OSVDB
Encyclopedia
Open Source Vulnerability Database (OSVDB) is an independent and open source
database
created by and for the community. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security
vulnerabilities. The project promotes greater, open collaboration between companies and individuals, eliminates redundant works, and reduce expenses inherent with the development and maintenance of in-house vulnerability databases.
Its goal is to provide accurate, unbiased information about security vulnerabilities in computerized equipment. The core of OSVDB is a relational database which ties various information about security vulnerabilities into a common, cross-referenced open security
data source.
Conferences by several industry notables (including H. D. Moore, rain.forest.puppy, and others). Under mostly-new management, the database officially launched to the public on March 31, 2004.
The Open Security Foundation (OSF) was created to ensure the project's continuing support. Brian Martin
(AKA Jericho), Chris Sullo
(of Nikto fame), and Jake Kouns
are project leaders for the OSVDB project, and currently hold leadership roles in the OSF. It is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. It has a pluggable data store architecture
security projects. It was originally conceived and founded as a support for the OSVDB project, but its scope is evolving to provide support for numerous other projects.
The foundation allows organizations and individuals to provide charitable contributions to support open source security projects that provide value to the global community. The foundation also provides guidance, legal, administrative, policy guidelines, and other support to numerous projects.
The Open Security Foundation was conceived by Chris Sullo
, Brian Martin
, and Jake Kouns
in early 2004, and obtained official US 501(c)3 non-profit status in April, 2005.
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
database
Database
A database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model relevant aspects of reality , in a way that supports processes requiring this information...
created by and for the community. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security
Information security
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
vulnerabilities. The project promotes greater, open collaboration between companies and individuals, eliminates redundant works, and reduce expenses inherent with the development and maintenance of in-house vulnerability databases.
Its goal is to provide accurate, unbiased information about security vulnerabilities in computerized equipment. The core of OSVDB is a relational database which ties various information about security vulnerabilities into a common, cross-referenced open security
Open Security
Open security is an initiative to approach application security challenges using open source philosophies and methodologies. Traditional application security is based on the premise that any application or service relies on security through obscurity.On the developer side, legitimate software and...
data source.
History
The project was started in August 2002 at the Blackhat and DEF CONDEF CON
DEF CON is one of the world's largest annual computer hacker conventions, held every year in Las Vegas, Nevada...
Conferences by several industry notables (including H. D. Moore, rain.forest.puppy, and others). Under mostly-new management, the database officially launched to the public on March 31, 2004.
The Open Security Foundation (OSF) was created to ensure the project's continuing support. Brian Martin
Brian Martin
Brian Martin may refer to:* Brian Martin , U.S. basketball player* Brian Martin , former Scottish footballer* Brian Martin , Canadian hockey player* Brian Martin , American luger...
(AKA Jericho), Chris Sullo
Chris Sullo
Chris Sullo is the CFO and Treasurer of Open Security Foundation. He is a distinguished security expert known as the author of Nikto scanner. He is specialised in web-security and pen-testing.- OSVDB :...
(of Nikto fame), and Jake Kouns
Jake Kouns
Jake Kouns is the co-founder and President of the Open Security Foundation which oversees the operations of the Open Source Vulnerability Database . Kouns's primary focus is to provide management oversight and define the strategic direction the project....
are project leaders for the OSVDB project, and currently hold leadership roles in the OSF. It is a client/server implementation that consists of a server daemon (mysqld) and many different client programs/libraries. It has a pluggable data store architecture
Process
Vulnerability reports, advisories and exploits posted in various security lists enter the database as a new entry. The new entry contains only a title and links to entries of the same vulnerability in other security lists. However, at this stage the page for the new entry doesn't contain any detailed description of the vulnerability. After the new entries are thoroughly scrutinized, analyzed and refined, descriptions of the vulnerability, its solutions and test notes are added. Then these details are reviewed by other members of OSVDB, further refined if necessary and then made stable. Once it is stable, the detailed information appears on the page for the entry.Contributors
Some enthusiastic hackers are volunteering to maintain OSVDB. Some of the active members are as follows:- Brian MartinBrian MartinBrian Martin may refer to:* Brian Martin , U.S. basketball player* Brian Martin , former Scottish footballer* Brian Martin , Canadian hockey player* Brian Martin , American luger...
(COO, Moderator) - Jake Kouns (CEO, Moderator)
- Chris SulloChris SulloChris Sullo is the CFO and Treasurer of Open Security Foundation. He is a distinguished security expert known as the author of Nikto scanner. He is specialised in web-security and pen-testing.- OSVDB :...
(CFO, Moderator) - Steve Tornio (Moderator)
- Travis Schack (Mangler)
- Susam Pal (Mangler)
- Christian Seifert (Mangler)
Open Security Foundation
The Open Security Foundation is a non-profit 501c3 organization established in early 2005 to function as a support organization for open sourceOpen source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
security projects. It was originally conceived and founded as a support for the OSVDB project, but its scope is evolving to provide support for numerous other projects.
The foundation allows organizations and individuals to provide charitable contributions to support open source security projects that provide value to the global community. The foundation also provides guidance, legal, administrative, policy guidelines, and other support to numerous projects.
The Open Security Foundation was conceived by Chris Sullo
Chris Sullo
Chris Sullo is the CFO and Treasurer of Open Security Foundation. He is a distinguished security expert known as the author of Nikto scanner. He is specialised in web-security and pen-testing.- OSVDB :...
, Brian Martin
Brian Martin
Brian Martin may refer to:* Brian Martin , U.S. basketball player* Brian Martin , former Scottish footballer* Brian Martin , Canadian hockey player* Brian Martin , American luger...
, and Jake Kouns
Jake Kouns
Jake Kouns is the co-founder and President of the Open Security Foundation which oversees the operations of the Open Source Vulnerability Database . Kouns's primary focus is to provide management oversight and define the strategic direction the project....
in early 2004, and obtained official US 501(c)3 non-profit status in April, 2005.