> The reason OSVDB isn't well populated yet is that each > vulnerability has to be evaluated and written up afresh > in order to avoid violating any existing DB's copyrights. > That takes time. If you want to shorten that time, go > volunteer. :-)
I like the idea of osvdb, I have concerns about the execution. I tried to read: http://www.osvdb.org/terms-conditions.php But after a few pages got tired of trying to figure out how all the various loopholes and things like "We reserve the right, at our discretion, to change, modify, add or remove portions of these terms periodically." will interact. Then there is things like: "You agree not to sell, resell or offer for any commercial purposes, any portion of the Services, use of the Services or access to the Services." So what happens if I reference an osvdb writeup in a commercial product, it would seem even just using whatever identifier osvdb uses for an issue (the name) would violate their terms of service. While the osvdb claims they will use a license similar to the CPL (according to http://www.osvdb.org/status.php/): http://www.opensource.org/licenses/cpl.php They then go on to say: "Currently OSVDB is seeking legal aid to determine how to best reuse the CPL, or draft a similar license. " With all the above loopholes, and the uncertainty about the license and conflicting license/terms of service/etc I have a feeling this company may pull a CDDB (that is, let people enter stuff, and use it for free and then yank it and go commercial). This is sponsored by two commercial companies and let's face it, at the end of the day if it comes down to making an extra buck, or being "nice to the community" most companies will go with the dollar. I could be wrong of course, and sincerely hope I am. But the execution of this project makes me nervous. Kurt Seifried, [EMAIL PROTECTED] A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ > m5x > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html