I've always supported the open-source movement even when I worked for the attack and penetration team of a Big Five firm. Unfortunately, the powers-that-be insisted on using commercial software.
Many times I'd argue the point that when new vulnerabilities arise, the Nessus community kicks into high gear and creates a plug-in unlike waiting for the monthly updates from the likes of CyberCop, et. al. Well if this snippet from Security Wire Digest doesn't make my point even more relevant, I don't know what does! *NETWORK ASSOCIATES STOPS MAKING CYBERCOP Network Associates Inc. (NAI) this summer will phase out its popular CyberCop vulnerability scanner and IDS product, and incorporate the technology into its Sniffer Technologies analysis tools. The company announced recently that it would cease making CyberCop Scanner 5.5, distributed CyberCop Scanner 2.0 and CyberCop Monitor 2.5 beginning July 1. Maintenance for the scanner line ends in 2004, and signature updates will now be done quarterly, rather than monthly. NAI plans to incorporate some of CyberCop's features--such as tracer packet firewall testing--into Sniffer products. The company incorporated CyberCop technology into its McAfee ThreatScan vulnerability assessment tool earlier this year. NAI previously announced it was folding its PGP Security division into other product lines, including McAfee Security and Sniffer Technologies. Quarterly updates for CyberCop??? This is great news for Nessus! I can't say enough good things about Nessus and the community. This move, in my opinion, just makes Nessus more attractive to security professionals and another reason to move away from the commercial vendors (not all, just the ones who think vulnerabilities are released according to some type of schedule). Kudos to Nessus and everyone involved! Keep up the outstanding work. -- Terry Dunlap, MCSE Network Security Western Kentucky University 1 Big Red Way, WAB 313 Bowling Green, KY 42101 270.745.6909 rm -f /usr/bin/laden
