Hi all,
I think that Tenable is entirely within their rights to make the changes that they have and I think that they have made and will continue to make great contributions to the general public with Nessus and their plugins. They deserve to be compensated for the work that they have put in and I understand their concern about other companies making money selling appliances and front ends to Nessus.
Correct me if I am wrong, but there is nothing preventing a company / group from forking Nessus (and the GPL plugins) now or in the future, if desired. This is one of the great things about open source software. So, if you don't like what is happening now, fork now. If you are worried about the future, you can fork then. Otherwise, accept it and move on. As for the concern about GPL plugins being delayed / trumped by Tenable ones, anyone is free to start their own feed if they so desire.
As a related question: Is there anything preventing a company / group from writing their own plugins and distributing them under another license (other than Tenable's or the GPL)? I would think not since the plugin is basically a program, similar to a perl script, that can be licensed however the author chooses. This is mostly out of curiousity, but I know that just like their are people that love the GPL, there are some that hate it and would prefer to release plugins under a BSD-style or other license.
The real reason that I am writing, however, is that I am a little concerned over the statement below. Is part of the reason for this shift to charge people that use Nessus as part of VA / Pen Testing services? I read through the license of the registered feed of the Tenable plugins and I don't see anywhere that such use is prohibited or requires payment for the "Direct" feed (it does require signing the 5 page legal document and faxing to Tenable). While I agree that a professional VA team that is charging hundreds of dollars an hour does owe something back to the Nessus project and can afford what Tenable is charging (and should have the most up to date plugins), I don't know if that holds true for all companies doing VAs. I have a full time job, but I have been thinking that I may start a side business doing VAs (and probably setting up Firewalls, cleaning SpyWare, doing a little data recovery, and other things as well) for small businesses or individuals. Will I be able to use the Registered feed plugins for this? I thought yes, but now I am not so sure.
Thanks all and have a great day.
Chuck W.
Ron Gula wrote:
We realize that there are many organizations, which will be effected by the plugin changes. I do not want to discuss in a public forum any legal strategies Tenable may be pursuing and I would also suggest that MSPs and product vendors *not* be highlighted on this mailing list. As I said before, we feel the number of folks who have embedded Nessus into their commercial service/product/consultancy is in the 1000s.
Ron Gula Tenable Network Security
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
