Jump to content

Open Source Vulnerability Database

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Root exploit (talk | contribs) at 09:16, 27 August 2006 (Contributors). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Open Source Vulnerability Database (OSVDB) is an independent and open source database created by and for the community. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project promotes greater, open collaboration between companies and individuals, eliminates redundant works, and reduce expenses inherent with the development and maintenance of in-house vulnerability databases.

History

The project was started in August 2002 at the Blackhat and DEF CON Conferences by several industry notables (including H. D. Moore, rain.forrest.puppy, and others). Under mostly-new management, the database officially launched to the public on March 31, 2004.

The Open Security Foundation (OSF) was created to ensure the project's continuing support. Brian Martin AKA Jericho, Chris Sullo AKA Sullo of Nikto fame, and Jake Kouns are project leaders for the OSVDB project, and currently hold leadership roles in the OSF.

Mission

Its goal is to provide accurate, unbiased information about security vulnerabilities in computerized equipment. The core of OSVDB is a relational database which ties various information about security vulnerabilities into a common, cross-referenced data source.

Process

Vulnerability reports, advisories and exploits posted in various security lists enter the database as a new entry. The new entry contains only a title and links to entries of the same vulnerability in other security lists. However, at this stage the page for the new entry doesn't contain any detailed description of the vulnerability. After the new entries are thoroughly scrutinized, analyzed and refined by us, we add vulnerability description, technical description, solution description, manual testing notes, etc. Then these details are reviewed by other members of OSVDB, further refined if necessary and then made stable. Once it is stable, the detailed information appears on the page for the entry.

Contributors

Some enthusiastic hackers are volunteering to maintain OSVDB. Some of the active members are as follows:


Stub icon

This computing article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Open_Source_Vulnerability_Database&oldid=72160209"