The Open Source Vulnerability Database, which has been developed by open source advocates, offers information on security vulnerabilities on software ranging from operating systems such as Windows and Linux to business software such as PeopleSoft and Oracle.
The database is aimed at system administrators protecting servers and networks; business staff assessing risks and remedies; academic researchers; and developers of security products, said the OSVDB group.
US-based security advisory body Cert estimated that the number of computer security vulnerabilities found each year has risen by more than 2,000% since 1995.
Security alert databases have become an important tool for administrators to check whether any of the software they run in their business is vulnerable to past and current hacking exploits or contain security holes which need patching.
According to OSVDB, existing security databases contain a limited subset of vulnerabilities or have restrictions on their content. "None are simultaneously comprehensive, open for free use, and answerable to the community," it said.
Tony Lock, principal analyst at Bloor Research, said, "Any common [security database] is beneficial to users, but it needs to be totally up-to-date, otherwise people may get a false sense of security."
By the summer, OSVDB plans to offer XML access to allow computer-based querying of the security database. It is also developing push technology to publish security notices directly to users who subscribe to the database.