Dana, imho one of the best bloggers on computer security, just posted on the Open Source Vulnerability Database (OSVDB). He points out the similarities between the OSVDB and CERTs Common Vulnerabilities and Exposures project (CVE).
They say the overall goals of the project are to promote greater, more open collaboration between companies and individuals, eliminate redundant works, and reduce expenses inherent with the development and maintenance of in-house vulnerability databases. I think time will tell if they are actually going to meet these goals in relation to the already available systems out there.
I agree that there is going to be some overlap, but what I really like
about the OSVDB that I don't see in the CVE is direct references to
Snort IDs. Which brings up the question: why are Snort references not included in the CVE?
