July 13th, 2008 Anthony Towry
Last year sometime after Defcon and the early stages of forming the DC405, a friend of mine (m00dimus) got me into participating with the Open Source Vulnerability Database Project. Since then we've had some big fun organizing mangle parties to promote project participation (even if we beat more beer than bugs sometimes) and we've made a significant contribution to the effort.
Over the past 9 months or so, I've gotten a lot out of digging into some of the vulnerabilities I've researched. I've passed a major milestone in my mangling, now sitting at 100.25 points! I do want to say thanks to the group at OSVDB for the new 2.0 interface, which cut the time for each submission in half.
Let's keep it rolling! Join OSVDB and get mangling!
Posted in Community, Projects, Security | No Comments »
March 3rd, 2008 Anthony Towry
The Google Summer of Code is back for another round. If you're a college coder looking for a great way to work for a non-profit open source organization this summer, check out the GSoC. For the rest of us, we can sit around and wait for the new developments to be added in to our favorite projects.
OSVDB has posted some of their ideas for the GSoC. Check out some of the interesting stuff there.
I like the OSVDB Port Listing Project suggestion. Initially I didn't think much of this, but the possibilities for integrating this with firewalls and IDS systems could be really cool.
The other suggested project I found interesting is the idea of creating a Vulnerability and Patch Management Portal with OSVDB. Vulnerability management practices are going to become increasingly important in the coming years and tools like this should be well received.
My only issue is that, if I were handling vuln management for an organization I wouldn't be particularly keen on storing any information on my organization's current patch level, schedule, etc. out on the internet.
The Summer of Code projects are interesting, inspiring and great way to get some more attention for community oriented projects. I'm looking forward to seeing what gets done this summer.
Posted in Community, Programming, Security | 1 Comment »
December 13th, 2007 Anthony Towry
Jake Kouns of OSVDB recently sent around this e-mail:
Just a quick email to let everyone know that we have started the 2.0
upgrade. The new site, with all new (and very cool) data management
interface will be online Friday night. In the meantime, kick back and relax!
So if you haven't signed up to do some vulnerability research yet this is a great opportunity to get in on a new era with a killer project.
Posted in Community, Security | No Comments »
