OSVDB F.A.Q.

What does the acronym "OSVDB" stand for?
What is the purpose of OSVDB?
Does OSVDB only focus on Open Source product vulnerabilities?
What are the origins of OSVDB?
What are the benefits of OSVDB?
What process is used to enter vulnerabilities into the database?
How can I submit updates to existing vulnerabilities to OSVDB?
Is the database for sale?
What makes this database different than other vulnerability databases?
How is OSVDB different than CVE?
What does it mean to mangle and what is a data mangler?
How can I help the project?
Why isn't my name listed as a contributor?
I have a great idea for the database, general questions and/or concerns, whom should I contact?
What does the future have in store for OSVDB?

 

Q. What does the acronym "OSVDB" stand for?

A: Open Source Vulnerability Database.

Q. What is the purpose of OSVDB?

A: The concept of the OSVDB was introduced as a method of implementation for an unbiased, vendor neutral vulnerability database for utilization by individuals involved in the information security community.

The overall goals of the project are to promote greater, more open collaboration between companies and individuals, eliminate redundant works, and reduce expenses inherent with the development and maintenance of in-house vulnerability databases.

Q. Does OSVDB only focus on Open Source product vulnerabilities?

A: Many people have asked this question, and despite what you might assume from the name, OSVDB is not just interested in collecting data on flaws in open source software. Instead, the project collects information on vulnerabilities on all types of products, including commercial software as well. The Open Source in the name refers to how the project distributes the information freely under an open source license.

Q. What are the origins of OSVDB?

A: August 1, 2002 at the Black Hat and Defcon security conferences, two new services and a new partnership for community-based security information sources were announced. OSVDB was one of the new services announced and many members of the security community were involved with the original development. Unfortunately, the momentum of all of the announced services began to crumple and OSVDB was in danger of collapsing.

August 1, 2003 at the Defcon security conference a full year after the original announcement of OSVDB, two original team members (Sullo and Forrest) recruited in a new member (Jake) to work on the project. At that point the three breathed new life into the project and many major accomplishments have been achieved. The new three leading members have committed to delivering the database to the community.

Q. What are the benefits of OSVDB?

A: The overall goal of OSVDB is the decrease the work and expense involved in maintaining an in-house vulnerability database for everyone in the security community. In addition, the database will make an attempt to help the open source community standardize in many aspects.

Q. What process is used to enter vulnerabilities into the database?

A: The primary way entries are entered into the database is from numerous security mailing lists. Once a vulnerability is determined to be valid it is then added to the database in a pending mode and prioritized to be reviewed and edited by an OSVDB data mangler.

Q. How can I submit new vulnerabilities to OSVDB?

Current Answer:
At this time the only way to submit a vulnerability is by contacting an OSVDB moderator. Please send information to moderators@osvdb.org.


Q. How can I submit updates to existing vulnerabilities to OSVDB?

A: Sign-up! now and start submitting updates!

Q. Is the database for sale?

A: No. All individuals and organizations are granted use of the database without the expectation of remuneration.

Q. What makes this database different than other vulnerability databases?

A: The OSVDB database is free. It is run by security enthusiasts, for everyone. The goal of this database is not to provide a large database for free to individuals, and then charge corporations thousands of dollars for access. We are all people working toward a common goal, trying to lighten the load the individual companies and people take building proprietary databases. "Many hands make light work" is an excellent quote for why this database works so well.

Q. How is OSVDB different than CVE?

A: Common Vulnerabilities and Exposures (CVE) simply provides a standardized name for vulnerabilities, much like a dictionary. OSVDB is database that provides a wealth of information about each vulnerability. Where appropriate, entries in the OSVDB reference their respective CVE names.

Q. What does it mean to mangle and what is a data mangler?

Mangle: To mutilate or disfigure by battering, hacking, cutting, or tearing.

A: OSVDB uses the term mangle or mangling to define when an entry in the database is being worked on. A data mangler is a member of the project who mangles entries.

Q. How can I help the project?

A: There are many ways to help the project. Short term we are looking for security professionals to join the project and help mangle entries. Long term we are looking for support from the security community in a number of ways. We would like to see products, websites, and companies start to reference OSVDB IDs. Even though OSVDB is a non-profit project, donations of hardware, software and money would greatly help. Please contact moderators@osvdb.org.

Q. Why isn't my name listed as a contributor?

A: Companies, organizations and individuals that have donated hardware, software, and great amounts of time to this project are listed on this page. If you submit vulnerabilities to the site, you have the option to put your name or company name in the "Credit" section. If you feel that you should be included on this page, please contact 'relations@osvdb.org' and explain the situation.

Q. I have a great idea for the database, general questions and/or concerns, whom should I contact?

A: We would love to hear from you no matter what the feedback. Please mail moderators .

Q. What does the future have in store for OSVDB?

A: There is a lot in store and it is certain that OSVDB will provide incredible value to the security community. The current goal is cleaning up the processes on the backend and continuing to recruit the right individuals to help the project succeed. More information will be posted in the OSVDB news section and we will try to provide future objectives whenever possible.

DONATE NOW!

User Status

Quick Searches

Advertisements

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

© Copyright 2008 Open Source Vulnerability Database (OSVDB), All Rights Reserved.
Privacy Statement - Terms of Use