The Open Source Vulnerability Database (OSVDB), provided by the Open Security Foundation (OSF), is now online and available to the public. OSVDB is an archive of known vulnerabilities and includes vulnerability data pertaining to all platforms. The project was proposed by members of the security community as a means of providing a comprehensive open database that can be used by anyone, including vendors who want to integrate the database into their products. The database is currently supported in Nikto (a Web server security scanner), Snort (an intrusion detection and prevention system), and Nessus (a vulnerability scanner) security products.
The database schema includes an ID number assigned by OSVDB, date when the vulnerability was disclosed, product name, description, vulnerability classifications, the application solutions to the problems, external references for more information (including Bugtraq ID, Arachnids ID, CERT ID, Nessus Script ID, Snort signature ID, and much more) as well as the name of the entity who disclosed the vulnerability.
In December OSF issued a call for volunteers to help develop and maintain the project. Today there over two dozen entities involved with the project include numerous people who help manage the data in the database. Digital Defense provides the server hardware and bandwidth for the project, and according to the OSVDB Web site, Winterforce provides the project with “extensive documentation support, as well as consulting services to help ensure the goals of OSVDB are properly communicated and achieved.”
The project remains open to new volunteers who can help by submitting vulnerability information or by helping to manage data that has already been submitted. The project also wants to establish mirrors of the database and interested parties can contact the group moderators via email.
