> -----Original Message----- > From: Michel Arboi [mailto:[EMAIL PROTECTED] > Sent: Saturday, October 08, 2005 5:51 PM > To: [EMAIL PROTECTED] > Cc: [email protected] > Subject: Re: followup Qs on license changes > > On Fri Oct 07 2005 at 14:05, Benjamin Tomhave wrote: > > > People who've contributed to this forum over the years have > a right to > > know if their ideas are to be incorporated into a closed-source, > > commercial product. > > As Renaud said many times, more than 1000 companies use > Nessus in appliances, or vulnerability scan service (which > they often call > "pen-test") without telling their customers, Tenable or whoever else. > So in a way, you already have the answer. It is "yes", more > than one thousand times. > By the way, why are you worrying now? > Shane Williams seems to have effectively answered the question about protection of ideas - namely, that they're not. Seems odd, but whatever. Here in the US, nothing surprises me any more.
I'm afraid that you're completely mischaracterizing my comments with the term "worrying" - no worry here at all. More me being antagonistic than anything. What Tenable is doing is completely understandable and fully justified, from a business perspective. From an open source perspective, it's a little more difficult to accept, but one need only look at the history on the list to see that Renaud's claims are fully substantiated. I don't recall anybody in the past 5 years contributing much more than plugins and bug reports over the list. Where I am potentially concerned is in the situation where a small company may have deployed Nessus internally to scan systems. Many small companies cannot afford commercial products, which is why they oftentimes turn to open source software. Will these companies now be required to pay a license fee? It seems unclear at this point. Hopefully, like with mysql, they'll be able to continue downloading and using the binaries from Tenable without fees, though they'll have to continue waiting a week for new plugins. C'est la vie. I just hope that this doesn't have the effect of causing companies not to scan their own systems rather than run the risk of being charged a fee. When pennies are important, these types of decisions can be made. Even more concerning to me personally is that this truly forces companies to rethink their use of open source software. Now, even if the open source package is better, it may be harder to make the pitch to use it since there's an additional degree of uncertainty. Some would argue that this uncertainty is inherent in the software anyway, which is mostly true, but is highlighted by the recent changes, both here and with Sourcefire. At any rate, despite the level of vehemence expressed by some, I've found the informative responses of a few on the subject to very useful. Always nice to know that a few people out there are interested in taking the time to answer a question based on their experience, and even more appreciated when they're able to assist with the research backing their answers up. _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
