mailing list archives
OSVDB - 2005 Recap and Status Update
From: jkouns <jkouns () opensecurityfoundation org>
Date: Thu, 26 Jan 2006 01:35:14 -0500
OSVDB - 2005 Recap and Status Update
The Open Source Vulnerability Database (OSVDB), a project to catalog and
describe the world's security vulnerabilities, has had a challenging yet
successful year. The project is fortunate to have the continued support
of some devoted volunteers, yet remains challenged to keep up with the
increasing number of vulnerability reports, as well as work on the
back-log of historical information. Volunteers are continually sought to
help us achieve our short and long-term goals.
Despite resource constraints, there have been many exciting successes in
* A major project goal of obtaining 501(c)3 non-profit status from the
U.S. IRS was achieved. Obtaining non-profit status was critical to the
long-term viability of the project. This status allows OSVDB to take
charitable donations to help cover operating expenses, while providing a
tax benefit to donor companies and individuals.
* The vulnerability database has grown to over 22,000 entries thanks to
the dedicated work of Brian Martin, OSVDB Content Manager. At the end of
December, over 10,000 of those vulnerabilities were worked on by
volunteers to provide more detailed and cross-referenced information.
Our volunteer "Data Manglers" and Brian have helped ensure OSVDB is the
most complete resource for vulnerability information on the Internet.
* OSVDB started a blog in April, as a way for us to keep the public
better informed on the project's status. Very quickly we realized the
blog was a perfect place to discuss and comment on various aspects of
vulnerabilities, and has become a successful mechanism for communicating
with the security industry. If you have suggestions for topics, or would
like to join the discussion, please visit the OSVDB blog at:
* We are pleased to welcome Kevin Johnson as leader of the OSVDB
development team. Kevin joins OSVDB with a strong background in
information security, and as leader of the BASE project, has a proven
track-record managing open source teams. We are very excited about
Kevin joining the project, and hope to provide more information soon
regarding the OSVDB development road map. If you are interested in
becoming a part of the new OSVDB development team, please contact us!
We would like to also recognize our sponsors and thank them for their
support. Digital Defense, Churchill & Harriman, Audit My PC, and
Opengear have all provided important resources to OSVDB over the past
year. We would also like to thank Renaud Deraison of the Nessus Project
and HD Moore of the Metasploit Project for their support. Lastly, we of
course want to thank our volunteers, and note that several of them have
contributed to Nessus Network Auditing, available from Syngress Publishing.
We are very pleased with the progress and growth of OSVDB over the past
year, but do not want to downplay the importance of recruiting new
volunteers, as well as retaining our current ones, in order to get
through the considerable back-log of vulnerabilities that need further
work. This task is daunting, but will not only help retain valuable
historical vulnerability information, but will also allow OSVDB to
generate meaningful statistics for past and current years.
We have had a great year, and are looking forward to another one! We are
of course still seeking assistance to help keep OSVDB successful--the
project has many ideas in need of financial and volunteer support to
implement. For more information on supporting OSVDB through
volunteering or sponsorship, please contact moderators () osvdb org
Audit My PC: http://www.auditmypc.com/
Churchill & Harriman: http://www.chus.com/
Digital Defense: http://www.digitaldefense.net/
Nessus Network Auditing: http://www.syngress.com/catalog/?pid=2850
Open Source Vulnerability Database Project
jkouns () osvdb org
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- OSVDB - 2005 Recap and Status Update jkouns (Jan 26)