Re: Open Source Vulnerability Database Opens for Public Access

[sullo () cirt net]

Quoting Rodney Thayer <rodney () canola-jones com>:

> It's from an organization (the Open Security Foundation) that's
> not listed on the web, that doesn't disclose who it's officers are,
> doesn't explain if it's a legal entity or not, etc.

The OSF is being set up right now and will be an official non-profit
organization. Information can be found about it on both osvdb.org and
http://opensecurityfoundation.org/

>  From the web site:
>
>   <mailto:sullo () cirt net>Chris Sullo - Chris has been involved with the
> project from the very beginning and has recruited key members to the project.
> He currently handles and approves all new vulnerabilities 

If you are referring to the "all new" at that stage--yes, that is a place where
we need a new, trusted source to help.  But this step just allows an entry to
be listed as NEW so that a mangler may work it. It still must go through at
least one mangler and a moderator before it is ever seen on the public site.

> ... which is approximately the same precise description you get if
> you ask about the structure of CVE.

CVE is just a catalog of entries and does not have the level of detail OSVDB
provdes. We are using the CVE reference to tie entries together, connecting our
data to Snort/Nessus/Nikto/etc.
 
Regards,
Sullo

-- 

http://www.cirt.net/   |   http://www.osvdb.org/

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave