Open Source Vulnerability Database Shuts Down

Reader StonyCreekBare writes: From the Blog at osvdb.org "As of today, a decision has been made to shut down the Open Source Vulnerability Database (OSVDB), and will not return. We are not looking for anyone to offer assistance at this point, and it will not be resurrected in its previous form. This was not an easy decision, and several of us struggled for well over ten years trying to make it work at great personal expense. The industry simply did not want to contribute and support such an effort."

the major reason it shut down

[nimbius]

The project promoted greater, open collaboration between companies and individuals.

thats not what companies want. its been my experience as a security researcher that if and when you discover a vulnerability for $product, the parent vendor typically wants to:
1. STFU: stop reporting the issue, stop investigating the exploit, and dont touch the product ever again. Ive had cease and desist orders and gag orders show up at my door for finding pretty massive issues with PCI and point of sale vendors in particular.
2. get lost: fork over what you know, sign a nondisclosure form, and fuck off. if we see you at a conference, we will set you on fire. You were never here and we never spoke to you. medical vendors are pretty good at this.
3. go straight to jail: I once had an amusement park pull this shit over a SCADA report. Yes, i had to hire an attorney. No, they didnt 'win.' Yes, it wrecked a solid 4 months of my life.

the industry DGAF about what you found or how you found it. outside of devops darlings and well known players in cloud and open source, most companies would rather you drop dead than engage in any sensible reporting on their products vulnerability to common exploit.