[ISN] OSVDB - 2005 Recap and Status Update

InfoSec News isn at c4i.org
Fri Jan 27 05:12:48 EST 2006


Forwarded from: jkouns @ opensecurityfoundation.org

OSVDB - 2005 Recap and Status Update

The Open Source Vulnerability Database (OSVDB), a project to catalog
and describe the world's security vulnerabilities, has had a
challenging yet successful year. The project is fortunate to have the
continued support of some devoted volunteers, yet remains challenged
to keep up with the increasing number of vulnerability reports, as
well as work on the back-log of historical information. Volunteers are
continually sought to help us achieve our short and long-term goals.

Despite resource constraints, there have been many exciting successes
in 2005:

* A major project goal of obtaining 501(c)3 non-profit status from the
U.S. IRS was achieved. Obtaining non-profit status was critical to the
long-term viability of the project.  This status allows OSVDB to take
charitable donations to help cover operating expenses, while providing
a tax benefit to donor companies and individuals.

* The vulnerability database has grown to over 22,000 entries thanks
to the dedicated work of Brian Martin, OSVDB Content Manager. At the
end of December, over 10,000 of those vulnerabilities were worked on
by volunteers to provide more detailed and cross-referenced
information. Our volunteer "Data Manglers" and Brian have helped
ensure OSVDB is the most complete resource for vulnerability
information on the Internet.

* OSVDB started a blog in April, as a way for us to keep the public
better informed on the project's status.  Very quickly we realized the
blog was a perfect place to discuss and comment on various aspects of
vulnerabilities, and has become a successful mechanism for
communicating with the security industry. If you have suggestions for
topics, or would like to join the discussion, please visit the OSVDB
blog at:  http://osvdb.org/blog/.

* We are pleased to welcome Kevin Johnson as leader of the OSVDB
development team. Kevin joins OSVDB with a strong background in
information security, and as leader of the BASE project, has a proven
track-record managing open source teams.  We are very excited about
Kevin joining the project, and hope to provide more information soon
regarding the OSVDB development road map.  If you are interested in
becoming a part of the new OSVDB development team, please contact us!

We would like to also recognize our sponsors and thank them for their
support. Digital Defense, Churchill & Harriman, Audit My PC, and
Opengear have all provided important resources to OSVDB over the past
year. We would also like to thank Renaud Deraison of the Nessus
Project and HD Moore of the Metasploit Project for their support.
Lastly, we of course want to thank our volunteers, and note that
several of them have contributed to Nessus Network Auditing, available
from Syngress Publishing.

We are very pleased with the progress and growth of OSVDB over the
past year, but do not want to downplay the importance of recruiting
new volunteers, as well as retaining our current ones, in order to get
through the considerable back-log of vulnerabilities that need further
work. This task is daunting, but will not only help retain valuable
historical vulnerability information, but will also allow OSVDB to
generate meaningful statistics for past and current years.

We have had a great year, and are looking forward to another one! We
are of course still seeking assistance to help keep OSVDB
successful--the project has many ideas in need of financial and
volunteer support to implement.  For more information on supporting
OSVDB through volunteering or sponsorship, please contact
moderators at osvdb.org.

Sponsors/References:

Audit My PC: http://www.auditmypc.com/
Churchill & Harriman: http://www.chus.com/
Digital Defense: http://www.digitaldefense.net/
Opengear: http://www.opengear.com/
Nessus Network Auditing: http://www.syngress.com/catalog/?pid=2850

###

More Information:

Jake Kouns
Open Source Vulnerability Database Project
+1.804.306.8412
jkouns at osvdb.org





More information about the ISN mailing list