OSVDB Synopsis OSVDB Project Profile OSVDB Leaders

  OSVDB Synopsis top
OSVDB is an independent and open source database created by and for the security community. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project will promote greater, more open collaboration between companies and individuals, eliminate redundant works, and reduce expenses inherent with the development and maintenance of in-house vulnerability databases.

  OSVDB Project Profile top

Founded in August 2002 at the Black Hat and Defcon conferences, OSVDB was created to provide an independent and open source vulnerability database. The goal was to provide accurate, detailed, current, and unbiased technical information about all types of vulnerabilities.

At the next Defcon conference in August 2003, the project leadership changed, and OSVDB began to build considerable momentum. OSVDB continued to grow as processes were streamlined and key individuals were recruited to help ensure the project's success.

On March 31, 2004, the Open Source Vulnerability Database opened for public use. During the next few months, the project gained significant acceptance and recognition. This led to the creation of the Open Security Foundation* to ensure OSVDB's long-term viability.

*Open Security Foundation (OSF) - Virginia, USA
The Open Security Foundation, founded on April 20th, 2004, is a 501(c)3 non-profit, public foundation that intends to provide independent, accurate, detailed, current, and unbiased security information to organizations.

OSVDB History:

  • 2002-08-01 - OSVDB Announced @ Defcon 10
  • 2003-11-31 - Backend Process Finalized
  • 2003-12-08 - Recruiting Starts
  • 2003-12-31 - OSVDB Web Site Redesign
  • 2004-03-31 - OSVDB Goes Live!
  • 2004-04-02 - OSVDB is SlashDotted
  • 2004-04-20 - Open Security Foundation (OSF) Articles of Incorporation
  • 2004-07-05 - OSVDB Declared CVE Compatible
  • 2004-08-31 - OSVDB Vendor Dictionary Released
  • 2005-04-01 - OSVDB Blog Begins
  • 2005-04-09 - OSVDB Granted 501(c)3 Non-Profit Status
  • 2005-04-30 - Brian Martin and Steve Christey from CVE create the Vulnerability Information Managers Mail List (VIM)
  • 2005-05-05 - CanSecWest '05 OSVDB Presentation Jake Kouns & Brian Martin)
  • 2006-04-13 - OSVDB Comment System Enabled
  • 2006-05-24 - OSVDB Selected for Google Summer of Code 2006
  • 2006-11-03 - OSVDB Breaks 30,000 Entries
  • 2007-03-17 - OSVDB accepted for Google Summer of Code (SoC) for 2nd year
  • 2007-05-28 - OSVDB Breaks 35,000 Entries
  • 2007-12-14 - OSVDB 2.0 goes live!
  OSVDB Project Leaders top

- Jake Kouns - Jake is the co-founder and President of the Open Security Foundation which oversees the operations of the Open Source Vulnerability Database (OSVDB). Kouns' primary focus is to provide management oversight and define the strategic direction the project.

Jake is a business-focused technology and information security executive with an extensive knowledge base and international experience. Kouns is currently the Director of Security and Network Services for a specialty insurance company. Prior to his current role he was Senior Network Security Manager for Capital One, a fortune 200 financial institution. He holds both a Bachelor of Business Administration with a concentration in Computer Information Systems and a Master of Business Administration with a concentration in Information Security from James Madison University. He also holds numerous certifications including ISC2's CISSP, ISACA's CISM and CISA.

- Chris has been involved with the project from the very beginning and has recruited key members to the project. He currently handles and approves all new vulnerabilities that are added to the database as well as manages the web checks. In addition, Chris is co-founder and Treasurer of the Open Security Foundation.

Chris is the author of the leading open source web security assessment tool "Nikto". Mr. Sullo is the lead risk assessment engineer for unix and web application security at a Fortune 200 financial institution, has 12 years of experience in various roles within security organizations and holds ISC2's CISSP, CheckPoint's CCSA, MySQL Core, and RHCE/RHCTs certifications.

- Brian is one of the most active contributors to the content of the database. He has provided a great deal of enhancement ideas and has truly become the database content owner. In addition, Brian is Secretary of the Open Security Foundation.

Brian has been involved in computers since the early 80's. His experience spans from first generation home computers to large scale servers powering the most current business applications today. Working in the computer security industry for the past seven years, he has provided security audit and penetration assessment for foreign banks, Fortune 500 companies, Department of Defense and more. He has provided training and consultation for the Federal Bureau of Investigations, Defense Criminal Investigative Services, and the National Security Agency. In recent months, Brian's articles focusing on security issues have been widely circulated on the Internet, corporate newsletters, and print magazines.

- David Shettler - Dave is personally responsible for reinventing the project and releasing OSVDB 2.0. He has developed the current system the project uses from the ground up and has enabled OSVDB to be much more agile. In addition, Dave is Vice President of the Open Security Foundation.

Dave has several of years developing and deploying enterprise applications on multiple platforms. He currently is the Information Security Officer for the College of the Holy Cross. Dave is also the author of etiolated.org, and various other web sites. His specialities are agile web development, and digital forensics.

Steve Tornio - Steve is a network engineer and has spent the last seven years designing and implementing secure LAN, WAN and Internet solutions for a multinational capital management firm based in the Midwest. His interest in OSVDB was sparked by an email to an attrition.org mail list, and he joined the project as a data mangler several months before the project went live. Since that time, he has become a core member of the team, taking on additional responsibilities as a Moderator, and recently as email administrator.

Kelly Todd – Kelly has recently joined the project but has quickly become extremely active. His main role is to help ensure that all new vulnerabilities are added to OSVDB . Kelly is currently in the process of developing a marketing and communications plan for the project!


DONATE NOW!

User Status

Quick Searches

Advertisements

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2008 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use