Security Experts:

Connect with us

Hi, what are you looking for?



OSVDB Shut Down Permanently

The maintainers of the Open Sourced Vulnerability Database (OSVDB) announced this week that the project will be shut down permanently due to the lack of support from the industry.

The maintainers of the Open Sourced Vulnerability Database (OSVDB) announced this week that the project will be shut down permanently due to the lack of support from the industry.

“As of today, a decision has been made to shut down the Open Sourced Vulnerability Database (OSVDB), and will not return. We are not looking for anyone to offer assistance at this point, and it will not be resurrected in its previous form,” Brian Martin, aka Jericho, one of the leaders of the OSVDB project, said in a blog post.OSVDB shut down

“This was not an easy decision, and several of us struggled for well over ten years trying to make it work at great personal expense. The industry simply did not want to contribute and support such an effort,” Martin added.

While the OSVDB will be shut down, the project’s blog will remain active as a “place for providing commentary on all things related to the vulnerability world.”

The OSVDB, announced in August 2002 and launched to the public in March 2004, was created as a project whose goal was to provide accurate and unbiased information about security vulnerabilities. Over the course of 12 years, the OSVDB, which had been free for non-commercial use, catalogued more than 100,000 flaws affecting a large number of products.

The OSVDB was primarily sponsored by Risk Based Security, which was also the project’s commercial partner, and aided by donations from Switzerland-based web security company High-Tech Bridge.

The project received some legal threats from unhappy vendors whose products were listed in the database. However, an even bigger issue was that some individuals and companies had attempted to automatically scrape the database and use the information for commercial purposes without having to pay for access.

HD Moore, one of the project’s early contributors, learned from Risk Based Security that the data in the OSVDB will not be made available. Moore believes the project failed due to its poor business model.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


A high-severity format string vulnerability in F5 BIG-IP can be exploited to cause a DoS condition and potentially execute arbitrary code.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.


GoAnywhere MFT users warned about a zero-day remote code injection exploit that can be targeted directly from the internet