulnerability Database yet.

History

The project was started in August 2002 at the Blackhat and DEF CON Conferences by several industry notables (including H. D. Moore, rain.forest.puppy, and others). Under mostly-new management, the database officially launched to the public on March 31, 2004.5 The original implementation was written in PHP by Forrest Rae (FBR). Later, the entire site was re-written in Ruby on Rails by David Shettler.

The Open Security Foundation (OSF) was created to ensure the project's continuing support. Jake Kouns (Zel), Chris Sullo, Kelly Todd (AKA Lyger), David Shettler (AKA D2D), and Brian Martin (AKA Jericho) were project leaders for the OSVDB project, and held leadership roles in the OSF at various times.

On 5 April 2016, the database was shut down, while the blog was initially continued by Brian Martin.6 The reason for the shut down was the ongoing commercial but uncompensated use by security companies.7

As of January 2012, vulnerability entry was performed by full-time employees of Risk Based Security,8 who provided the personnel to do the work in order to give back to the community. Every new entry included a full title, disclosure timeline, description, solution (if known), classification metadata, references, products, and researcher who discovered the vulnerability (creditee).

Process

Originally, vulnerability disclosures posted in various security lists and web sites were entered into the database as a new entry in the New Data Mangler (NDM) queue. The new entry contained only a title and links to the disclosure. At that stage the page for the new entry didn't contain any detailed description of the vulnerability or any associated metadata. As time permitted, new entries were analyzed and refined, by adding a description of the vulnerability as well as a solution if available. This general activity was called "data mangling" and someone who performed this task a "mangler". Mangling was done by core or casual volunteers. Details submitted by volunteers were reviewed by the core volunteers, called "moderators", further refining the entry or rejecting the volunteer changes if necessary. New information added to an entry that was approved was then available to anyone browsing the site.

Contributors

Some of the key people that volunteered and maintained OSVDB:

  • Jake Kouns (Officer of OSF, Moderator)
  • Brian Martin a.k.a. Jericho (Officer of OSF, Moderator)
  • Kelly Todd a.k.a. Lyger (Officer of OSF, Moderator)
  • David Shettler (Officer of OSF, Developer)
  • Chris Sullo (Moderator)
  • Daniel Moeller (Moderator)
  • Forrest Rae (Developer)

Other volunteers who have helped in the past include:9

  • Steve Tornio (Moderator)
  • Zach Shue (Moderator)
  • Alexander Koren a.k.a. ph0enix (Mangler)
  • Carsten Eiram a.k.a. Chep (Moderator)
  • Marlowe (Mangler)
  • Travis Schack (Mangler)
  • Susam Pal (Mangler)
  • Christian Seifert (Mangler)
  • Zain Memon

References

  1. Rosencrance, Linda (16 April 2004). "Brief: Vulnerability database goes live". Computerworld. Retrieved 15 August 2020. https://www.computerworld.com/article/2563666/brief--vulnerability-database-goes-live.html

  2. "Biased software vulnerability stats praising Microsoft were 101% misleading". Retrieved 20 May 2020. https://www.csoonline.com/article/2226625/biased-software-vulnerability-stats-praising-microsoft-were-101--misleading.html

  3. "We hit the 100,000 mark…". 20 January 2014. Retrieved 22 January 2020. https://blog.osvdb.org/2014/01/20/we-hit-the-100000-mark/

  4. "McAfee accused of McSlurping Open Source Vulnerability Database". www.theregister.com. Retrieved 15 August 2020. https://www.theregister.com/2014/05/08/whats_copyright_mcafee_mcslurps_vuln_database/

  5. Gold, Jon (7 April 2016). "Open-source vulnerabilities database shuts down". Network World. Retrieved 22 January 2020. https://www.networkworld.com/article/3053613/open-source-vulnerabilities-database-shuts-down.html

  6. "OSVDB: Fin". 5 April 2016. Archived from the original on 28 May 2016. Retrieved 22 January 2020. https://web.archive.org/web/20160528152631/https://blog.osvdb.org/2016/04/05/osvdb-fin/

  7. Kovacs, Eduard. "McAfee Issues Response to OSVDB Accusations Regarding Data Scraping". softpedia. Retrieved 15 August 2020. https://news.softpedia.com/news/McAfee-Issues-Response-to-OSVDB-Accusations-Regarding-Data-Scraping-441323.shtml

  8. "Homepage". RBS. Retrieved 15 August 2020. https://www.riskbasedsecurity.com/

  9. "OSVDB: Open Sourced Vulnerability Database". 2 May 2014. Archived from the original on 2 May 2014. Retrieved 6 August 2024. https://web.archive.org/web/20140502042016/http://osvdb.com/contributors