Hey All, Could someone clarify these two points in the license agreement [1], since I think they may have farther reaching affects than anticipated (or perhaps not):
"Registration. You agree to use the Plugins only in conjunction with Nessus or NeWT vulnerability scanner programs obtained directly from www.nessus.org or www.tenablesecurity.com and registered with Tenable (Registered Scanners)." Am I out of the terms if I receive the scanning code from the FreeBSD project's ftp server or a Gentoo mirror versus the aforementioned URL's, since the code was not received directly from those URL's? To me, "directly" means getting it right from those URL's. Also, what about caching proxy servers and such? "No Reverse Engineering; Other Restrictions. You shall not, directly or indirectly: (i) sell, lease, rent, license, sublicense, distribute, redistribute or transfer any Plugins or any of your rights under this Agreement; (ii) modify, translate, reverse engineer (except to the limited extent permitted by law), decompile, disassemble or create derivative works based on any Plugins; (iii) use any Plugins other than in conjunction with Registered Nessus or NeWT Scanners obtained directly from www.nessus.org or www.tenablesecurity.com to detect vulnerabilities on your own system or network or on the system or network of a third party for which you perform scanning, auditing, incident response, vulnerability assessment or other security consulting services; or (iv) remove, alter or obscure any proprietary notice, labels or marks on any Plugins. You are responsible for all use of the Plugins downloaded under this Agreement and for compliance with this Agreement by any user of the Plugins." Section (ii) seems to me that I cannot look at the plugins to help in false positive validation and provide patches, since I would have to reverse engineer what the plugin is doing. I guess that 'reverse engineer'-ing isn't well-defined to me, since I do not know how the State of Maryland defines reverse engineering. Nor does it seem that I can even "modify" the plugin, so how could I patch it? Or what about times where I'm debugging, I can't "modify" the plugin to put in a comment or a display() statement, either, correct? Can we get clarification on this? Also, the "obtained directly" clause is in here (probably elsewhere), as I commented above. I'm so not a lawyer, so I might be over-exaggerating and speaking way above my knowledge level, but it does seem somewhat off to me. I appreciate your time on this and hope I'm not coming off as confrontational. I'm just looking for some guidance. Thanks, Jon [1] http://www.nessus.org/download/TenableCommercial.pdf __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
