Volunteer Security Pros Launch Free Vulnerability Database | eWeek

Volunteer Security Pros Launch Free Vulnerability Database

Écrit par
Dennis Fisher
Dennis Fisher
Apr 2, 2004
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

A group of volunteer security professionals has compiled what is likely one of the larger freely accessible vulnerability databases on the Internet. The OSVDB (Open Source Vulnerability Database) is meant to serve as a central collection point for information on any and all security vulnerabilities.

Despite what you might assume from the name, the projects creators are not just interested in collecting data on flaws in open-source software. Instead, theyre collecting information on vulnerabilities from a wide variety of sources that they then distribute freely, under an open-source license.

The project, which went live on Wednesday, has been in the works since 2002. The team has spent most of its time since then gathering and categorizing vulnerability data. Most of the records in the database come from submissions to myriad security-related mailing lists.

OSVDB is run by a small group of security professionals who have worked on the project on their own time. Jake Kouns, chief moderator of the team, said the project so far has catalogued nearly 1,900 vulnerabilities, with another 2,700 or so submissions waiting to be confirmed and edited.

Once a new vulnerability is found, one of more than two dozen volunteer “data manglers” is assigned to confirm its veracity and get the information in shape for inclusion in the database. The flaw is then given a unique identifier and slated for database inclusion.

Kouns said that the group is hoping to begin comparing its database with other, similar stores, including the CVE (Common Vulnerabilities and Exposures) project maintained by The Mitre Corp., so that it can reference CVE numbers wherever theyre applicable. The CVE project assigns unique numbers to each new vulnerability and publishes a one-line description of the problem.

Currently, the OSVDB supports three open-source security products: the Snort intrusion detection system, the Nessus network scanner and the Nikto Web-server scanner.

/zimages/4/28571.gifCheck outeWEEK.coms Security Centerat http://security.eweek.com for security news, views and analysis.

Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:/zimages/4/19420.gifhttp://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.