Free database lists security flaws

News

Free database lists security flaws

Cliff Saran
IT staff who need to keep up-to-date with the latest security glitches can now logon to a database that claims to be the first free service to catalogue all known security vulnerabilities for the main software systems.

The Open Source Vulnerability Database, which has been developed by open source advocates, offers information on security vulnerabilities on software ranging from operating systems such as Windows and Linux to business software such as PeopleSoft and Oracle.

The database is aimed at system administrators protecting servers and networks; business staff assessing risks and remedies; academic researchers; and developers of security products, said the OSVDB group.

US-based security advisory body Cert estimated that the number of computer security vulnerabilities found each year has risen by more than 2,000% since 1995.

Security alert databases have become an important tool for administrators to check whether any of the software they run in their business is vulnerable to past and current hacking exploits or contain security holes which need patching.

According to OSVDB, existing security databases contain a limited subset of vulnerabilities or have restrictions on their content. "None are simultaneously comprehensive, open for free use, and answerable to the community," it said.

Tony Lock, principal analyst at Bloor Research, said, "Any common [security database] is beneficial to users, but it needs to be totally up-to-date, otherwise people may get a false sense of security."

By the summer, OSVDB plans to offer XML access to allow computer-based querying of the security database. It is also developing push technology to publish security notices directly to users who subscribe to the database.

www.osvdb.org

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy