OSF Mission
Open Security Foundation is a 501(c)(3) non-profit public organization founded and operated by information security enthusiasts.
We exist to empower all types of organizations by providing knowledge and resources so that they may properly detect, protect, and mitigate information security risks.
We believe that security information and services should be easily accessible for all who have the need for such information and services. We promote open collaboration between companies and individuals, provide unbiased information to uphold educated risk decision-making, and attempt to eliminate the need for redundant works.
OSF Directors and Officers
- Corporate Directors and Officers:
| Chairman / CEO-CFO: | Jake Kouns | President / COO: | Brian Martin |
| Vice-President / CTO: | David Shettler | Secretary / CCO: | Kelly Todd |
OSF Benefits
Leverage industry expertise of OSF members and the security community to provide accurate, detailed and unbiased information about the security of computers, networks, and personally identifying information.
Develop partnerships with security organizations that can gain benefit from OSF data and leverage both organizations' strengths (for example, providing vulnerability scanner users with OSVDB references, which prompts individuals to recognize and use OSVDB, and providing the DataLossDB for open research, which in turn promotes OSF as a recognized leader in breach data).
Areas of focus will include security vulnerabilities, security exploits, security testing information, security best-practices and providing information about the security of personally identifiable information.
Open Security Foundation is looking to sponsor and / or host new projects. Please contact us if you have an idea that you feel would benefit the information security community. All inquiries regarding contributions are welcome.
Open Security Foundation
5518 Olde Hartley Way
Glen Allen, VA 23060
About Open Security Foundation
Open Security Foundation provides independent, accurate, detailed, current, and unbiased security information. Open Security Foundation runs the Open Source Vulnerability Database (OSVDB) and the DataLossDB.
OSVDB's goal is to provide accurate and unbiased information about security vulnerabilities in computerized equipment. The core of OSVDB is a relational database which ties various information about security vulnerabilities into a common, cross-referenced data source. Data is acquired from common security industry sources, entered into the OSVDB database, and cross referenced with existing information.
Latest OSVDB News
| date | author | news |
|---|---|---|
| 2008-12-31 | Lyger | Welcoming in 2009 |
| 2008-11-20 | Jkouns | No Safety In Numbers |
| 2008-11-10 | D2d | Looking for Volunteer Rails Developers! |
| 2008-07-31 | Jkouns | OSVDB in Vegas..... |
| 2008-07-14 | Jkouns | OSF To Maintain Attrition.org's Data Loss Database |
| 2008-07-07 | Jericho | Stop using Google, it's dangerous! |
| 2008-07-07 | Jericho | The Black Market Code Industry |
| 2008-07-06 | Jericho | VDBs Devolving? |
| 2008-06-21 | Jkouns | OSVDB Featured in the Open Source Business Resource (OSBR) |
| 2008-06-18 | Jericho | Coffee makers are SCADA, right?! |
DataLossDB's goal is to provide accurate and unbiased information about breaches of personally identifying information when lost by or stolen from third parties. DataLossDB is a searchable database that promotes research and the sharing of information by professionals and enthusiasts alike. Data is acquired from verifiable media and government resources and is open for community participation.
Latest DataLossDB Incidents
| Date | Summary |
|---|---|
| 2008-12-31 | 18,000 names and Social Security numbers of current and former students posted on the Internet |
| 2009-01-01 | Computer containing current and former employee personal information stolen in home invasion. |
| 2008-12-30 | Missing package contains personal information of 1500 patients. |
| 2008-12-25 | Computer tapes holding private customer information of 16,000 stolen from office |
| 2008-12-23 | Stolen hard drive contains Social Security numbers of 38 |
| 2008-12-23 | Personal information of over 1,000 found in former employee's home |
| 2008-12-23 | Social Security numbers and names of Katrina evacuees posted on website for 2 weeks |
| 2008-12-25 | 1.5 million credit card records compromised via hack |
| 2009-01-01 | Third party sales agent stored customer information, include credit card numbers, bank account numbers, names, addresses, in Google Notebook |
| 2009-01-01 | Missing portable storage device containing names and social security numbers of "certain" US Employees |