The Security industry has for a long time felt the pain of locating information related to security vulnerabilities. Security professionals often have a multitude of vulnerabilities in their IT infrastructure at any one time that they must fix, but the process to track down the vulnerability information needed is not efficient. Today, a security professional must reference one or more online databases in order to get the information they need to close the security holes in their organization’s data. Add to that the fact that security professionals are stretched thin and many have resource constraints placed upon them, leaving them with only a handful of people to address their security issues and not much time to do so.
Recognizing this need, Risk I/O created RiskDB, a free, centralized, and openrepository of security vulnerabilities sourced from multiple vulnerability databases. It provides up-to-the-minute information related to security vulnerabilities and exploits by centralizing data from multiple sources and presenting them in a single searchable and filterable view. Security professionals save time by accessing one centralized vulnerability database, allowing them to focus on resolving vulnerabilities and protecting their infrastructure.
[ibimage==20959==Medium==none==self==ibimage_align-center]
RiskDB provides a completely searchable database, which offers accurate, detailed, current and unbiased technical vulnerability information that is easily shared. It also has an interactive interface which helps save time and reduce the frustration that often occurs when visiting multiple public vulnerability websites. RiskDB can be added directly to a OpenSearch-compatible browser, so that a text search can be done directly from a browser address bar or search bar.
A tool such as this impacts everyone managing a technology environment, from security teams, operations and developers to those who have an interest in security research or who are security consultants. The data supplied through RiskDB can be used for both vulnerability remediation and reporting.
As of today, RiskDB contains over 50,000 vulnerabilities with many sourced from the National Vulnerabilities Database (NVD). In the coming months, RiskDB will expand with potential additional sources, including: The Open Source Vulnerabilities Database (OSVDB), The Web Application Security Consortium Threat Classifications (WASC-TC) and The Exploit Database (ExploitDB). It also plans on adding a social component to RiskDB, allowing users to offer fix and remediation advice for specific vulnerabilities and software security defects.
RiskDB was created by Chicago-based startup Risk I/O, and RiskDB is part of the data-driven approach that Risk I/O has taken with their vulnerability intelligence platform. “We are happy to provide RiskDB to the security community so that they can reference material faster and easier,” said Ed Bellis, CEO and Cofounder of Risk I/O. “By better understanding what is causing real world security incidents, we, as security professionals, can prioritize our work and put the right controls in place to protect against them.”
RiskDB is free to access and available today at: https://db.risk.io.
To learn more about Risk I/O, visit their website or follow them on Twitter at @RiskIO.