A group of volunteer security professionals has compiled what is likely one of the larger freely accessible vulnerability databases on the Internet. The OSVDB (Open Source Vulnerability Database) is meant to serve as a central collection point for information on any and all security vulnerabilities.
Despite what you might assume from the name, the project’s creators are not just interested in collecting data on flaws in open-source software. Instead, they’re collecting information on vulnerabilities from a wide variety of sources that they then distribute freely, under an open-source license.
The project, which went live on Wednesday, has been in the works since 2002. The team has spent most of its time since then gathering and categorizing vulnerability data. Most of the records in the database come from submissions to myriad security-related mailing lists.
OSVDB is run by a small group of security professionals who have worked on the project on their own time. Jake Kouns, chief moderator of the team, said the project so far has catalogued nearly 1,900 vulnerabilities, with another 2,700 or so submissions waiting to be confirmed and edited.