Software Integrity

 

Open source vulnerability database suspends operation

The Open Source Vulnerability Database is no more.

“We are not looking for anyone to offer assistance at this point, and it will not be resurrected in its previous form,” the organizers wrote in a blog post post. “This was not an easy decision, and several of us struggled for well over ten years trying to make it work at great personal expense.”

The blog, as far as offering commentary, will continue. For example, this commentary critical of the CVE ID scheme proposed by the MITRE organization.

Started in private in 2002 at Black Hat and DefCon, and then public in 2004, the OSVDB was designed to be an alternative to the Common Vulnerabilities and Exposures maintained by the MITRE organization. The criticism has been that the process being used by CVE is too restrictive. The OSVDB wanted to catalog every vulnerability, selling subscriptions to companies that wanted full details on each.

In 2014, OSVBD called out Intel’s McAfee for scanning its database and using it for their own customers.