The Open-source vulnerabilities database (OSVDB) shuts down permanently

The Open Sourced Vulnerability Database (OSVDB) shut down permanently in response to the lack of assistance from the industry.

The Open Sourced Vulnerability Database (OSVDB) shut down permanently, the news was reported in a blog post published by the maintainers of the project. The decision was made in response to the lack of assistance from the industry.

“As of today, a decision has been made to shut down the Open Sourced Vulnerability Database (OSVDB), and will not return. We are not looking for anyone to offer assistance at this point, and it will not be resurrected in its previous form.This was not an easy decision, and several of us struggled for well over ten years trying to make it work at great personal expense.” wrote Brian Martin (aka Jericho), one of the leaders of the OSVDB project.

“The industry simply did not want to contribute and support such an effort. The OSVDB blog will continue to be a place for providing commentary on all things related to the vulnerability world” 

The maintainers highlighted that the project will not be resurrected, the group behind the OSVDB will keep alive their blog for providing commentary on all things related to the vulnerability world.

The OSVDB was founded in 2002 and launched in March 2004, it is an open-source project that catalogued more than 100,000 computer security vulnerabilities over the time, among its founders there was the popular HD Moore who developed the Metasploit framework.

The OSVDB was free for non-commercial use, its first sponsor and commercial partner was the Risk Based Security, the project also received donations from the security company High-Tech Bridge.

The project was an amazing repository for security experts and hackers, but many vendors were not happy for its activity.

One of the reasons behind the project shutdown is the impossibility to make bulk downloads of the content for no paying users, the website was deployed in the CloudFlare network in order to prevent scrapers’ activity.

Due to the impossibility to download a large volume of data from the DB, the archive did lose interest in the project by companies and users.

What will happen to OSVDB data?

According to HD Moore, the data will not be made available.

Pierluigi Paganini

(Security Affairs – Open Sourced Vulnerability Database, cyber security)