--- Renaud Deraison <[EMAIL PROTECTED]> wrote:
>
>
> Hi everyone,
>
>
> We are a few weeks away from releasing Nessus 3.0.0, and I'd like
> to
> take some time to explain our roadmap in this regard.
>
> Nessus 3 / Nessus 2 Roadmap
> ----------------------------
>
>
> Nessus 3 is major enhancement of the key components of the Nessus
>
> engine - the NASL3 intepreter has been rewritten from scratch,
> the
> process management has changed to reduce the overhead of
> executing a
> plugin (instead of creating NxM processes, nessusd now only
> creates N
> processes), the way plugins are stored has been improved to
> reduce
> disk usage, etc...
Woo hoo! Any other heads up on the improvements to NASL? My pain
has been a couple fold: discretionary reporting of the stimul{us,i}
sent and the response received; no matching between BID and CVE
entries; and numerous plugins doing one job (Apache < #.#.#). Do
you see those points changing w/ NASL3?
> Nessus 3 also contains a lot of built-in features and checks to
> debug
> crashes and mis-behaving plugins more easily, and to catch
> inconsistencies early.
>
>
> As a result, Nessus 3 is much faster than Nessus 2 and less
> resource
> intensive. Your mileage may vary, but when scanning a local
> network,
> Nessus 3 is on average twice as fast as Nessus 2, with spikes
> going
> as high as 5 times faster when scanning desktop windows systems.
Very nice!
> Nessus 3 will be available free of charge, including on the
> Windows
> platform, but will not be released under the GPL.
>
> Nessus 3 will be available for many platforms, but do understand
> that
> we won't be able to support every distribution / operating system
> available.
For those wishing to assist in the debugging aspects for non-RedHat
systems, what can we do? I'm thinking along the lines of FreeBSD
and Gentoo.
It sounds like the engine will be a binary download, possibly
containing redistribution restrictions, while a majority of the
plugins will be open-source (outside of policy ones), correct?
Also, what kind of restrictions does this carry for companies that
use Nessus3 in a vendor capacity (e.g. scanning 3rd party
networks)?
[snipped]
Thanks all for working on this, it's appreciated,
Jon
__________________________________
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
