Month: November 2009
-
OSVDB – Creditee System Overhauled
[This was originally published on the OSVDB blog.] Thanks to Dave, we now have a completely re-written creditee system. For years, we operated off a four field system (name, email, company, url) for tracking vulnerability researchers. While we tracked that information, it was not flexible and led to serious problems with data integrity. Even worse,…
-
Responsible Disclosure – Old Debate, Fresh Aspects?!
[This was originally published on the OSVDB blog.] Earlier this evening, there was a Twitter debate regarding a proposed standard for responsible vulnerability disclosure. It referred to ISO/IEC 29147, a proposed standard for responsibly disclosing a vulnerability. Dino Dai Zovi brought up a fresh angle, that the “responsible disclosure” name itself completely ignored the aspect…
-
OSVDB – Search Filters & Custom Exports
[This was originally published on the OSVDB blog.] Last week, OSVDB enhanced the search results capability by adding a considerable amount of filter capability, a simple “results by year” graph and export capability. Rather than draft a huge walkthrough, open a search in a new tab and title search for “microsoft windows”. As always, the…
-
What I Learned From Early CVE Entries!
[This was originally published on the OSVDB blog.] This post is the farthest thing from picking on or insulting CVE. They were running a VDB some four years before OSVDB entered the picture. More impressive, they operated with a level of transparency that no other VDB offered at the time. Early OSVDB entries suffered just…
-
Vendors & researchers, no more decade old embargo!
[This was originally published on the OSVDB blog.] Vulnerabilities reported ten years ago, they have no impact on your customers. If they do, then you are woefully behind and your customers are desperately hanging on to legacy products, scared to upgrade. For vendors who have kept up on security and adopted a responsible and timely…