On Mon, Jan 06, 2003 at 09:16:09AM -0700, William Smith wrote: > > So what does this mean for the nessus community? Any chance that there > will be a "Nessus Pro" fork or something like that, like Tripwire and > Sendmail? Or does Tenable Security plan on following a Redhat model and > keeping everything free?
I'm glad you're asking, I was about to announce that officially. As some of you have noticed, Ron Gula (the original author of the Dragon IDS) and myself founded Tenable Network Security (www.tenablesecurity.com). The purpose of TNS is to sell distributed vulnerability assessment products that scale very well, both in term of speed (ie: all the class Bs can be scanned overnight) and in terms of use of the reports (ie: all the multiple security teams actually do something with the reports, the CIO sees that work is underway, the teams can share tips and help on how they solved a given vulnerability). For more details, see our white papers on our web site. At the heart of our product, we use Nessus, while keeping it fully GPLed (we _don't_ have a private CVS tree for Nessus nor top-secret patches) - we work on different products which happen to use Nessus. As a proof of good faith, you may have seen the result of all the optimization of the code that is being done - the plugins in Nessus 1.2.7 are way faster, NASL2 is available via CVS today (cvs -z3 co -rNASL2 libnasl). I also set up http://bugs.nessus.org/ to better keep track of what's wrong and in the end provide everyone with a software of higher quality, so there's full transparency (i'm not letting bugs on purpose so that people buy a "special" Nessus from TNS). [If you want to BETA test it for free, feel free to contact [EMAIL PROTECTED]] While we will continue to maintain Nessus and publish it under the GPL, we do not plan to do the same with the rest of our products. Those among you who know me personally know that I'm not an open-source zealot at all - OpenSource is a medium of distribution with multiple pros and cons, proprietary software is just another way. I also do not think it would make much sense to give away a distributed version of Nessus for anyone to take - if you're in charge of a big network, you probably have a budget for security. How will this affect the Nessus community ? Well, if you're a hardcore Nessus user, nothing changes for you, except that you now know that I will continue to lead its developement for some time. If you use Nessus routinely but want it to be distributed, there's now a product out there to help you to do that. I'm really excited with TNS, and I sincerely think that the company will be seen by the Nessus community as the nice sponsor behind the free scanner. I saw what happened with a couple of free projects which went semi-commercial and the dismay of the associated communities, and I really want to avoid that. I've suffered from those, I won't inflict that to anyone. I'll shortly move to the US (and become a cow-boy), I hope I'll meet happy Nessus users over there, -- Renaud - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
