[This was originally published on the OSVDB blog.]
I’ve been with the OSVDB project for 1000 days. I am responsible for creating 20,667 entries, moderating 7,791 mangler submissions, and mangling 3,480 vulnerabilities myself. The database contains vulnerabilities dating back to 1965, spanning over 40 years. The database contains over 3,800 cross-site scripting, 2,500 SQL injection and 990 remote file inclusion vulnerabilities. Microsoft enjoys around 1,450 entries while Oracle only has 596, with another 75 or so coming when I catch up with my backlog. Since the addition of a Bugzilla system we have filed 807 bugs, 176 of which are still open. Since opening our doors 337 accounts have been created to work on the project, but 293 are now considered M.I.A., 1 is disabled and 20 are considered ‘abducted by aliens’ (meaning they never logged in once). As of this post, there are 28,319 entries in the database; 13646 Stable, 13928 New, 65 being Mangled, 5 Pending moderator review, and 6 Locked. I can’t even begin to count the e-mail we’ve sent and received related to the project and we’ve written 136 entries on this blog.