OSF Mission
Open Security Foundation is a 501(c)(3) non-profit public organization founded and operated by information security enthusiasts.
We exist to empower all types of organizations by providing knowledge and resources so that they may properly detect, protect, and mitigate information security risks.
We believe that security information and services should be easily accessible for all who have the need for such information and services. We promote open collaboration between companies and individuals, provide unbiased information to uphold educated risk decision-making, and attempt to eliminate the need for redundant works.
Download our 501(c)(3) confirmation letter.
OSF Directors and Officers
- Corporate Directors and Officers:
| Chairman / CEO-CFO: | Jake Kouns | President / COO: | Brian Martin |
| Vice-President / CTO: | David Shettler | ||
OSF Benefits
Leverage industry expertise of OSF members and the security community to provide accurate, detailed and unbiased information about the security of computers, networks, and personally identifying information.
Develop partnerships with security organizations that can gain benefit from OSF data and leverage both organizations' strengths (for example, providing vulnerability scanner users with OSVDB references, which prompts individuals to recognize and use OSVDB, and providing the DataLossDB for open research, which in turn promotes OSF as a recognized leader in breach data).
Areas of focus will include security vulnerabilities, security exploits, security testing information, security best-practices and providing information about the security of personally identifiable information.
Open Security Foundation is looking to sponsor and / or host new projects. Please contact us if you have an idea that you feel would benefit the information security community. All inquiries regarding contributions are welcome.
Open Security Foundation
5518 Olde Hartley Way
Glen Allen, VA 23060
About Open Security Foundation
Open Security Foundation provides independent, accurate, detailed, current, and unbiased security information. Open Security Foundation runs the Open Source Vulnerability Database (OSVDB) and the DataLossDB.
OSVDB's goal is to provide accurate and unbiased information about security vulnerabilities in computerized equipment. The core of OSVDB is a relational database which ties various information about security vulnerabilities into a common, cross-referenced data source. Data is acquired from common security industry sources, entered into the OSVDB database, and cross referenced with existing information.
Latest OSVDB News
| date | author | news |
|---|---|---|
| 2010-09-07 | Open Security Foundation Announces New Advisory Board | |
| 2010-07-27 | Open Security Foundation Launches New Cloud Security Project | |
| 2010-04-01 | March Update: Challenge: OSVDB Winter 2010 Fundraising Goal = done | |
| 2010-03-08 | iDefense VCP as seen through OSVDB | |
| 2010-03-01 | February Update: OSVDB Winter 2010 Fundraising Goal | |
| 2010-02-19 | Time to.. Track More Data | |
| 2010-02-12 | Open Security Foundation - Advisory Board - Call for Nominations | |
| 2010-02-06 | Open Security Foundation - State of the Union 2010 | |
| 2010-01-31 | January Update: OSVDB Winter 2010 Fundraising Goal | |
| 2010-01-24 | Microsoft, Aurora and something about forest and trees? |
DataLossDB's goal is to provide accurate and unbiased information about breaches of personally identifying information when lost by or stolen from third parties. DataLossDB is a searchable database that promotes research and the sharing of information by professionals and enthusiasts alike. Data is acquired from verifiable media and government resources and is open for community participation.
Latest DataLossDB Incidents
| Date | Summary |
|---|---|
| 2012-01-27 | 8,000 Social Security numbers and some credit card numbers of prospective students on a public server |
| 2012-01-28 | Man stole “numerous” customer accounts for more than a year |
| 2012-01-27 | 391 current and former hospital employees names and Social Security numbers posted on website |
| 2012-01-27 | Data backup file held by vendor was accessed by an intruder included user names, email addresses and passwords |
| 2012-01-28 | Customers’ names, email addresses, billing and shipping addresses, telephone numbers, credit card information and/or a cryptographically scrambled passwords exposed |
| 2012-01-28 | 2,257 Social Security numbers of living veterans was mistakenly released to Ancestry.com as part of a response to a Freedom of Information Act request |
| 2012-01-26 | 1.8 million customers Social Security numbers, dates of birth and, in some cases, financial institution account numbers compromised |
| 2012-01-22 | Unauthorized access to a database server exposes unencrypted customer passwords including FTP/shell and email accounts |
| 2012-01-27 | Fraudulent purchases made with information from dozens of locals’ credit and debit cards |
| 2012-01-27 | 7,000 full customer names, complete addresses, dates of birth, Social Security numbers, gender, Medicaid identification numbers, case management information and telephone numbers |