The Open Security Foundation and OSVDB members will once again be in Vegas this year. However for some reason we are all a bit tired….. so this year will be pretty low key! While we do not have anything officially planned most of the crew will be around for Defcon…….. so If you want to meet up to talk life, vulns, dataloss and drink a couple beers drop us a line.
The OSVDB team will definitely be in Vegas this year. If you would like to meet up then please drop a line to firstname.lastname@example.org and let us know. Typically we organize an OSVDB dinner but we have been a little slack in organizing it this year! If you are interested let us know and we will see what we can make happen…
Look forward to seeing everyone soon…
Once again many OSVDB members will be in Vegas for Blackhat and Defcon. We are planning a dinner and several small meetings to discuss the OSVDB project and future plans. If you are interested then please get in touch with one of the moderators so that we can trade contact information.
See you in Vegas!
NVD announced this week that they are now going to expand and provide vulnerability information in Spanish. I found this a bit amusing since OSVDB once thought that translating the database was a critical feature that needed to be delivered back in 2002. In fact, all of the language support was in the original OSVDB database schema and the backend code was created to handle it as we truly thought this would be implemented.
However, we quickly realized there were several issues with this concept including finding people to perform the translations! Additional concerns were raised as we spoke to more people in the security industry which included many conversations with non-US based security professionals (including a long ranting conversation with FX at Defcon). The critical concern was that much of the true meaning of the vulnerabilty is lost when the information is translated. The bottom line is that it was strongly believed that the vulnerability information in OSVDB should remain only in English.
OSVDB decided that we would not proceed any further with official plans to to translate the database, however, we have been contacted from other people that have wanted to translate OSVDB and we have provided permission to do so…
Here is a copy of the NVD announcement:
The National Vulnerability Database (NVD) is expanding to provide vulnerability translations. The first translation data feed is in Spanish and is being provided in cooperation with Inteco (http://www.inteco.es/), an entity of the Spanish government’s Ministry of Industry, Tourism, and Commerce (http://www.mityc.es/). Inteco is providing the translations and is solely responsible for the translation content. NVD is providing the translation infrastructure. The result of this cooperative effort is that NVD now contains an XML feed with 7,858 Spanish translations for the Common Vulnerabilities and Exposures (CVE) dictionary of security related software flaws. This feed will be maintained with translations for all new CVE vulnerabilities and, as with the other NVD data feeds, the data can be incorporated into commercial products and services with no licensing fees or restrictions. The translations are available through translation XML feeds at http://nvd.nist.gov/download.cfm#transxml.
We would love to hear any further thoughts (good and bad) on the value of translating vulnerability information into other languages.