Monthly Archives: December, 2007



RICHMOND, VA, December 15, 2007 – OSVDB announced a major milestone in the cataloging, classification, description and management of software and hardware security vulnerabilities: The release of OSVDB 2.0, a complete rewrite of the web site using Ruby on Rails, provides substantial performance and reliability improvements for both developers and researchers. “OSVDB 2.0 will help evolve stagnant Vulnerability Databases and position OSVDB as the go-to security vulnerability database,” says Brian Martin, one of the project leaders.

OSVDB, a recognized leader in providing services to the security industry for the past five years, has cataloged nearly 40,000 vulnerabilities, with the help of over 300 volunteers, while gaining industry recognition and vendor support.

“The new Ruby on Rails MVC framework will allow for quick and efficient deployment of changes,” says Dave Shettler, Lead Developer of the OSVDB project. “This will provide greater flexibility to adapt to the changes in the vulnerability and security industry.”

Eighteen months ago OSVDB project leaders identified the need to provide more services, an easier interface for updating vulnerabilities and a way to make it simple for individuals and companies to integrate with the project. OSVDB 2.0 achieves these objectives.

OSVDB 2.0 enhancements include: greater detail about the overall nature of a specific vulnerability, a “Watch List” service that provides alerts for new vulnerabilities, consolidating external blogs by vulnerability, and new reporting metrics. The enhanced data will allow users to find vulnerabilities based on criteria such as attack type, solution status or if the vulnerability has been confirmed or disputed by the vendor. “We know that OSVDB 2.0’s new features will prove to be useful for the security community.” says Kelly Todd, one of the project leaders. “OSVDB is a team effort for improved security by the security community.”

Users of the old system will immediately notice that the project has implemented a customizable portal that fully integrates the old backend interface and the front end website. In addition, the method for updating vulnerabilities has been changed to a “Wiki style” system that allows contributors to edit individual fields when needed.

The enhanced classification system is now tracking the following additional fields: •Context Dependent •“Wormified” •Vulnerability Dependent •Security Software •Coordinated Disclosure •Uncoordinated Disclosure •Vendor Disputed •Vendor Verified •Solution Types •Wireless

The OSVDB project leaders–Jake Kouns, Brian Martin, Dave Shettler, Chris Sullo, Kelly Todd , and Steve Tornio– would like to thank all of the volunteers and organizations who help make the project a success. The full list of contributors to the project can be viewed at:

We would also like to thank our sponsors: •Google (, for sponsoring OSVDB in the Google Summer of Code program in 2006 and 2007. •Layered Technologies (, for web hosting. •GFI (, for financial support.

“The OSVDB project will go as far as the community is willing to take it.”, says Jake Kouns, project lead. “We continue to encourage individuals to get involved and help shape the future of the project.”

If you would like to become involved with the project please contact us at

OSVDB 2.0 can be found at

Press Contact:

Jake Kouns Open Source Vulnerability Database Project +1.804.306.8412



We are pleased to announce that OSVDB 2.0 has officially gone live!

What’s new in OSVDB 2.0?

  • Completely rewritten from scratch in ruby on rails
  • Improved performance and reliability
  • Custom OSVDB Portal implemented
  • Integration between old backend mangler interface and frontend
  • Wiki style updates with moderation capabilities
  • Updates available per field in vulnerability / full update not required
  • Enhanced classification system, OSVDB is now tracking additional fields:
    • Context Dependent
    • Wormified
    • Vuln Dependent
    • Security Software
    • Coordinated Disclosure
    • Uncoordinated Disclosure
    • Vendor Disputed
    • Vendor Verified
    • Solution Types o Wireless
  • Project is now positioned to provide robust metrics and reporting
  • Capable of integration with addition security products
  • Comment system updated and available for user to provide feedback on vulns
  • Each vulnerability now displays relevant blogs for additional reading
  • Watchlist service for new vulnerabilities now available
  • Enhanced vendor dictionary with new search function
  • Old exports will be available for the next few months
  • Integration with Google checkout for donations and subscriptions
  • Much more…

It is with great pleasure that I also introduce Dave Shettler and announce that he has accepted the position of Development Lead for the project! Dave has brought stability to our development team and has really helped to reinvent the project. Without his efforts none of this would have been possible.

There are so many people and organizations that have made OSVDB successful and we appreciate the continued support. Special thanks to all that contributed time and energy into OSVDB 2.0 and we look forward to many exciting things to come!

All accounts have been converted from the old system, but you will need to request a new password. If you have any feedback or would like to become involved with the project please contact us at