Can someone explain the differences between a CVE and an OSVDB identifier? Both seem to serve the purpose of uniquely identifying a vulnerability or an expose, however not every OSVDB entry also has a CVE number.
How are both related and how is decided which one is assigned to a certain vulnerability?