The Open Source Vulnerability Database, a project to catalog and describe the world’s security vulnerabilities, has continued to focus on improving database content and increasing services offered to the security community.
Since the official launch of OSVDB in March 2004, the vulnerability database has grown from 1000 to over 6700 complete entries. This rapid growth has far surpassed initial estimates, and the project’s many successes show that the open source community can truly deliver world-class security information.
OSVDB’s rapid success is directly attributed to the dedicated volunteers who help populate, maintain and enhance the database. Their hard work has already allowed OSVDB to exceed the amount of vulnerability information available in some databases. At the current rate of growth, the project is poised to surpass the other vulnerability databases by the end of 2005. “It will soon become mandatory for security professionals to use OSVDB if they want the most thorough information available,” says Brian Martin, one of the project leaders.
The OSVDB leadership team has been aggressively working to ensure the long term viability of the project. After improving content to be recognized as an industry leader, the team determined that incorporating as a non-profit organization was imperative to OSVDB’s future success. Founded to formally run the OSVDB project, the Open Security Foundation has been approved as a 501(c)3 non-profit organization under United States law. Jake Kouns, OSVDB project lead, says, “Achieving our non-profit status will allow us to seek funding and ensure free vulnerability information will be available for years to come.”
Two of the OSVDB project leaders, Brian Martin and Jake Kouns, will be presenting a talk called “Vulnerability Databases: Everything is Vulnerable” at cansecwest/core05 (http://www.cansecwest.com/) in May 2005. The presentation aims to provide an unbiased review of vulnerability databases, and addresses the value they should provide to security practitioners.