Posted on by Vulnerability Analysisin
With the hope that someone finds the data useful, we're publishing an archive of almost all of the non-sensitive vulnerability information in our vulnerability reports database.
In 1998, CERT fielded a system to track vulnerability reports, coordinate with vendors, and publish advisories. This system was designed to support what is now known as "responsible" or "coordinated disclosure." Over the years, we collected a lot of vulnerability information, from a variety of public sources as well as private direct reports. Some of those reports were deemed important enough to analyze further, coordinate with vendors, and publish as vulnerability notes. Many of the reports were never published, even though they were already public. Seeing little value in collecting reports and doing little or nothing with them, we stopped in late 2008.
Today, there are reasonably good sources of public vulnerability information, such as CVE, NVD, Secunia, OSVDB, JVN, SecurityFocus, and X-Force. Our data archive isn't likely to substantially add to the information already provided by these sources. Nonetheless, we're publishing what we can, with the hope that someone finds some utility in it.
We officially do not provide support for the archive, but we may be able to answer questions and consider feedback as resources permit. See our Contact Us page.