OSVDB 2009 Q4 Changelog

Posted by jericho Tue, 08 Dec 2009 22:50:00 GMT

I always mean to post changes more frequently, but apathy and other tasks seem to win the day. Here is a brief list of OSVDB change highlights over the past few months.

• The database currently covers 59,833 vulnerabilities, spanning 26,179 products from 4,735 researchers, over 44 years.
• Sequoia, ES&S and InkaVote e-voting machine audit documents integrated (all text search "electronic voting machine")
• Happy 10th birthday CVE! We are now "fully" mapped for all years
• Integrated the historic Phage mail list content (http://securitydigest.org/phage/)
• Our Snort X-ref import script was borked (since Sep). Fixed, added almost 500 recent Snort IDs to references
• Apache bug system scoured, over 150 Apache vulns added from the last eight years (http://osvdb.org/ref/blog/apache-scouring.txt)
• Metasploit static references supported (http://blog.osvdb.org/2009/10/23/metasploit-reference-support-added-more)
• Exploit-DB references supported (http://www.exploit-db.com/)
• VuPEN references supported (http://www.vupen.com/)
• Many vulnerability and solution templates overhauled

• Search engine rebuilds are considerably faster, will auto-tweet when rebuilding (as it may affect search results)
• Reference search for full URL works
• Title search for multiple words fixed (was temporarily matching on some but not all words)
• New search filters and custom exports (http://blog.osvdb.org/2009/11/09/search-filters-custom-exports)
• Inverse search filtering enabled (http://blog.osvdb.org/2009/10/30/not-it)
• Search by CVSS scores (http://blog.osvdb.org/2009/10/28/search-enhance-by-cvss-score-or-attribute)
• Any search can be turned into a 'Watch List'. Left nav menu has this option, new results are mailed to you as entered in the system

• New menu system (top and left nav)
• Twitter feed more actively used for project updates
• Twitter feed displays on front page
• 'About' page is updated, expect more static pages to be updated to better reflect project status soon
• CVSSv2 scoring support added, including:
• CVSS scoring history (historically track NVD, OSVDB and other sources)
• Anyone can submit scores for entries without CVE/NVD (over 13,000)
• Updating CVSS scores for entries without are worth .25 points for now, to encourage mangling
• Moderation system in place for submitted CVSS scores
• Creditee system overhaul (http://blog.osvdb.org/2009/11/21/creditee-system-overhauled)
• "Vulnerabilities in OSVDB disclosed by type by quarter" graphs added to front page
• More fixes to continue support for IE6. Don't expect this to last!