Tag Archives: Upgrade


We are pleased to announce that OSVDB 2.0 has officially gone live!

What’s new in OSVDB 2.0?

  • Completely rewritten from scratch in ruby on rails
  • Improved performance and reliability
  • Custom OSVDB Portal implemented
  • Integration between old backend mangler interface and frontend
  • Wiki style updates with moderation capabilities
  • Updates available per field in vulnerability / full update not required
  • Enhanced classification system, OSVDB is now tracking additional fields:
    • Context Dependent
    • Wormified
    • Vuln Dependent
    • Security Software
    • Coordinated Disclosure
    • Uncoordinated Disclosure
    • Vendor Disputed
    • Vendor Verified
    • Solution Types o Wireless
  • Project is now positioned to provide robust metrics and reporting
  • Capable of integration with addition security products
  • Comment system updated and available for user to provide feedback on vulns
  • Each vulnerability now displays relevant blogs for additional reading
  • Watchlist service for new vulnerabilities now available
  • Enhanced vendor dictionary with new search function
  • Old exports will be available for the next few months
  • Integration with Google checkout for donations and subscriptions
  • Much more…

It is with great pleasure that I also introduce Dave Shettler and announce that he has accepted the position of Development Lead for the project! Dave has brought stability to our development team and has really helped to reinvent the project. Without his efforts none of this would have been possible.

There are so many people and organizations that have made OSVDB successful and we appreciate the continued support. Special thanks to all that contributed time and energy into OSVDB 2.0 and we look forward to many exciting things to come!

All accounts have been converted from the old system, but you will need to request a new password. If you have any feedback or would like to become involved with the project please contact us at moderators@osvdb.org


OSVDB Origami Project

OSVDB is ready to create a buzz. However, instead of releasing our massive marketing department on the public, we decided to slowly start an OSVDB viral advertising project, consisting of some buzz/stealth marketing and even a little roach baiting…

Just kidding. However, we do have some exciting news to share with you. The project has been very successful over the past couple years, but it has become obvious OSVDB has some scalability issues. The current website and vulnerability management system required a massive overhaul. After some extremely hard work (many thanks d2d!) we are finally ready to launch OSVDB 2.0.

While we are still working through the final details to ensure a smooth transition and to minimize impact as we move to the OSVDB 2.0 system, here are some things to look forward to:

  • Faster interface for mangling and updating vulnerabilities
  • Fully integrated portal that allows wiki style updates & editing for each field � Watch list functionality for custom alerting
  • Improved vendor dictionary, including new search functionality

Some things to consider if you are currently integrating with OSVDB:

  • The current XML dump will be available for several months
  • You will need to create an OSVDB account to download the database
  • The new database exports will include all vulnerabilities, not just “stable”
  • XML schema changes are on the horizon (more info to come)

If you have any questions or concerns please contact moderators@osvdb.org