Its developers have spent hours stuffing it full of broken, ill-configured, outdated and exploitable software.
Oh sure, it's still Linux, and the apps in question - Apache, MySQL, PHP, FTP and the like - are usable and were indeed versions in production. You could actually use this as a live Linux system if you really wanted.
The point is, however, you shouldn't. The software loaded has been specially chosen because they have known security vulnerabilities. They can all be hacked, cracked, broken, exploited, tickled and generally misused.
The author of DVL - Dr Thorsten Schneider - came up with the idea so he could give practical lessons in his University classes. After all, the theory behind reverse engineering, buffer overflows, SQL injection and other popular techniques only goes so far. To really teach people how to hack, or how to protect themselves from hacking, you need to show it.
Like any Linux distro, you don't need to run DVL on a dedicated machine. In fact, given its raison d'Ãªtre you shouldn't. The best recommendation is to devote a virtual machine to it under VirtualBox or some other sandpit environment.
You can download DVL from www.damnvulnerablelinux.org as a 1.8Gb download.