We just recently noticed that OSVDB was discussed during a podcast called Faceoff started by Jade Robbins and Mark Sanborn. In Episode 5: Scaling to Hit it Big, at about 19:54, they talk about OSVDB for several minutes. They cover the project in general and also review several of the basic features of OSVDB and how someone can use the site. They speak about the search capabilities and even mention that OSVDB has a vulnerbaility from back in 1965. This was submitted by Ryan Russell as part of our oldest vulnerability contest and I can now say Ryan has finally received his OSVDB schwag….. only took a couple years for him to get it! =)
They also explain how in addition to the website that the OSVDB database itself can be downloaded and used as well. To clarify a point they discuss, once you create an account with OSVDB you can download the database as many times as you want. They also spend some time discussing our Watchlist feature which I thought was pretty cool that it was mentioned. For those that are not aware, when you create an account you can then setup two types of Watchlists.
The Vendor/Product Watch list
This watchlist will alert you to vulnerabilities for specific products that you subscribe to. Alerts are generated when a vulnerability is updated to include the product and vendor information. Soon, we may introduce a feature that will enable alerting as soon as the vulnerability is processed through our systems.
The Mailing List Aggregation Watch list
OSVDB allows you to subscribe to roughly 20 vendor advisory mailing lists. The advisory mailings are sent to OSVDB, we process them, and forward them on to you. That way, rather than managing 20 individual advisory subscriptions, you only need to manage one through OSVDB.
Thanks to the guys at Faceoff for their support and it is worth listening to the entire podcast. It did make us laugh a bit as they commented at one point that WordPress has all kinds of vulnerabities. Most of our dedicated readers know the ongoing WordPress issues we had and our eventually move away from it! =)
Thanks also to Ryan Heimbuch for suggesting OSVDB to be reviewed.
OSVDB can also now be followed on Twitter: http://www.twitter.com/osvdb