Tag: OSVDB

  • What features are sorely lacking from VDBs?

    [This was originally published on the OSVDB blog.] For over ten years, most Vulnerability Databases (VDBs) have done little to evolve. In some cases, they appear to be devolving. OSVDB recognized this many long ago but has struggled for years with a lack of resources, particularly developers. Now that we have saved up enough money,…

  • OSVDB – Search Enhance: by CVSS Score or Attribute

    [This was originally published on the OSVDB blog.] Using the ‘Advanced Search‘, you can now search the database by entering a CVSSv2 score range (e.g., 8 to 10) or by a specific CVSSv2 attribute (e.g., Confidentiality : Partial). To search for entries with only a 10 score, use the search range 10 to 10. Using…

  • OSVDB – Metasploit Reference Support Added & More

    [This was originally published on the OSVDB blog.] This week, HDMoore of Metasploit and OSVDB moderators discussed cross-reference support for each product. As many are now seeing, Metasploit has a search module that allows for fast searches by a number of external references, including OSVDB. On the OSVDB side, we now support a ‘Metasploit ID’…

  • OSVDB – Classification: Exploit Status Overhaul

    [This was originally published on the OSVDB blog.] OSVDB’s classification system is designed to categorize certain attributes of a vulnerability. This facilitates custom searches by a specific attribute, helps researchers develop metrics and gives a better picture of the vulnerability landscape. Until now, we’ve tracked if an exploit is ‘available’, ‘unavailable’, ‘rumored / private’ or…

  • OSVDB – Classification: Minor Touch-ups and Reorganization

    [This was originally published on the OSVDB blog.] In addition to overhauling the ‘exploit’ classification, additional touch-ups and reorganization has been done to the classification system. For volunteers that help mangle entries, watch out as items have shifted in flight. For users of OSVDB, these will be mostly cosmetic changes and should not impact searching.…

  • OSVDB Now Supports CVSSv2 Scoring

    [This was originally published on the OSVDB blog.] OSVDB now displays CVSSv2 scores, mostly as calculated by the National Vulnerability Database (NVD): Along with the score, we display the date that NVD generated it and give users a method for recommending updates if they feel the score is inaccurate. While this is long overdue, this…

  • OSVDB Content Update

    [This was originally published on the OSVDB blog.] I always mean to post these more often, but I find myself bogged down in adding entries and putting off blog updates. Quite a few little blurbs and thoughts related to OSVDB content. Changelogs I love vendors who maintain good changelogs. A good changelog has many attributes:…

  • VDB Relationships (Hugs and Bugs!)

    [This was originally published on the OSVDB blog.] Like any circle in any industry, having good professional relationships can be valuable to involved parties. In the world of security, more specifically Vulnerability Databases (VDBs), the relationships we maintain benefit the community behind the scenes. Like ogres and onions, there are layers. Someone from CVE and…

  • If You Can’t, How Can We?

    [This was originally published on the OSVDB blog.] Steve Christey w/ CVE recently posted that trying to keep up with Linux Kernel issues was getting to be a burden. Issues that may or may not be security related, even Kernel developers don’t fully know. While this is a good example of the issues VDBs face,…

  • Who Discovered the Most Vulns?

    [This was originally published on the OSVDB blog.] This is a question OSVDB moderators, CVE staff and countless other VDB maintainers have asked. Today, Gunter Ollmann with IBM X-Force released his research trying to answer this question. Before you read on, I think this research is excellent. The relatively few criticisms I bring up are…