OSVDB Synopsis

top

OSVDB is an independent and open source database created by and for the security community. The goal of the project is to provide accurate, detailed, current and unbiased technical information on security vulnerabilities. The project will promote greater, more open collaboration between companies and individuals, eliminate redundant works, and reduce expenses inherent with the development and maintenance of in-house vulnerability databases.

OSVDB Project Profile

top

Founded in August 2002 at the Black Hat and Defcon conferences, OSVDB was created to provide an independent and Open Source Vulnerability DataBase. The goal was to provide accurate, detailed, current and unbiased technical information about all types of vulnerabilities.

At the next Defcon conference in August 2003, the project leadership changed, and OSVDB began to build considerable momentum. OSVDB continued to grow as processes were streamlined and key individuals were recruited to help ensure the project's success. On March 31, 2004, the Open Source Vulnerability Database opened for public use. During the next few months, the project gained significant acceptance and recognition. This led to the creation of the 501(c)3 non-profit Open Security Foundation (OSF) to ensure OSVDB's long-term viability.

OSVDB History:

• 2002-08-01 - OSVDB Announced @ Defcon 10
  
• 2003-11-31 - Backend Process Finalized
  
• 2003-12-08 - Recruiting Starts
  
• 2003-12-31 - OSVDB Web Site Redesign
  
• 2004-03-31 - OSVDB Goes Live!
  
• 2004-04-02 - OSVDB is SlashDotted
  
• 2004-04-20 - Open Security Foundation (OSF) Articles of Incorporation
  
• 2004-07-05 - OSVDB Declared CVE Compatible
  
• 2004-08-31 - OSVDB Vendor Dictionary Released
  
• 2005-04-01 - OSVDB Blog Begins
  
• 2005-04-09 - OSVDB Granted 501(c)(3) Non-Profit Status
  
• 2005-04-30 - Brian Martin & Steve Christey from CVE create the Vulnerability Information Managers Mail List (VIM)
  
• 2005-05-05 - CanSecWest '05 OSVDB Presentation (Jake Kouns & Brian Martin)
  
• 2006-04-13 - OSVDB Comment System Enabled
  
• 2006-05-24 - OSVDB Selected for Google Summer of Code 2006
  
• 2006-11-03 - OSVDB Breaks 30,000 Entries
  
• 2007-03-17 - OSVDB accepted for Google Summer of Code (SoC) for 2nd year
  
• 2007-05-28 - OSVDB Breaks 35,000 Entries
  
• 2007-12-14 - OSVDB 2.0 goes live!
  
• 2008-11-21 - OSVDB Breaks 50,000 Entries
  
• 2009-04-22 - OSF Wins SC Magazine 2009 Editors Choice Award
  
• 2009-09-15 - Brian Martin joins the CVE editorial board
  
• 2009-10-07 - OSVDB supports CVSSv2 scoring
  
• 2009-11-13 - OSVDB Breaks 60,000 Entries
  

OSVDB Project Leaders

top

- Jake is the co-founder and CEO of the Open Security Foundation which oversees the operations of the Open Source Vulnerability Database (OSVDB). Kouns' primary focus is to provide management oversight, vendor relations and define the strategic direction the project. He holds both a Bachelor of Business Administration with a concentration in Computer Information Systems and a Master of Business Administration with a concentration in Information Security from James Madison University. He also holds numerous certifications including ISC2's CISSP, ISACA's CISM and CISA.

- Kelly is a moderator for OSVDB. Todd's primary focus is on vulnerability import, CVE compatibility, new vulnerability entries, and dataset management. Kelly is an information security analyst well-versed in a wide variety of compliance standards and currently works for a security software company. His proudest moment came when he realized he was able to type "remote file inclusion" without looking at his fingers.

- Brian is the Content Manager and the most active contributor to the content of the database historically. He has provided a great deal of enhancement ideas and direction for pushing the evolution of the project. In addition, Brian is President and COO of the Open Security Foundation. By day, Brian is a subject matter expert for a security software company. By night, he is the security curmudgeon; defender of trampled consumers and self appointed auditor of the security industry. When not scouring changelogs and bug tracking systems for new vulnerability information, he is a champion for small misunderstood creatures.

- Dave is the lead developer and personally responsible for reinventing the project and single-handedly releasing OSVDB 2.0. He has developed the current system the project uses from the ground up and has enabled OSVDB to be considerably more flexible. In addition, Dave is the Vice President and CTO of the Open Security Foundation. Dave has several of years developing and deploying enterprise applications on multiple platforms. He currently is the Information Security Officer for the College of the Holy Cross. Dave is also the creator of DatalossDB.org, and various other web sites. His specialities are agile web development, digital forensics and self-degrading humor.

Steve Tornio - Steve is a network engineer and has spent the last seven years designing and implementing secure LAN, WAN and Internet solutions for a multinational capital management firm based in the Midwest. His interest in OSVDB was sparked by an email to an attrition.org mail list, and he joined the project as a data mangler several months before the project went live. Since that time, he has become a core member of the team, taking on additional responsibilities as a Moderator, and recently as email administrator.

Craig Ingram - Craig is a penetration tester for a small firm in the Northeast. Craig became interested in OSVDB after missing one too many jokes from Kelly and Brian. Since then, he has rapidly moved from a data mangler to a moderator and core member of the team, assisting in vulnerability import and CVE compatibility.

Patrick McDonald - Patrick McDonald is an information security engineer and consultant working out of Northern VA. With ten years of professional experience, he has provided security services to a variety of government, commercial and non-profit clients. He holds the CISSP and CEH certification. He joined the project as a data managler, several months after the project went live. Patrick is an active member and moderator of the OSVDB project.