Our dev team tackled some of the ticket backlog on the OSVDB project. While many changes are ‘behind the scenes’ and only affect the daily manglers, there are a few that are helpful to anyone using the database:
- Metasploit links have been fixed. At some point, the Metasploit project changed the URL scheme for the search engine. Our incoming links stopped matching the format and resulted in landing at the main search page. We now use the new URL scheme, so links from OSVDB will directly load the Metasploit module again.
- Microsoft changed their URL scheme yet again. Our links for MS bulletins were redirecting, but sometimes 2 or 3 times on Microsoft’s side. It’s cool that they kept up the redirects, but our links have been updated to be more efficient and land without the 30x magic.
- Immunity CANVAS references have been added. In our quest to add as much vulnerability information to each entry, we have used Immunity’s API to pull in data about their exploit availability. While it is a commercial offering, such exploit frameworks are invaluable to pen-testing teams, as well as administrators that mitigate based on the availability of exploits. An example of an OSVDB entry with a CANVAS reference is OSVDB 60929.
- Continued backfilling; we have still been pushing to backfill vulnerability data from prior years, focusing on 2011 currently. The data is coming from a variety of sources including bug trackers, changelogs, and Exploit-DB. We have been working with EDB so that each site has a more thorough cross-reference available. The EDB team has been outstanding to work with and continues to show diligence in their data quality and integrity. Moving forward, we will continue to focus on more vulnerability data imports and more information backfill.