[attrition] Challenge: OSVDB Winter 2010 Fundraising Goal

security curmudgeon jericho at attrition.org
Tue Jan 5 06:00:10 UTC 2010 

http://blog.osvdb.org/2010/01/04/challenge-osvdb-winter-2010-fundraising-goal

CHALLENGE: OSVDB WINTER 2010 FUNDRAISING GOAL

OSVDB has just announced its Winter 2010 Fundraising Goal , which 
currently hopes to raise $9,000 before April 1, 2010. Looking back over 
the last couple of years of advances in the project, it's easy to see not 
only how the project has evolved, but also how operational costs have 
increased to cover software development, content development, server 
hosting costs, and other assorted expenses to help keep OSVDB interesting, 
timely, and functional.

On an average, OSVDB has promoted 10,000 to 12,000 vulnerabilites per year 
for the last the last few years. Breaking that down to about 1,000 per 
month, the vulnerabilities in the database are gathered from a variety of 
sources, such as CVE, Secunia and various vendor changelogs and 
advisories. Keeping up a pace of about 1,000 newly listed vulerabilities 
per month hasn't always been easy... but it's about to get interesting.

I recently resigned my position as Chief Communications Officer with Open 
Security Foundation to focus more on the "content" aspect of OSVDB and 
DataLossDB. The extra time gained from giving up administrative duties 
will hopefully help the sites keep content fresh and accurate. Jericho, 
CJI, and I are going to keep working on new vulnerabilities as we can and 
keep the ball rolling.

With that said, I'm issuing a challenge: For every new vulnerability 
issued an OSVDB ID from January 1, 2010 through April 1, 2010, I will 
donate $0.50 (fiddy cents) of my own money to the OSVDB fundraiser. I 
challenge anyone who feels that OSVDB is a valuable resource to the 
security community to match my donation.

To make a few points clear:

1. I am no longer an OSF officer. My donation comes out of my own pocket, 
not the OSF coffers, and I will accept no compensation from OSF for this 
offer. If I have to sell a kidney, I hear you only need one anyway.

2. Since Jericho, CJI, and I are the ones who generally push new 
vulnerabilities to "live" status, there will be no slacking to save my 
bank account. If anything, I'll be more motivated to push the potential 
donations higher and they'll be motivated to watch me suffer on April 2. 
That's how we roll.

3. At an average of 1,000 vulnerabilities a month, over three months I 
expect to donate $1,500. It may be less, it may be more. There will be a 
maximum cap of $2,500 donated by myself and anyone who matches it. If we 
can push 5,000 vulns in three months, something is either very wrong or 
very great. YMMV.

4. If five other people and/or groups take me up on the challenge and we 
meet our average, OSF will meet its goal. We still hope everone else will 
contribute not only time but *effort* to help the project.

5. This is not a gimmick. It's not smoke and mirrors. You can see what 
OSVDB pushes on a daily basis on our Twitter page and on our contributors 
page. We will push all legitimate vulnerabilities just as we have been 
doing for years. If we're slow for a few days, don't worry. We'll catch 
up.

So, that's the challenge. If anyone wants to play and match my offer, 
please contact us at moderators[at]osvdb.org. I'm going back to work now.

More information about the attrition mailing list