Tag: Vulnerability Databases

  • OSVDB Content Update

    [This was originally published on the OSVDB blog.] I always mean to post these more often, but I find myself bogged down in adding entries and putting off blog updates. Quite a few little blurbs and thoughts related to OSVDB content. Changelogs I love vendors who maintain good changelogs. A good changelog has many attributes: […]

  • VDB Relationships (Hugs and Bugs!)

    [This was originally published on the OSVDB blog.] Like any circle in any industry, having good professional relationships can be valuable to involved parties. In the world of security, more specifically Vulnerability Databases (VDBs), the relationships we maintain benefit the community behind the scenes. Like ogres and onions, there are layers. Someone from CVE and […]

  • If You Can’t, How Can We?

    [This was originally published on the OSVDB blog.] Steve Christey w/ CVE recently posted that trying to keep up with Linux Kernel issues was getting to be a burden. Issues that may or may not be security related, even Kernel developers don’t fully know. While this is a good example of the issues VDBs face, […]

  • Who Discovered the Most Vulns?

    [This was originally published on the OSVDB blog.] This is a question OSVDB moderators, CVE staff and countless other VDB maintainers have asked. Today, Gunter Ollmann with IBM X-Force released his research trying to answer this question. Before you read on, I think this research is excellent. The relatively few criticisms I bring up are […]

  • VDBs Devolving?

    [This was originally published on the OSVDB blog.] I’m big on Vulnerability Database (VDB) evolution. I tend to harp on them for not adding features, not making the data more accessible and generally doing the exact same thing they did ten years ago. While the target of my ire is typically functionality or usability, today […]

  • Coffee makers are SCADA, right?!

    [This was originally published on the OSVDB blog.] Steven Christey of CVE posted asking a question about VDBs and the inclusion of coffee makers. Yes, you read that correctly, vulnerabilities are being found in coffee makers that are network accessible. Don’t be surprised, we all knew the day was coming when every household appliance would […]

  • Who’s to blame? The hazard of “0-day”.

    [This was originally published on the OSVDB blog.] This blog entry is probably worth many pages of ranting, examining and dissecting the anatomy of a 0-day panic and the resulting fallout. Since this tends to happen more often than some of us care to stomach, I’ll touch on the major points and be liberal in […]

  • The Purpose of Tracking Numbers.. (IBM)

    [This was originally published on the OSVDB blog.] First it was HP, then it was Sun. Not to be outdone, IBM steps up and gives VDBs a headache. APAR IZ00988 is “sysrouted” to APAR IZ01121 and APAR IZ01122. Really IBM, the amount of information common to all three pages is overwhelming. Do you really need […]

  • New Classification: Discovered In the Wild

    [This was originally published on the OSVDB blog.] [October 24, 2020 Update: Since creating this flag, VulnDB now has 629 entries flagged as such.] In a recent discussion on the security metrics mailing list, Pete Lindstrom put forth a rough formula to throw out a number of vulnerabilities that have been discovered versus undiscovered. One […]

  • OSVDB Search Tips & Tricks

    [This was originally published on the OSVDB blog.] I should have started a series of these posts long ago. One of the more frustrating parts of most VDBs is the lack of a helpful search function. Searching for some products (SharePoint) is easy enough, as the name is distinct and not likely to find many […]