The Open Source Vulnerability Database recently closed down after 10 years. The failure was blamed on a lack of...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
support from the open source community as well as the software industry at large. How will this potentially affect open source security? Does the industry need a replacement for the OSVDB?
Often, when a portion of a community takes on the responsibility of monitoring the rest of the community, their efforts are not valued by the community as a whole. Information security has become commercialized over the last 10 years, and many of the open source community projects have struggled, such as OpenSSL did prior to the industry-wide contributions made to its maintenance after the Heartbleed bug was discovered. The Open Source Vulnerability Database (OSVDB) tried for 10 years to monitor the vulnerability disclosure aspects of information security and acted as a resource for tracking vulnerabilities. This provided a vendor-neutral source of vulnerabilities that an enterprise could use to correlate vulnerabilities detected or present in their enterprise that might not have CVE numbers. The goal of the OSVDB was to present accurate and unbiased data on security vulnerabilities.
The impact of OSVDB closing could be that it is now more difficult for enterprises to track vulnerabilities not contained in the more limited CVE database. The CVE Program has responded somewhat by expanding CVE assignment, which could help address some of the concerns that prompted forming the OSVDB. Open source projects and other enterprise projects will be impacted by the need to independently correlate vulnerabilities not represented by CVE numbers. It might also be more difficult for open source vulnerability management systems like OpenVAS to track vulnerabilities.
Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Compare the top vulnerability management products
Learn about the common flaws in open source web applications
Find out three methods of open source security toolkit building
Dig Deeper on Open Source Security Tools and Applications
Related Q&A from Nick Lewis
Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ...continue reading
An Instagram application can be turned into C&C infrastructure with the help of image steganography malware attacks. Expert Nick Lewis explains how ...continue reading
The Pork Explosion vulnerability present in some Foxconn-created app bootloaders can be used to create an Android backdoor. Expert Nick Lewis ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.