The goal of the project was to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities.
Despite that, many large commercial companies used the data in violation of the license without contributing employee volunteer time or financial compensation.
[7] As of January 2012, vulnerability entry was performed by full-time employees of Risk Based Security,[8] who provided the personnel to do the work in order to give back to the community.
Every new entry included a full title, disclosure timeline, description, solution (if known), classification metadata, references, products, and researcher who discovered the vulnerability (creditee).
Originally, vulnerability disclosures posted in various security lists and web sites were entered into the database as a new entry in the New Data Mangler (NDM) queue.