[ISN] Open Source Vulnerability Database Opens for Public Access

From: security curmudgeon (jericho@private)
Date: Wed Mar 31 2004 - 20:38:55 PST


Open Source Vulnerability Database Releases Free Security Data to the
Public

The Open Source Vulnerability Database, a project to catalog and describe
the world's computer security vulnerabilities, opened for public use on 31
March 2004.

According to statistics gathered by CERT, a respected security resource at
Carnegie Mellon University, the number of new computer security
vulnerabilities found each year has risen over two thousand percent since
1995. Tracking these vulnerabilities and their remedies is critical for
those who protect networked systems against accidental misuse and
deliberate attack, whether at home, in small businesses, or across
globe-spanning enterprises.

The Open Source Vulnerability Database (OSVDB) is an open project to
collect and distribute vulnerability information freely to everyone. The
project team contains skilled volunteers working together to document
every security vulnerability that arises. Formed in 2002, the OSVDB
project has now completed its development of an online system to store and
deliver vulnerability data.

"The OSVDB's main goal is to be complete and without bias," says Jake
Kouns, chief moderator of the OSVDB project team. "This database will
serve as one-stop shopping for all vulnerability needs."

The OSVDB collects vulnerability data on every type of computer software
and operating system. Like other open-source projects, the OSVDB depends
on the wide expertise of its contributors to provide dependable
information on many technologies and security problems. The project's
open-source license makes the results freely available to users worldwide.

Warren Ward, in charge of research at Winterforce, an e-commerce and
security consultancy, says "Other vulnerability databases do exist. But
there are frequently restrictions on their use. The OSVDB's open license
frees us to serve our clients."

In addition to its current capabilities, the OSVDB is planning the release
of several new services and data products in the upcoming months. Some
will make database access easier for end users, others will support the
specialized tasks of software developers and security analysts.

The OSVDB online system can be found at www.OSVDB.org.

###

More Information:

Jake Kouns
Open Source Vulnerability Database Project
+1.804.306.8412
jkouns@private

Warren Ward
Winterforce
+1.780.708.0099
vpresearch@private
_______________________________________________
isn mailing list
isn@private
http://www.attrition.org/mailman/listinfo/isn



This archive was generated by hypermail 2b30 : Fri Apr 02 2004 - 06:29:28 PST