[Dshield] Vulnerability Database Site

Fred fretz at pacbell.net
Sat Apr 3 00:35:08 GMT 2004


I thought I'd send this item to the list because I seem to recall people
looking for something like it.  This site has apparently has just been
officially "launched" although it may have been mentioned on this list
before.
>From a 'ZDNet UK' article:

"The Open Source Vulnerability Database (OSVDB) has launched a free Web site
that catalogues security flaws in Internet-related software. It will, say
its creators, promote more open collaboration between companies and
individuals 'and reduce expenses inherent with the development and
maintenance of in-house vulnerability databases'."

You can take a look at the OSVDB site here:
http://www.osvdb.org/

I do not see viruses listed in the database, only software
"vulnerabilities".

As an example, someone earlier mentioned Apache 2 on this list, and there
are some "new" vulnerability entries for that software, (and several dozen
for the older-?- Apache version).  For Apache 2 there is no specific info
given for the vulnerabilities since they're apparently newly discovered.
For the older version of Apache there are about three dozen vunerabilities
listed and for about a dozen of those the info is considered "stable".  A
"stable" designation lists a few details about the vulnerability and
convenient links to other sources of information about it.

Fred






More information about the list mailing list