TeamShatter.com went live yesterday. SHATTER is the AppSecInc team that researches database security vulnerabilities and publishes advisories that have been trusted by the industry for many years. For example, Oracle April CPU had CVE-2010-0870 and the July CPU had CVE-2010-0903 and CVE-2010-2373 that were found by Esteban, a team SHATTER member. You can read about some of the team’s most public figures, including (shameless plug), on the new website.
I am very excited about this new project because it contains the public information from our entire vulnerability knowledgebase. It’s called the threat finder and gives you a real live view of the known vulnerabilities each database vendor has acknowledged and fixed. In addition, we’re now publishing a regular feed of information related to data fraud and theft, something we’ve had internally for a very long time. We also hope to include more general articles that talk about security, risk and compliance.