Dailydave mailing list archives
Re: Open Source Vulnerability Database Opens for Public Access
From: sullo () cirt net
Date: Fri, 2 Apr 2004 11:49:00 -0500
Quoting Dave Aitel <dave () immunitysec com>:
~ Immunity will be switching to OSVDB for CANVAS (instead of CVE and CERT).
Excellent, glad to hear it!
You guys should make it wiki-like so people can submit information on any of the bugs and have it plopped into the database, perhaps after being authenticated by a moderator.
Right now, due to the huge to-do list we've got, we're only taking updates via email. We're evaluating the best method to get updates from users and incorporate them into the DB -- but something wiki-like will probably be very high on the list of options.
I assume by "freely available" you mean that I can directly pull all sorts of information from your DB and include it in CANVAS?
Absolutely. Check out the license (http://www.osvdb.org/license.php) for the gory details. Regards, Sullo Subliminal message: OSVDB still needs volunteers!
Bram Shirani wrote: | Open Source Vulnerability Database Releases Free Security Data to | the Public | | The Open Source Vulnerability Database, a project to catalog and | describe the world's computer security vulnerabilities, opened for | public use on 31 March 2004. | | According to statistics gathered by CERT, a respected security | resource at Carnegie Mellon University, the number of new computer | security vulnerabilities found each year has risen over two | thousand percent since 1995. Tracking these vulnerabilities and | their remedies is critical for those who protect networked systems | against accidental misuse and deliberate attack, whether at home, | in small businesses, or across globe-spanning enterprises. | | The Open Source Vulnerability Database (OSVDB) is an open project | to collect and distribute vulnerability information freely to | everyone. The project team contains skilled volunteers working | together to document every security vulnerability that arises. | Formed in 2002, the OSVDB project has now completed its development | of an online system to store and deliver vulnerability data. | | "The OSVDB's main goal is to be complete and without bias," says | Jake Kouns, chief moderator of the OSVDB project team. "This | database will serve as one-stop shopping for all vulnerability | needs." | | The OSVDB collects vulnerability data on every type of computer | software and operating system. Like other open-source projects, the | OSVDB depends on the wide expertise of its contributors to provide | dependable information on many technologies and security problems. | The project's open-source license makes the results freely | available to users worldwide. | | Warren Ward, in charge of research at Winterforce, an e-commerce | and security consultancy, says "Other vulnerability databases do | exist. But there are frequently restrictions on their use. The | OSVDB's open license frees us to serve our clients." | | In addition to its current capabilities, the OSVDB is planning the | release of several new services and data products in the upcoming | months. Some will make database access easier for end users, others | will support the specialized tasks of software developers and | security analysts. | | The OSVDB online system can be found at www.OSVDB.org. | | ### | | More Information: | | Jake Kouns Open Source Vulnerability Database Project | +1.804.306.8412 jkouns () osvdb org | | Warren Ward Winterforce +1.780.708.0099 vpresearch () winterforce com | _______________________________________________ Dailydave mailing | list Dailydave () lists immunitysec com | http://www.immunitysec.com/mailman/listinfo/dailydave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAbZaizOrqAtg8JS8RAmdUAKC+Ht40WK5lezbw7yMHV2Y5FK8KmwCgmZ7E NNipHlZmoS+YUnIXrj8vgWE= =rHDj -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
-- http://www.cirt.net/ | http://www.osvdb.org/ _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Open Source Vulnerability Database Opens for Public Access Bram Shirani (Apr 02)
- Re: Open Source Vulnerability Database Opens for Public Access Dave Aitel (Apr 02)
- Re: Open Source Vulnerability Database Opens for Public Access John Lampe (Apr 02)
- Re: Open Source Vulnerability Database Opens for Public Access sullo (Apr 02)
- Re: Open Source Vulnerability Database Opens for Public Access Rodney Thayer (Apr 02)
- Re: Open Source Vulnerability Database Opens for Public Access Bram Shirani (Apr 02)
- Re: Open Source Vulnerability Database Opens for Public Access Rodney Thayer (Apr 02)
- Re: Open Source Vulnerability Database Opens for Public Access sullo (Apr 02)
- Re: Open Source Vulnerability Database Opens for Public Access sullo (Apr 02)
- Re: Open Source Vulnerability Database Opens for Public Access Rodney Thayer (Apr 03)
- Re: Open Source Vulnerability Database Opens for Public Access Peter Wood (Apr 04)
- Re: Open Source Vulnerability Database Opens for Public Access sullo (Apr 05)
- Re: Open Source Vulnerability Database Opens for Public Access Dave Aitel (Apr 02)
- Re: Open Source Vulnerability Database Opens for Public Access security curmudgeon (May 02)