Re: Open Source Vulnerability Database Opens for Public Access

[sullo () cirt net]

Quoting Rodney Thayer <rodney () canola-jones com>:

> At 11:36 AM 4/2/2004 -0500, Dave Aitel wrote:
>
> > ~ Immunity will be switching to OSVDB for CANVAS
>
> Why?  Why is it better?  

We are finding a lot of inconsistency in the other databases, and are working
hard to resolve those problems and get detailed information about the vulns.

> Who is the "Open Security Foundation"?

The OSF is being created to hanldle the legal and financial aspects of OSVDB,
and protect OSVDB from whatever may arise. It will be a federally recognized
non-profit organization.

> Why is one guy approving new vulns better than a committee?

Honestly we do not want any role to have only one person doing it. At the
moment, there are two spots that are in this situation. Once we identifiy who
can fill those roles we will likely double the people that can perform that.

We realize we have some spots where a key function is being done by only one
person, and hope to change that as the number of volunteers grow.  Please bear
in mind that until this week we had 4 people working on it constantly, and
another half dozen working part time or less.

We also don't want to bury ourselves into a committee situation like CVE at
MITRE, where entries have been in CAN status for years and years...

This is still some work in progress, so we look forward to your suggestions,

Regards,
Sullo

-- 

http://www.cirt.net/   |   http://www.osvdb.org/

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave