Chairman, CEO-CFO: Jake Kouns; President, COO: Brian Martin; VP, CTO: David Shettler; Secretary, CCO: Kelly Todd
The Open Security Foundation (OSF), founded in 2004, is a 501(c)3 nonprofit, public foundation that provides independent, detailed and unbiased security information to organizations.
The group's Open Source Vulnerability Database (OSVDB), a project to catalog and describe the internet's security vulnerabilities, opened for public use in 2004, and currently contains information on over 52,000 vulnerabilities. It also contains a vendor dictionary that serves as a centralized resource for vendor contacts. In 2007, the release of OSVDB 2.0 completely rewrote the website with greater detail.
In July 2008, the DataLossDB (also known as the Data Loss Database – Open Source, formally run by Attrition.org) was brought in under the OSF umbrella. And, in Dec. 2008, a new enhancement, called “Primary Sources,” was added to gather a collection of breach notification letters sent to various jurisdictions in the United States.
David Shettler, vice president and CTO at OSF, calls the Primary Sources enhancement the group's greatest accomplishments this past year.
“The Primary Sources Archive is a project to acquire and catalogue breach notification letters from states by collecting them via Freedom of Information Act (FOIA) requests. To date, we've archived over 1,300 breach notification letters and catalogued over 1,000 of those. We continue to make requests to additional states and process them as time and volunteer effort permit.”
The archive sheds light on the state of data breaches, as many breaches have gone unmentioned or undiscovered by the media, he says.
“Certainly, our work on the Heartland breach has gathered us quite a bit of attention, but the day-to-day work of finding breaches, processing FOIA requests, and ensuring our data set is open, accurate and reliable is really what we've been all about.”