lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 17 Dec 2007 01:47:49 -0500
From: jkouns <jkouns@...nsecurityfoundation.org>
To: jkouns@...db.org
Subject: OSVDB 2.0 RELEASED

OPEN SOURCE VULNERABILITY DATABASE (OSVDB) 2.0

RICHMOND, VA, December 15, 2007 – OSVDB announced a major milestone in 
the cataloging, classification, description and management of software 
and hardware security vulnerabilities: The release of OSVDB 2.0, a 
complete rewrite of the web site using Ruby on Rails, provides 
substantial performance and reliability improvements for both developers 
and researchers. “OSVDB 2.0 will help evolve stagnant Vulnerability 
Databases and position OSVDB as the go-to security vulnerability 
database,” says Brian Martin, one of the project leaders.

OSVDB, a recognized leader in providing services to the security 
industry for the past five years, has cataloged nearly 40,000 
vulnerabilities, with the help of over 300 volunteers,  while gaining 
industry recognition and vendor support.

“The new Ruby on Rails MVC framework will allow for quick and efficient 
deployment of changes,” says Dave Shettler, Lead Developer of the OSVDB 
project. “This will provide greater flexibility to adapt to the changes 
in the vulnerability and security industry.”

Eighteen months ago OSVDB project leaders identified the need to provide 
more services, an easier interface for updating vulnerabilities and a 
way to make it simple for individuals and companies to integrate with 
the project.  OSVDB 2.0 achieves these objectives.

OSVDB 2.0 enhancements include: greater detail about the overall nature 
of a specific vulnerability, a “Watch List” service that provides alerts 
for new vulnerabilities, consolidating external blogs by vulnerability, 
and new reporting metrics.  The enhanced data will allow users to find 
vulnerabilities based on criteria such as attack type, solution status 
or if the vulnerability has been confirmed or disputed by the vendor. 
“We know that OSVDB 2.0’s new features will prove to be useful for the 
security community.” says Kelly Todd, one of the project leaders. 
“OSVDB is a team effort for improved security by the security community.”

Users of the old system will immediately notice that the project has 
implemented a customizable portal that fully integrates the old backend 
interface and the front end website.  In addition, the method for 
updating vulnerabilities has been changed to a “Wiki style” system that 
allows contributors to edit individual fields when needed.

The enhanced classification system is now tracking the following 
additional fields:
•Context Dependent
•“Wormified”
•Vulnerability Dependent
•Security Software
•Coordinated Disclosure
•Uncoordinated Disclosure
•Vendor Disputed
•Vendor Verified
•Solution Types
•Wireless

The OSVDB project leaders--Jake Kouns, Brian Martin, Dave Shettler, 
Chris Sullo, Kelly Todd , and Steve Tornio-- would like to thank all of 
the volunteers and organizations who help make the project a success. 
The full list of contributors to the project can be viewed at: 
http://osvdb.org/contributors
	
We would also like to thank our sponsors:
•Google (google.com), for sponsoring OSVDB in the Google Summer of Code 
program in 2006 and 2007.
•Layered Technologies (layeredtech.com), for web hosting.
•GFI (gfi.com), for financial support.

“The OSVDB project will go as far as the community is willing to take 
it.”, says Jake Kouns, project lead. “We continue to encourage 
individuals to get involved and help shape the future of the project.”

If you would like to become involved with the project please contact us 
at moderators@...db.org

OSVDB 2.0 can be found at www.OSVDB.org.

Press Contact:

Jake Kouns
Open Source Vulnerability Database Project
+1.804.306.8412

Email: jkouns@...nsecurityfoundation.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ