The long and winding road…

The long and winding road…
by Lyger

… that leads to your door will never disappear…

Sorry about The Beatles lyrics, but the last couple of months have seemed like a rather long and winding road as far as posting new vulnerabilities is concerned. Many hours (days/weeks/months) of combined effort went into making OSVDB 2.0 a reality. When that finally happened, we were faced with another new challenge: clear out what appeared to be a huge backlog of vulnerabilities stacked up in what we refer to as “NDM”, or the New Data Mangler queue. Cliffs Notes: the NDM queue is a backend stash of vulnerabilities that haven’t yet been added to the front-end database; those entries generally need basic information added such as disclosure dates, external references, and titles that clearly reflect the nature and impact of a vulnerability. At the time OSVDB 2.0 was released, we were looking at a queue of over 1,000 entries in the main NDM queue that each needed at least a couple of minutes of attention.

I’m taking a few minutes away from the NDM queue to type this post. When I started typing, the NDM queue was sitting at 331. As of this sentence, it’s now at 325 as Jericho works on pushing more vulns to “new” status. That doesn’t include the new vulnerabilities that come into NDM on a daily basis, so the drop of 700 vulns is NET, not gross. On or about January 5, 2008, OSVDB’s database gathered its 40,000th vulnerability. In the last 52 days, over 2,200 vulnerabilities have been added to the database. We would like to thank everyone who has supported OSVDB by taking their time to add references, vendors, credits, and descriptions, but we have a little surprise…

There’s another 2,000 vulnerabilities or so to go until we can say we’re “caught up”. We also have a very large stash of CVE-listed vulnerabilities dating back to at least 2002 that require data entry and inclusion into the database. For now, we’re focusing on getting the most recent vulnerabilities into the database, but we will DEFINITELY need more help going forward. If you’re interested in being involved, please let us know; OSVDB is a COMMUNITY project and we would like to have more people involved to help improve data quality, data quantity, and security awareness as a whole. For any questions or comments, please mail us at

back to NDM… down to 324… 😉

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: