OSF Mission
Open Security Foundation is a 501(c)(3) non-profit public organization founded and operated by information security enthusiasts.
We exist to empower all types of organizations by providing knowledge and resources so that they may properly detect, protect, and mitigate information security risks.
We believe that security information and services should be easily accessible for all who have the need for such information and services. We promote open collaboration between companies and individuals, provide unbiased information to uphold educated risk decision-making, and attempt to eliminate the need for redundant works.
Download our 501(c)(3) confirmation letter.
OSF Directors and Officers
- Corporate Directors and Officers:
| Chairman / CEO-CFO: | Jake Kouns | President / COO: | Brian Martin |
| Vice-President / CTO: | David Shettler | ||
OSF Benefits
Leverage industry expertise of OSF members and the security community to provide accurate, detailed and unbiased information about the security of computers, networks, and personally identifying information.
Develop partnerships with security organizations that can gain benefit from OSF data and leverage both organizations' strengths (for example, providing vulnerability scanner users with OSVDB references, which prompts individuals to recognize and use OSVDB, and providing the DataLossDB for open research, which in turn promotes OSF as a recognized leader in breach data).
Areas of focus will include security vulnerabilities, security exploits, security testing information, security best-practices and providing information about the security of personally identifiable information.
Open Security Foundation is looking to sponsor and / or host new projects. Please contact us if you have an idea that you feel would benefit the information security community. All inquiries regarding contributions are welcome.
Open Security Foundation
5518 Olde Hartley Way
Glen Allen, VA 23060
About Open Security Foundation
Open Security Foundation provides independent, accurate, detailed, current, and unbiased security information. Open Security Foundation runs the Open Source Vulnerability Database (OSVDB) and the DataLossDB.
OSVDB's goal is to provide accurate and unbiased information about security vulnerabilities in computerized equipment. The core of OSVDB is a relational database which ties various information about security vulnerabilities into a common, cross-referenced data source. Data is acquired from common security industry sources, entered into the OSVDB database, and cross referenced with existing information.
Latest OSVDB News
| date | author | news |
|---|---|---|
| 2010-07-27 | Open Security Foundation Launches New Cloud Security Project | |
| 2010-04-01 | March Update: Challenge: OSVDB Winter 2010 Fundraising Goal = done | |
| 2010-03-08 | iDefense VCP as seen through OSVDB | |
| 2010-03-01 | February Update: OSVDB Winter 2010 Fundraising Goal | |
| 2010-02-19 | Time to.. Track More Data | |
| 2010-02-12 | Open Security Foundation - Advisory Board - Call for Nominations | |
| 2010-02-06 | Open Security Foundation - State of the Union 2010 | |
| 2010-01-31 | January Update: OSVDB Winter 2010 Fundraising Goal | |
| 2010-01-24 | Microsoft, Aurora and something about forest and trees? | |
| 2010-01-04 | Challenge: OSVDB Winter 2010 Fundraising Goal |
DataLossDB's goal is to provide accurate and unbiased information about breaches of personally identifying information when lost by or stolen from third parties. DataLossDB is a searchable database that promotes research and the sharing of information by professionals and enthusiasts alike. Data is acquired from verifiable media and government resources and is open for community participation.
Latest DataLossDB Incidents
| Date | Summary |
|---|---|
| 2010-08-31 | 8,300 Names, Social Security numbers and some Florida driver’s license numbers stolen from laptop in rental car |
| 2010-08-30 | State consultant posts names, dates of birth and Social Security numbers of 22,000 on website |
| 2010-08-29 | Name, Date of Birth and contact details of students lost on hacked server |
| 2010-08-29 | 150,000 names, addresses, genders, email addresses and customer profiles posted on the Internet by external service provider |
| 2010-08-29 | 200 patients information exposed due to former employee's password used to access medical records |
| 2010-08-29 | 492 patients records consent form signatures falsified |
| 2010-08-24 | Patient names, addresses, phone numbers, date of birth, Social Security numbers and reason for the visit stolen from three desktops, one laptop and a backup drive from office |
| 2010-08-20 | 7,000 patient names, birth dates, and some Social Security numbers stolen from laptop in building |
| 2010-08-20 | 2,027 patient names, medical record numbers, date of birth, diagnosis, mother’s name and some social security numbers stolen on laptop in locked office |
| 2010-08-19 | Stolen laptop contained 10,174 student applications from 2004 to present |