The Open Source Vulnerability Database recently closed down after 10 years. The failure was blamed on a lack of...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
support from the open source community as well as the software industry at large. How will this potentially affect open source security? Does the industry need a replacement for the OSVDB?
Often, when a portion of a community takes on the responsibility of monitoring the rest of the community, their efforts are not valued by the community as a whole. Information security has become commercialized over the last 10 years, and many of the open source community projects have struggled, such as OpenSSL did prior to the industry-wide contributions made to its maintenance after the Heartbleed bug was discovered. The Open Source Vulnerability Database (OSVDB) tried for 10 years to monitor the vulnerability disclosure aspects of information security and acted as a resource for tracking vulnerabilities. This provided a vendor-neutral source of vulnerabilities that an enterprise could use to correlate vulnerabilities detected or present in their enterprise that might not have CVE numbers. The goal of the OSVDB was to present accurate and unbiased data on security vulnerabilities.
The impact of OSVDB closing could be that it is now more difficult for enterprises to track vulnerabilities not contained in the more limited CVE database. The CVE Program has responded somewhat by expanding CVE assignment, which could help address some of the concerns that prompted forming the OSVDB. Open source projects and other enterprise projects will be impacted by the need to independently correlate vulnerabilities not represented by CVE numbers. It might also be more difficult for open source vulnerability management systems like OpenVAS to track vulnerabilities.
Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Compare the top vulnerability management products
Learn about the common flaws in open source web applications
Find out three methods of open source security toolkit building
Dig Deeper on Open source security tools and software
Related Q&A from Nick Lewis
The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from ...continue reading
Typosquatting was used by threat actors to spread malware in the NPM registry. Learn from expert Nick Lewis how this method was used and what it ...continue reading
Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.