Open Security Foundation - State of the Union 2010

Open Security Foundation - State of the Union 2010
Open Security Foundation - State of the Union 2010 

By jkouns

The Open Security Foundation (OSF) has grown from a humble beginning in 
2004 to an internationally recognized 501(c)(3) non-profit public 
organization. Through the work of a small team of dedicated information 
security enthusiasts, the Open Source Vulnerability Database (OSVDB) and 
DataLossDB projects have provided organizations of all sizes with the 
knowledge and resources to accurately detect, protect and mitigate 
information security risks. OSF research is often cited throughout the 
security industry and the organization was honored by being named winner 
of the SC Magazine's Editors Choice award for 2009.

To ensure the highest quality information that has become the trademark 
of OSF, a tremendous amount of effort is expended on a daily basis by 
OSF volunteers to process an ever increasing amount of data loss and 
vulnerability reports. Over the years, many volunteers have been 
involved in the projects, but for the most part the the heavy lifting 
has been the work of only a few very dedicated volunteers. The "open 
source" approach to resourcing the projects has been successful to date 
but is now proving to be an unsustainable model. With long-term 
sustainability and increased services as our goal, we have initiated a 
comprehensive review of our current operations, our existing approach to 
project funding and the creation of potential new services for the 
security community.

As a start, we plan to do a better job of sharing our view on the state 
of the information security industry and creating a mechanism to gain 
community feedback to better establish our vision for the OSVDB and 
DataLossDB projects.

To that end I want to take a moment to share our initial plans for 2010.

The OSF officers and project leads have been dedicated to the daily 
operations required to make OSVDB and DataLossDB the recognized leader 
in vulnerability and data loss tracking. This focused dedication has 
left little time to take the pulse of the industry as it relates to our 
projects or to establish a clear long-term vision for the projects. To 
address this need, OSF will be creating an Advisory Board. The board 
will consist of three to five senior leaders capable of providing broad 
based perspective on information security, business management and 
fundraising. It is our hope that this will provide a sounding board when 
developing future plans, an open forum when reviewing community feedback 
and a broader view when prioritizing potential new services. Additional 
information along with an official call for Advisory Board nominations 
is planned for 2/12/2010.

Direct unfiltered feedback from both the security community as well as 
the organizations that benefit from our projects is critical. Over the 
next few weeks, we plan to post a public survey asking for feedback that 
will help shape our long-term vision and establish our near-term plans 
for OSVDB and DataLossDB.  Those of you who value the work that the OSF 
provides and/or consider yourselves friends and supporters of OSF are 
asked to help spread the word to maximize the feedback provided.

Feedback from the survey will be the foundation for the OSF vision and 
2010 plan. Our goal is to present a draft of both the vision and the 
2010 plan to the newly formed Advisory Board by mid-April 2010. Once 
finalized, both documents will be shared with the information security 

OSF has been recognized for providing a critical service to the 
information security community but our potential is much greater. We 
look forward to hearing your ideas on how OSF can further improve the 
state of security while building a stronger organization to deliver even 
higher quality research and additional services.

We appreciate your support and if you are interested in working with OSF 
please contact us at or 

Jake Kouns
Chairman, Open Security Foundation

Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 

Site design & layout copyright © 1986-2014 CodeGods