309:
detailed description of the vulnerability or any associated metadata. As time permitted, new entries were analyzed and refined, by adding a description of the vulnerability as well as a solution if available. This general activity was called "data mangling" and someone who performed this task a "mangler". Mangling was done by core or casual volunteers. Details submitted by volunteers were reviewed by the core volunteers, called "moderators", further refining the entry or rejecting the volunteer changes if necessary. New information added to an entry that was approved was then available to anyone browsing the site.
65:
127:
24:
299:
As of
January 2012, vulnerability entry was performed by full-time employees of Risk Based Security, who provided the personnel to do the work in order to give back to the community. Every new entry included a full title, disclosure timeline, description, solution (if known), classification metadata,
264:
data source. As of
December 2013, the database cataloged over 100,000 vulnerabilities. While the database was maintained by a 501(c)(3) non-profit public organization and volunteers, the data was prohibited for commercial use without a license. Despite that, many large commercial companies used the
308:
Originally, vulnerability disclosures posted in various security lists and web sites were entered into the database as a new entry in the New Data
Mangler (NDM) queue. The new entry contained only a title and links to the disclosure. At that stage the page for the new entry didn't contain any
292:(OSF) was created to ensure the project's continuing support. Jake Kouns (Zel), Chris Sullo, Kelly Todd (AKA Lyger), David Shettler (AKA D2D), and Brian Martin (AKA Jericho) were project leaders for the OSVDB project, and held leadership roles in the OSF at various times.
285:, rain.forest.puppy, and others). Under mostly-new management, the database officially launched to the public on March 31, 2004. The original implementation was written in PHP by Forrest Rae (FBR). Later, the entire site was re-written in Ruby on Rails by David Shettler.
295:
On 5 April 2016, the database was shut down, while the blog was initially continued by Brian Martin. The reason for the shut down was the ongoing commercial but uncompensated use by security companies.
647:
144:
37:
642:
257:
vulnerabilities. The project promoted greater and more open collaboration between companies and individuals. The database's motto was "Everything is
Vulnerable".
418:
637:
539:
43:
191:
163:
260:
The core of OSVDB was a relational database which tied various information about security vulnerabilities into a common, cross-referenced
170:
86:
487:
228:
210:
177:
108:
51:
159:
393:
148:
512:
461:
79:
73:
137:
184:
90:
289:
253:. The goal of the project was to provide accurate, detailed, current, and unbiased technical information on
589:
250:
265:
data in violation of the license without contributing employee volunteer time or financial compensation.
254:
274:
439:
631:
261:
300:
references, products, and researcher who discovered the vulnerability (creditee).
282:
126:
516:
419:"Biased software vulnerability stats praising Microsoft were 101% misleading"
278:
622:
564:
540:"McAfee Issues Response to OSVDB Accusations Regarding Data Scraping"
462:"McAfee accused of McSlurping Open Source Vulnerability Database"
593:
120:
58:
17:
617:
328:
Brian Martin a.k.a. Jericho (Officer of OSF, Moderator)
317:
Some of the key people that volunteered and maintained
347:
Other volunteers who have helped in the past include:
281:
Conferences by several industry notables (including
331:
Kelly Todd a.k.a. Lyger (Officer of OSF, Moderator)
151:. Unsourced material may be challenged and removed.
488:"Open-source vulnerabilities database shuts down"
273:The project was started in August 2002 at the
8:
590:"OSVDB: Open Sourced Vulnerability Database"
52:Learn how and when to remove these messages
648:Internet properties disestablished in 2016
334:David Shettler (Officer of OSF, Developer)
394:"Brief: Vulnerability database goes live"
229:Learn how and when to remove this message
211:Learn how and when to remove this message
109:Learn how and when to remove this message
72:This article includes a list of general
643:Internet properties established in 2002
384:
357:Alexander Koren a.k.a ph0enix (Mangler)
325:Jake Kouns (Officer of OSF, Moderator)
249:) was an independent and open-sourced
360:Carsten Eiram a.k.a. Chep (Moderator)
7:
392:Rosencrance, Linda (16 April 2004).
160:"Open Source Vulnerability Database"
149:adding citations to reliable sources
243:Open Sourced Vulnerability Database
78:it lacks sufficient corresponding
14:
33:This article has multiple issues.
638:Security vulnerability databases
125:
63:
22:
136:needs additional citations for
41:or discuss these issues on the
515:. 5 April 2016. Archived from
1:
592:. 2 May 2014. Archived from
372:Christian Seifert (Mangler)
664:
486:Gold, Jon (7 April 2016).
440:"We hit the 100,000 mark…"
340:Daniel Moeller (Moderator)
351:Steve Tornio (Moderator)
290:Open Security Foundation
366:Travis Schack (Mangler)
343:Forrest Rae (Developer)
337:Chris Sullo (Moderator)
93:more precise citations.
251:vulnerability database
354:Zach Shue (Moderator)
145:improve this article
623:Risk Based Security
466:www.theregister.com
369:Susam Pal (Mangler)
442:. 20 January 2014
363:Marlowe (Mangler)
239:
238:
231:
221:
220:
213:
195:
119:
118:
111:
56:
655:
606:
605:
603:
601:
586:
580:
579:
577:
575:
561:
555:
554:
552:
550:
538:Kovacs, Eduard.
535:
529:
528:
526:
524:
509:
503:
502:
500:
498:
483:
477:
476:
474:
472:
458:
452:
451:
449:
447:
436:
430:
429:
427:
425:
415:
409:
408:
406:
404:
389:
234:
227:
216:
209:
205:
202:
196:
194:
153:
129:
121:
114:
107:
103:
100:
94:
89:this article by
80:inline citations
67:
66:
59:
48:
26:
25:
18:
663:
662:
658:
657:
656:
654:
653:
652:
628:
627:
614:
609:
599:
597:
588:
587:
583:
573:
571:
563:
562:
558:
548:
546:
537:
536:
532:
522:
520:
511:
510:
506:
496:
494:
485:
484:
480:
470:
468:
460:
459:
455:
445:
443:
438:
437:
433:
423:
421:
417:
416:
412:
402:
400:
391:
390:
386:
382:
315:
306:
271:
235:
224:
223:
222:
217:
206:
200:
197:
154:
152:
142:
130:
115:
104:
98:
95:
85:Please help to
84:
68:
64:
27:
23:
12:
11:
5:
661:
659:
651:
650:
645:
640:
630:
629:
626:
625:
620:
613:
612:External links
610:
608:
607:
581:
556:
530:
519:on 28 May 2016
504:
478:
453:
431:
410:
383:
381:
378:
377:
376:
373:
370:
367:
364:
361:
358:
355:
352:
345:
344:
341:
338:
335:
332:
329:
326:
314:
311:
305:
302:
270:
267:
237:
236:
219:
218:
133:
131:
124:
117:
116:
71:
69:
62:
57:
31:
30:
28:
21:
13:
10:
9:
6:
4:
3:
2:
660:
649:
646:
644:
641:
639:
636:
635:
633:
624:
621:
619:
616:
615:
611:
596:on 2 May 2014
595:
591:
585:
582:
570:
566:
560:
557:
545:
541:
534:
531:
518:
514:
508:
505:
493:
492:Network World
489:
482:
479:
467:
463:
457:
454:
441:
435:
432:
420:
414:
411:
399:
398:Computerworld
395:
388:
385:
379:
374:
371:
368:
365:
362:
359:
356:
353:
350:
349:
348:
342:
339:
336:
333:
330:
327:
324:
323:
322:
320:
312:
310:
303:
301:
297:
293:
291:
286:
284:
280:
276:
268:
266:
263:
262:open security
258:
256:
252:
248:
244:
233:
230:
215:
212:
204:
193:
190:
186:
183:
179:
176:
172:
169:
165:
162: –
161:
157:
156:Find sources:
150:
146:
140:
139:
134:This article
132:
128:
123:
122:
113:
110:
102:
92:
88:
82:
81:
75:
70:
61:
60:
55:
53:
46:
45:
40:
39:
34:
29:
20:
19:
16:
598:. Retrieved
594:the original
584:
572:. Retrieved
568:
559:
547:. Retrieved
543:
533:
521:. Retrieved
517:the original
513:"OSVDB: Fin"
507:
495:. Retrieved
491:
481:
469:. Retrieved
465:
456:
444:. Retrieved
434:
422:. Retrieved
413:
401:. Retrieved
397:
387:
346:
318:
316:
313:Contributors
307:
298:
294:
287:
272:
259:
246:
242:
240:
225:
207:
198:
188:
181:
174:
167:
155:
143:Please help
138:verification
135:
105:
96:
77:
49:
42:
36:
35:Please help
32:
15:
283:H. D. Moore
91:introducing
632:Categories
618:OSVDB Blog
565:"Homepage"
523:22 January
497:22 January
446:22 January
380:References
375:Zain Memon
171:newspapers
74:references
38:improve it
574:15 August
549:15 August
544:softpedia
471:15 August
403:15 August
44:talk page
600:6 August
275:Blackhat
255:security
201:May 2009
99:May 2009
304:Process
279:DEF CON
269:History
185:scholar
87:improve
424:20 May
187:
180:
173:
166:
158:
76:, but
319:OSVDB
247:OSVDB
192:JSTOR
178:books
602:2024
576:2020
551:2020
525:2020
499:2020
473:2020
448:2020
426:2020
405:2020
288:The
277:and
241:The
164:news
569:RBS
147:by
634::
567:.
542:.
490:.
464:.
396:.
321::
47:.
604:.
578:.
553:.
527:.
501:.
475:.
450:.
428:.
407:.
245:(
232:)
226:(
214:)
208:(
203:)
199:(
189:·
182:·
175:·
168:·
141:.
112:)
106:(
101:)
97:(
83:.
54:)
50:(
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.