The purpose of the VERIS Community Database is to promote data-driven decision making and evidence-based risk management in the information security community by creating a public repository of breach data in an open format. The data is free for anyone to take and use as they see fit, and contributing incident data is highly encouraged.
we talk about breaches. This isn't some kind of fight club where we hoard data among a select few that sit around agreeing with each other all day. All of the incidents waiting to be added to the database are issues in github which makes it easy for us to discuss them and add to the corpus of knowledge.
Information might want to be free, but we don't always have permission to let it out. The VCDB has a hard rule that no private knowledge may be entered into the database. Only information that is freely available on the Internet may be used in coding an incident. Every incident in the database should be auditable by anyone and that is only possible if incidents are coded using public sources.