Open Source Vulnerability Database Gets Major Makeover
The Open Source Vulnerability Database has hit the 2.0 milestone with a major rewrite, a new "Watch List" service and several UI enhancements to provide greater details about specific vulnerabilities.
The five-year-old project, which is backed by Google, Layered Technologies and GFI Software, has been completely rewritten using Ruby on Rails and fitted with major tweaks to create the "go-to security vulnerability database," according to project leader Brian Martin.
The idea of the OSVDB 2.0 makeover is to provide an easier interface for updating vulnerabilities and a way to make it simple for individuals and companies to integrate with the project.
Among the enhancements:
Greater detail about the overall nature of a specific vulnerability. A "Watch List" service that provides alerts for new vulnerabilities. Consolidating external blogs by vulnerability. New reporting metrics.
The enhanced data will allow users to find vulnerabilities based on criteria such as attack type, solution status or if the vulnerability has been confirmed or disputed by the vendor.
Since its launch at Black Hat/Defcon shows in 2002, the OSVDB has cataloged nearly 40,000 vulnerabilities.
For more on the makeover go to the OSVDB blog.