Tag Archives: Development

Looking for Volunteer Rails Developers!

Looking for Volunteer Rails Developers!
by D2D

The Open Security Foundation is looking for a few good Ruby on Rails developers to help us on a volunteer basis in developing and enhancing osvdb.org, as well as datalossdb.org.

We need folks who are interested in security, with a background in Ruby on Rails development.

For helping on OSVDB, you really need to have a solid understanding in these areas:

  • Single-table inheritance
  • SOLR
  • html/css/js

Dataloss DB isn’t as complex. A volunteer needs only to be experienced with REST and have already worked on RoR projects, but also have knowledge and experience with SOLR to help with the learning curve!

Both projects require experience with Subversion, and decent written communication skills.

If you’re interested in helping out, we encourage you to email us at:

moderators[at]osvdb.org (for OSVDB work), or curators[at]datalossdb.org (for datalossdb.org work).

In your email, please send a quick and informal resume with links to Ruby on Rails work you’ve done in the past, or projects you’re currently working on.

It’s not a job… it’s an adventure (or a hobby, or just a way to do something important for the InfoSec community!)

OSVDB – Apr 14 Code Push

Dave pushed a new set of code changes today! Here is a very brief summary of some of the highlights:

Public Enhancements:

  • Browse now has: Browse by Top Creditee, Browse by Creditee Name [Remember, we need more entries at 100% to make this more accurate and complete. Mangle your own vulnerabilities and fill in the missing creditee!]
  • Three new dates added to schema (Screenshot) [The new date fields won’t appear on the front end yet, as more changes are required, but we now have the capability to track a more thorough history of the vulnerability]
  • Menu Changes and new pages in support of that.
  • More diverse “Donation” options [Come on, donate 5 bucks and skip that fourth Latte!]
  • General bug fixes/tweaks
  • Vendor dictionary – change e-mail addresses to stop automatic harvesting
  • New template for CSRF vulnerabilities

Behind the Scenes:

  • Improved matching system for moderators to ensure we’re 100% matched with CVE
  • Stream line NDM process for splitting vulnerabilities
  • Better system for auto-importing references to milw0rm
  • Better system for approving and cataloging relevant blog posts associated with vulnerabilities

OSVDB – Mar 25 Code Push

Public Enhancements:

  • Titles now prominently display “myth/fake” to help users mentally filter those when reading search results
  • New users signing up are subjected to a CAPTCHA to prevent abuse
  • Small re-design of vulnerability editing pages to improve screen real estate use
  • Front end now shows who is online

Behind the Scenes:

  • Bulk search enhancements, ultimately to better handle CVE matching
  • Remove some error conditions that could occur during vendor management

March Code Push

Public Enhancements:

  • Improvements to the Watch List functionality
  • Improved the automated META keyword population
  • When mangling creditee, some errors caused the information not to add or update correctly – now fixed
  • Utility now checks ext-refs for 404s and auto-flags them as such
  • Technical Notes field had some editing issues – fixed
  • New reference type: milw0rm
  • Vulnerability editing – several fields now bigger to better use screen real estate

Behind the Scenes:

  • Removed some error conditions in bulk search
  • Bulk search now lists what wasn’t found
  • Bulk search now auto-links more fields
  • Can now copy products between entries
  • Removed more error conditions when managing vendors
  • Internal tool to better track advisory pages
  • Improvements to the reference migrator