[attrition] OSVDB - 2005 Recap and Status Update

security curmudgeon jericho at attrition.org
Thu Jan 26 01:32:48 EST 2006 


---------- Forwarded message ----------
From: jkouns <jkouns at opensecurityfoundation.org>
Date: Thu, 26 Jan 2006 00:48:01 -0500
Subject: OSVDB - 2005 Recap and Status Update

OSVDB - 2005 Recap and Status Update

The Open Source Vulnerability Database (OSVDB), a project to catalog and 
describe the world's security vulnerabilities, has had a challenging yet 
successful year. The project is fortunate to have the continued support of 
some devoted volunteers, yet remains challenged to keep up with the 
increasing number of vulnerability reports, as well as work on the 
back-log of historical information. Volunteers are continually sought to 
help us achieve our short and long-term goals.

Despite resource constraints, there have been many exciting successes in 
2005:

* A major project goal of obtaining 501(c)3 non-profit status from the 
U.S. IRS was achieved. Obtaining non-profit status was critical to the 
long-term viability of the project.  This status allows OSVDB to take 
charitable donations to help cover operating expenses, while providing a 
tax benefit to donor companies and individuals.

* The vulnerability database has grown to over 22,000 entries thanks to 
the dedicated work of Brian Martin, OSVDB Content Manager. At the end of 
December, over 10,000 of those vulnerabilities were worked on by 
volunteers to provide more detailed and cross-referenced information. Our 
volunteer "Data Manglers" and Brian have helped ensure OSVDB is the most 
complete resource for vulnerability information on the Internet.

* OSVDB started a blog in April, as a way for us to keep the public better 
informed on the project's status.  Very quickly we realized the blog was a 
perfect place to discuss and comment on various aspects of 
vulnerabilities, and has become a successful mechanism for communicating 
with the security industry. If you have suggestions for topics, or would 
like to join the discussion, please visit the OSVDB blog at: 
http://osvdb.org/blog/.

* We are pleased to welcome Kevin Johnson as leader of the OSVDB 
development team. Kevin joins OSVDB with a strong background in 
information security, and as leader of the BASE project, has a proven 
track-record managing open source teams.  We are very excited about Kevin 
joining the project, and hope to provide more information soon regarding 
the OSVDB development road map.  If you are interested in becoming a part 
of the new OSVDB development team, please contact us!

We would like to also recognize our sponsors and thank them for their 
support. Digital Defense, Churchill & Harriman, Audit My PC, and Opengear 
have all provided important resources to OSVDB over the past year. We 
would also like to thank Renaud Deraison of the Nessus Project and HD 
Moore of the Metasploit Project for their support. Lastly, we of course 
want to thank our volunteers, and note that several of them have 
contributed to Nessus Network Auditing, available from Syngress 
Publishing.

We are very pleased with the progress and growth of OSVDB over the past 
year, but do not want to downplay the importance of recruiting new 
volunteers, as well as retaining our current ones, in order to get through 
the considerable back-log of vulnerabilities that need further work. This 
task is daunting, but will not only help retain valuable historical 
vulnerability information, but will also allow OSVDB to generate 
meaningful statistics for past and current years.

We have had a great year, and are looking forward to another one! We are 
of course still seeking assistance to help keep OSVDB successful--the 
project has many ideas in need of financial and volunteer support to 
implement.  For more information on supporting OSVDB through volunteering 
or sponsorship, please contact moderators at osvdb.org.

Sponsors/References:

Audit My PC: http://www.auditmypc.com/
Churchill & Harriman: http://www.chus.com/
Digital Defense: http://www.digitaldefense.net/
Opengear: http://www.opengear.com/
Nessus Network Auditing: http://www.syngress.com/catalog/?pid=2850

###

More Information:

Jake Kouns
Open Source Vulnerability Database Project
+1.804.306.8412
jkouns at osvdb.org

More information about the attrition mailing list