Open Source Vulnerability Database Goes Live
Alascom writes "The Open Source Vulnerability Database project has finally gone live. The project aims to provide comprehensive, free and unbiased (no vendor spin) vulnerability information. The database is being incorporated into such fine open source utilities as SNORT and NESSUS."
...per the database info page.
<shameless>
Hey OSVBD folks, here's a little utility to do do some PostgreSQL query analysis!
</shameless>
The Army reading list
The name implied to me that it is only vulnerabilities in Open Source programs/systems that will be tracked, but reading the FAQ it seems to be that the database itself is open-source, and the database covers all systems. I think they could have named it better.
Simon
Physicists get Hadrons!
is'nt securityfocus doing that already?
No vendor spin on security issues. Now we can know the truth to the best of our ability without corporate FUD, hype or downplay.
Gotta love technology when it helps get the full-truth out there.
Even if I knew that tomorrow the world would go to pieces, I would still plant my apple tree. -Martin Luther
How long will it take till they say that?
After 3 days without programming, life becomes meaningless
- The Tao of Programming
This should be done for all types of software...Perhaps developers will be a little more careful with their codeing and end users will be able to see just how secure the software is before they commit to it.
Security Focus became BIASED as heel from when Symantec bought them. Finally a really neutral source of information. Thank you for doing this guys ...
Why would the data become obsolete after 8 hours? Not everyone runs out and installs the latest version of something for the hell of it you know.
The CVE is "A Dictionary, NOT a Database" of vulnerabilities. It appears you aren't familiar with the CVE
You would be better off to compare the OSVDB against the ICAT metabase
The ICAT has some serious shortcomings which makes my work a big PAIN! (try to cross reference a specific vulnerability that matches 10 vulnerabilities).
OSVDB appears to better personify the open source paradigm in general, as such, I'd like to extend a warm welcome.
We expect great things from you.
Which makes me wonder about Debian, they backport the patches and have a slow release cycle. The systems appear to be old and vulnerable, with only half of it being true... doesn't really match this reporting.
"So unmerciful is life, that everything afterwards is too late."