Connect with us

Hi, what are you looking for?



OSVDB Shut Down Permanently

The maintainers of the Open Sourced Vulnerability Database (OSVDB) announced this week that the project will be shut down permanently due to the lack of support from the industry.

The maintainers of the Open Sourced Vulnerability Database (OSVDB) announced this week that the project will be shut down permanently due to the lack of support from the industry.

“As of today, a decision has been made to shut down the Open Sourced Vulnerability Database (OSVDB), and will not return. We are not looking for anyone to offer assistance at this point, and it will not be resurrected in its previous form,” Brian Martin, aka Jericho, one of the leaders of the OSVDB project, said in a blog post.OSVDB shut down

“This was not an easy decision, and several of us struggled for well over ten years trying to make it work at great personal expense. The industry simply did not want to contribute and support such an effort,” Martin added.

While the OSVDB will be shut down, the project’s blog will remain active as a “place for providing commentary on all things related to the vulnerability world.”

The OSVDB, announced in August 2002 and launched to the public in March 2004, was created as a project whose goal was to provide accurate and unbiased information about security vulnerabilities. Over the course of 12 years, the OSVDB, which had been free for non-commercial use, catalogued more than 100,000 flaws affecting a large number of products.

The OSVDB was primarily sponsored by Risk Based Security, which was also the project’s commercial partner, and aided by donations from Switzerland-based web security company High-Tech Bridge.

The project received some legal threats from unhappy vendors whose products were listed in the database. However, an even bigger issue was that some individuals and companies had attempted to automatically scrape the database and use the information for commercial purposes without having to pay for access.

HD Moore, one of the project’s early contributors, learned from Risk Based Security that the data in the OSVDB will not be made available. Moore believes the project failed due to its poor business model.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.


People on the Move

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move

Expert Insights