Dailydave mailing list archives
Re: Open Source Vulnerability Database Opens for Public Access
From: Rodney Thayer <rodney () canola-jones com>
Date: Fri, 02 Apr 2004 21:48:04 -0800
At 09:36 PM 4/2/2004 -0800, bram wrote:
On Fri, Apr 02, 2004 at 09:19:44PM -0800, Rodney Thayer said sometin like...At 11:36 AM 4/2/2004 -0500, Dave Aitel wrote:~ Immunity will be switching to OSVDB for CANVASWhy? Why is it better? Who is the "Open Security Foundation"? Why is one guy approving new vulns better than a committee?Why it is better is debateable. A few facts (which are on the web page listed in the announcement: - It's open source. (See http://www.osvdb.org/news.php#license) - It's free.
It's from an organization (the Open Security Foundation) that's not listed on the web, that doesn't disclose who it's officers are, doesn't explain if it's a legal entity or not, etc.
From the site:OSVDB is an independent and open source database created by and for the community. Our goal is to provide accurate, detailed, current, and unbiased technical information. The Open Security Foundation is the foundation created to control the OSVDB. There is not one guy approving new vulns, there is a group of ~15 - 20 people who contribute in many different ways:
From the web site: <mailto:sullo () cirt net>Chris Sullo - Chris has been involved with the project from the very beginning and has recruited key members to the project. He currently handles and approves all new vulnerabilities that are added to the database as well as manages the web checks. In addition, Chris is co-founder and Treasurer of the Open Security Foundation.
- adding new vulns to the database - mangling vulns to include all relavent information, including links to advisories, techincal descriptions, and other information - moderators who approve each vuln after it has been mangled, kicking back if enough information is not included, or for a variety of other reasons
... which is approximately the same precise description you get if you ask about the structure of CVE.
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Open Source Vulnerability Database Opens for Public Access Bram Shirani (Apr 02)
- Re: Open Source Vulnerability Database Opens for Public Access Dave Aitel (Apr 02)
- Re: Open Source Vulnerability Database Opens for Public Access John Lampe (Apr 02)
- Re: Open Source Vulnerability Database Opens for Public Access sullo (Apr 02)
- Re: Open Source Vulnerability Database Opens for Public Access Rodney Thayer (Apr 02)
- Re: Open Source Vulnerability Database Opens for Public Access Bram Shirani (Apr 02)
- Re: Open Source Vulnerability Database Opens for Public Access Rodney Thayer (Apr 02)
- Re: Open Source Vulnerability Database Opens for Public Access sullo (Apr 02)
- Re: Open Source Vulnerability Database Opens for Public Access sullo (Apr 02)
- Re: Open Source Vulnerability Database Opens for Public Access Rodney Thayer (Apr 03)
- Re: Open Source Vulnerability Database Opens for Public Access Peter Wood (Apr 04)
- Re: Open Source Vulnerability Database Opens for Public Access sullo (Apr 05)
- Re: Open Source Vulnerability Database Opens for Public Access Dave Aitel (Apr 02)
- Re: Open Source Vulnerability Database Opens for Public Access security curmudgeon (May 02)