VulnWatch.Org Release

[full-disclosure () lists netsys com (Steve)]

Las Vegas, August 1, 2002 - At the Black Hat and Defcon security
conferences, security community volunteers announce two important new
services for the security community and a new partnership for
community-based security information sources.
The first is the VulnDiscuss mailing list, a new full disclosure forum
that compliments the existing VulnWatch accouncement list. VulnDiscuss is
meant to foster the discussion of security issues and vulnerabilities by
providing a forum for recent security announcements to be discussed.
VulnDiscuss will be under moderator control to keep it topical, and access
is open to anyone who wishes to participate or observe.

The second is the Open Source Vulnerability Database (OSVDB). OSVDB - A
database built and maintained for the community, by the community. The
goal of the Open Source Vulnerability Database is to provide accurate,
technical, up to date, unbiased, and reliable vulnerability information to
the community for free.

The redundant time, effort and money that individual people and companies
put into maintaining proprietary databases will be cut by exorbitant
amounts by participating in a community that is working toward a common
goal. The database will have no commercial licensing restrictions,
allowing corporations, businesses, and individuals alike to use this
information in any way they wish without having to pay a dime.

The OSVDB project will be debuting with thousands of vulnerability entries
provided by databases donated by Digital Defense, Inc., and SensePost.
This will provide a strong base to start from, allowing OSVDB to
immediately track new vulnerabilities and provide quality data from the
start. The continued help of Farm9, NMRC, Neohapsis, Packetstorm,
VulnWatch, and many other industry experts is invaluable to this project.

And finally the third is a formal partnership between multiple
community-based security information sources: PacketStorm, Open Source
Vulnerability Database, Alldas.org, and VulnWatch. The partnership will
come together under the Internetworked Security Information Services
initiative (ISISi) title, which will remain a non-profit, vendor-neutral
entity run by volunteers from the security community. All involved
projects share the common goal of providing accessible information
security resources useful for researchers, IT Professionals, and the
general public, while adhering to a not-for-profit operation model. The
initiative allows the projects to share resources and volunteers,
eliminate redundancy, and provide a single organized access point to all
information which is currently dispersed amongst the individual projects.
Current ISISi information is available at www.isisi.org.

"[ISISi] allows us to pool our resources and increase the effectiveness of
our respective initiatives while giving information security professionals
co-ordinated, higher quality, open source security information than was
possible previously."
- Emerson Tan, Spokesman and Ideologue, Packetstormsecurity.org

"Each of the projects involved in this initiative have committed to
remaining independent and not-for-profit, this is a key requirement for
participation as we want this to be a community supported effort, for the
community by the community."
- Steve Manzuik, founder and co-moderator of VulnWatch.

The individual projects can be contacted at the addresses below.

VulnWatch -- Full disclosure security forums and resources. Press contact:
Steve Manzuik, steve () vulnwatch org.

Alldas.org . The most complete and up to date mirror of web site
defacements that includes statistics and trend analysis. Press contact:
press () alldas org

PacketStorm -- Repository of vulnerability and exploit information. Press
contact: Emerson Tan, et () c4i org

OSVDB.ORG - A database built and maintained for the community, by the
community. Press contact: osvdb () osvdb org