‘str0ke‘, one of the leaders of the ex-hacking group ‘milw0rm‘, that split up in 1998, started a public exploit archive in early 2004. He chose to do so when ‘FrSIRT’ (another exploit source) changed into a private, paid source (which in 2008 became VUPEN). Over the years, milw0rm became a trusted source of knowledge as all the exploits were being verified before they were added. As the site grew in popularity, so did the number of submissions and along with them, the work created for str0ke.
On 8th July 2009, str0ke announced the site would be closing down. However, due to overwhelming demand from the community, the next day he publicly stated the project would continue for the time being, until he was able to hand off the project to someone else. The group he handed the database to was Offensive Security. This was reported publicly on the 4th November 2009 (This was revealed ahead of time to help stop some of the rumours being spread). The handover went live on the 16th November 2009. The domain, ‘exploit-db.com’, was setup on the 17th November 2009, where it still continues today. Milw0rm did not accept any updates after September 2009 and closed its doors for good at some stage in late 2010.
Exploit-DB has kept the idea of milw0rm alive, by accepting submissions and verifying the content. The members have changed over the years, however it is currently looked after by: