Open Source Vulnerability Database


The Open Sourced Vulnerability Database was an independent and open-sourced vulnerability database. The goal of the project was to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project promoted greater and more open collaboration between companies and individuals. The database's motto was "Everything is Vulnerable".
Its goal was to provide accurate, unbiased information about security vulnerabilities in computerized equipment. The core of OSVDB was a relational database which tied various information about security vulnerabilities into a common, cross-referenced open security data source. As of December 2013, the database cataloged over 100,000 vulnerabilities.

History

The project was started in August 2002 at the Blackhat and DEF CON Conferences by several industry notables. Under mostly-new management, the database officially launched to the public on March 31, 2004.
The Open Security Foundation was created to ensure the project's continuing support. Brian Martin and Jake Kouns were project leaders for the OSVDB project, and currently hold leadership roles in the OSF.
On 5 April 2016, the database was shut down, where the blog initially continued. The reason for the shut down was the ongoing commercial but uncompensated use by companies.

Process

Originally, vulnerability reports, advisories, and exploits posted in various security lists entered the database as a new entry. The new entry contained only a title and links to entries of the same vulnerability in other security lists. However, at this stage the page for the new entry didn't contain any detailed description of the vulnerability. After the new entries were thoroughly scrutinized, analyzed and refined, descriptions of the vulnerability, its solutions and test notes were added. Then these details were reviewed by other members of OSVDB, further refined if necessary, and then made stable. Once it was stable, the detailed information appeared on the page for the entry.
As of January 2012, vulnerability entry was performed by full-time employees of the OSF. Every new entry included a title, description, solution, classification data, references, products, and creditee.

Contributors

Some enthusiastic hackers are volunteering to maintain OSVDB. Some of the active members are as follows:
Other volunteers who have helped in the past include: