We are an online computer security training company that needs to have a MySQL database containing all of the vulnerability information as well as the publicly available source code for computer security vulnerabilities (often called “exploit code??). We will also need a simple easy to use web interface for updating this database. We have our own archve of this data located at <[login to view URL]> (approximately 30MB of text files sorted in folder by OS) ??" however the information on the websites below are more up to date than the information in our file and only [[login to view URL]][1] has the information that we want this DB to include such as BID, CID, CVE, etc so I would prefer that our file only be used as a starting point if it is to be used at all and not the entire database.
We would like the database users to be able to search/sort this information by keyword, BugTraq ID (BID), CAN ID, CVE ID, Operating System (OS) Version/Daemon Name/version that the code can be used for.
[login to view URL] - Sorted by CVE, BID, Keyword, and OS (This is the best on the web in terms of being able to search by CVE, BID, CAN, and keywords)
[login to view URL] - Sorted by date
[login to view URL] - Sorted by date
[login to view URL] - Sorted by date [login to view URL] Sort by OS
[login to view URL]
[login to view URL] [login to view URL]
## Deliverables
1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done.
2) Deliverables must be in ready-to-run condition, as follows (depending on the nature of the deliverables):
a) For web sites or other server-side deliverables intended to only ever exist in one place in the Buyer's environment--Deliverables must be installed by the Seller in ready-to-run condition in the Buyer's environment.
b) For all others including desktop software or software the buyer intends to distribute: A software installation package that will install the software in ready-to-run condition on the platform(s) specified in this bid request.
3) All deliverables will be considered "work made for hire" under U.S. Copyright law. Buyer will receive exclusive and complete copyrights to all work purchased. (No GPL, GNU, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site per the coder's Seller Legal Agreement).
## Platform
Red Hat 9 Linux Apache/2.0.40 - We are willing to run Rsync, scripted wget or other sofware if you can get this DB to update itself daily. Although it is not an absolute requirement we would really like for this DB to be able to update itself from the websites listed above. Extra considerations will be given to developers that can do this.
I must admit that we'd really like to see a developer answer the questions:
1. How are you going to get the BID, CVE, CAN # for each file, as well as the vulnerability descripion into the database. [[login to view URL]][2] is the only site with this information.
2. Can you make this DB update itself daily? There are dozens of other sites on the web that offer this information but only [login to view URL] is searchable by all of the fields and the other websites don't contain these fields.