OSVDB Synopsis OSVDB Project Profile OSVDB Leaders

  OSVDB Synopsis top

OSVDB is an independent and open sourced web-based vulnerability database created for the security community. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project hopes to provide a truly comprehensive vulnerability database with extended features to better facilitate searching, information classification, and references.


  OSVDB Project Profile top

Founded in August 2002 at the Black Hat and Defcon conferences, OSVDB was originally created to provide an independent and Open Source Vulnerability DataBase. The goal was to provide accurate, detailed, current, and unbiased technical information about all types of vulnerabilities.

At the Defcon conference in August 2003, the project leadership changed, and OSVDB began to build considerable momentum. OSVDB continued to grow as processes were streamlined and key individuals were recruited to help ensure the project's success. On March 31, 2004, the Open Source Vulnerability Database opened for public use. During the next few months, the project gained significant acceptance and recognition. This led to the creation of the 501(c)3 non-profit Open Security Foundation (OSF) to ensure OSVDB's long-term viability.

Over the next 8 years, contributions from the security community failed to materialize. To this day, over 99% of the database content and contributions come from a very few dedicated volunteers, OSF officers, or employees hired by OSF / RBS. As of early 2012, OSVDB officially dropped the 'Open Source' title, and rebranded to the more accurate 'Open Sourced' which is in keeping with the original intent, and to make it clear that the project has had to move away from the most traditional 'open source' model in order to sustain itself.

OSVDB History:

  • 2002-08-01 - OSVDB Announced @ Defcon 10
  • 2003-11-31 - Backend Process Finalized
  • 2003-12-08 - Recruiting Starts
  • 2003-12-31 - OSVDB Web Site Redesign
  • 2004-03-31 - OSVDB Goes Live!
  • 2004-04-02 - OSVDB is SlashDotted
  • 2004-04-20 - Open Security Foundation (OSF) Articles of Incorporation
  • 2004-07-05 - OSVDB Declared CVE Compatible
  • 2004-08-31 - OSVDB Vendor Dictionary Released
  • 2005-04-01 - OSVDB Blog Begins
  • 2005-04-09 - OSVDB Granted 501(c)(3) Non-Profit Status
  • 2005-04-30 - Brian Martin & Steve Christey from CVE create the Vulnerability Information Managers Mail List (VIM)
  • 2005-05-05 - CanSecWest '05 OSVDB Presentation (Jake Kouns & Brian Martin)
  • 2006-04-13 - OSVDB Comment System Enabled
  • 2006-05-24 - OSVDB Selected for Google Summer of Code 2006
  • 2006-11-03 - OSVDB Breaks 30,000 Entries
  • 2007-03-17 - OSVDB accepted for Google Summer of Code (SoC) for 2nd year
  • 2007-05-28 - OSVDB Breaks 35,000 Entries
  • 2007-12-14 - OSVDB 2.0 goes live!
  • 2008-11-21 - OSVDB Breaks 50,000 Entries
  • 2009-04-22 - OSF Wins SC Magazine 2009 Editors Choice Award
  • 2009-09-15 - Brian Martin joins the CVE editorial board
  • 2009-10-07 - OSVDB supports CVSSv2 scoring
  • 2009-11-13 - OSVDB Breaks 60,000 Entries
  • 2010-08-20 - OSF leads and participates in panel on vulnerability issues at DEFCON
  • 2010-09-07 - OSF creates external advisory board for strategic guidance
  • 2011-02-22 - OSF partners with Risk Based Security to offer increased accessibility to data and support our research
  • 2012-02-28 - OSF leads a panel on vulnerability issues at RSA
  • 2013-03-20 - OSVDB Breaks 90,000 Entries
  OSVDB Project Leaders top

- Jake is the co-founder and CEO of the Open Security Foundation which oversees the operations of the Open Sourced Vulnerability Database (OSVDB). Kouns' primary focus is to provide management oversight, vendor relations and define the strategic direction the project. He holds both a Bachelor of Business Administration with a concentration in Computer Information Systems and a Master of Business Administration with a concentration in Information Security from James Madison University. He also holds numerous certifications including ISC2's CISSP, ISACA's CISM and CISA.

- Brian is the Content Manager and the most active contributor to the content of the database historically. He has provided a great deal of enhancement ideas and direction for pushing the evolution of the project. In addition, Brian is President and COO of the Open Security Foundation. By day, Brian is a senior analyst for a security software company. By night, he is the security curmudgeon; defender of trampled consumers and self appointed auditor of the security industry. When not scouring changelogs and bug tracking systems for new vulnerability information, he is a champion for small misunderstood creatures.

Steve Tornio - Steve is a network engineer and has spent the last seven years designing and implementing secure LAN, WAN and Internet solutions for a multinational capital management firm based in the Midwest. His interest in OSVDB was sparked by an email to an attrition.org mail list, and he joined the project as a data mangler several months before the project went live. Since that time, he has become a core member of the team, taking on additional responsibilities as a Moderator, and recently as email administrator.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2002 - 2013 Open Sourced Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use