Open-source vuln db closes – plenty of taking and not a lot of giving

The organizers of the Open Sourced Vulnerability Database (OSVDB) have announced they are having to shut up shop.

"A decision has been made to shut down the Open Sourced Vulnerability Database and [it] will not return. We are not looking for anyone to offer assistance at this point, and it will not be resurrected in its previous form," the group said in a blog post.

"This was not an easy decision, and several of us struggled for well over ten years trying to make it work, at great personal expense. The industry simply did not want to contribute and support such an effort."

The OSVDB was set up in March 2004 as a clearing house for security vulnerabilities that could keep code safer. Companies could pay for a license to use the database, but the problem is that plenty of them didn't.

Sometimes they got caught out – in 2014 the OSVBD publicly called out McAfee and Spanish security firm S21Sec for writing automated scripts that trawled the vulnerability database without paying for it.

The companies apologized for their conduct, but it seems they were just two of many. As a result, the database is now down and won't be back up. Nor will its contents be put online, cofounder HD Moore said on Twitter.

It's a sad end for what was a very good idea. Safely sharing vulnerabilities makes us all more secure, but if everyone takes and no one gives then it's unsurprising when something like this fails. ®