Call to Arms: In Search of Bigger DLDOS

Sat Mar 15 00:02:11 EST 2008


Over the past few months, has received numerous requests about enhancements to the Data Loss Database - Open Source (DLDOS). As much as we would like to accomodate every request and provide a more complete and more accurate data set, just as the Open Source Vulnerability Database strives for the same goal, sometimes the resources "just aren't there". We generally receive suggestions via email and ponder them while adding new events and updating archived ones, but we had to ask ourselves, "how much can we really do on our own?".

The Data Loss Mail List currently has over 1,200 active subscribers and we feel that it has been a valuable source of information regarding data loss events, legislative matters, and technical discussion. With that in mind, it's sometimes frustrating knowing that we could enhance and improve upon the current data set, but simply don't have the time to manage all of it ourselves. So, all of a sudden, *light bulb* - why not ask for a little help? Why not make the database more of a "community project"? Why not have anyone offer suggestions, submit changes, and we can incorporate those changes if they meet general (and informal) standards?

Actually, that's what we wanted (and suggested) in the first place. However, much like OSVDB, that hasn't happened.

So, instead of just mailing us with ideas for new columns, criteria, and specific field updates, we want to invite everyone to download the current database (which generally updates at least five or six times a week), make changes, and send it back to us with a quick note as to what was changed and why it was changed. If the new data is valid and substantiated, we'll include it in the newest update. We realize that this won't be a perfect process, but it seems to be far better than what we have now. There are quite a few items that could be addressed if *everyone* pitches in:

If anyone is interested in helping with this idea, please let us know. However, keeping everything said in mind, going forward we probably won't be able to spend much time backfilling or updating older data. If we can't get a dozen people out of at least 1,200 (1.0%) to help out, we all might have to accept that the DLDOS data set will generally be incomplete, and in some cases, possibly inaccurate.

Questions and comments are welcome. New and accurate data = better than before!

[an error occurred while processing this directive]