OSVDB hosts a very public vulnerability database. The database is open for free consumption if used by individuals, however a corporate body needs to pay for a license if extensive access to the data is required. McAfee and S21Sec had asked about this license and they were duly informed of the details. This 2 security firms are among those who have been heavily scraping OSVDB’s data despite their awareness of the policies that forbid this practice. According to legal experts, this violation by McAfee and company amounts to breach of copyright work owned by OSVDB. There is debate as to whether a database can be copyrighted but the fact that OSVDB employed resources to add value to the data means that McAfee is infringing on the posted OSVDB license.
