[OSVDB-discuss] questions

[jkouns]

> Some questions:
> 

I can answer the first one!


>    1. how often do you update the database ? Imagine: right now in
>       bugtraq is published a vuln … what is the delay until you update
>       osvdb ?
> 

The answer is ...... it depends!  I hate to say that.. but given that we 
are a 100% volunteer driven project it has to do with when our project 
members have time.  We have discussed that if we receive full time 
funding that we would be able to have dedicated resources and would be 
able to ensure new vulnerabilities are added and updated in a consistent 
and timely manner.

To provide a bit more insight......  updates to current vulnerabilities 
in OSVDB can happen at anytime.  While viewing a vulnerability anyone 
can click at the top "edit vulnerability" and provide more information 
or even just fix a small typo.

Currently only moderators have the ability to add brand new 
vulnerabilities to the database.  This decision was made just to ensure 
that we do not have duplicate entries, data quality issues, etc.  We 
have some very dedicated moderators (kudos to Jericho and Lyger) who 
work extremely hard on the project and ensure new vulns are added to 
OSVDB very quickly.  In fact, in most cases it is only a couple hours to 
a day before they are added....

We also try to make all efforts to prioritize the higher priority 
vulnerabilities and specifically vulns that in the new OSVDB 2.0 are 
being watched!  If you do not know about the new watchlist features in 
OSVDB 2.0 I would encourage you to login and check it out!

As always..... if you would like to see OSVDB have the most current 
information we would love to see you sign up and help update the database!

Great questions... keep them coming!
--Jake