Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, December 16, 2004

Nessus no longer free

Vendors relying on open-source Nessus won’t automatically get free, timely “plugin” programs after project managers of the popular vulnerability scanner announced a new feed structure that provides the most recent releases for a fee.

Though no company names were mentioned by Nessus leaders during their recent announcement, the popular vulnerability scanner reportedly is used in many commercial security products and services.

I got [responses that ranged from] looks of disbelief to veiled threats in some cases,” said Ron Gula, a Nessus project manager and president and CTO at Tenable Network Security, which also manages the Nessus project.  “The vendors who were using Nessus and not contributing anything to it were not happy.”

Jay Jacobson, CEO of Edgeos Inc. in Phoenix, would be screaming if people took credit for his creation for years.

A wide range of testing gizmos are available that can perform security vulnerability assessments, including basic port scanners, network and OS vulnerability assessment tools—even complex Web application penetration testing programs.

Almost all of the Nessus engine is made by those at Tenable, which includes Nessus founder Renaud Deraison as its chief research officer.

“It is difficult to financially justify releasing the work of a corporate developer to the open source community when that developer is supported by thousands of dollars of equipment, salary and benefits,” said Richard Bejtlich, technical director for the Monitoring Operations Division of ManTech’s Computer Forensics and Intrusion Analysis group.

In response to the “exploitation” of his brain child, Deraison, who still leads the Nessus project, announced that Nessus feeds will still be available in three forms: for a fee; for those who register, but with a seven day delay; and under copyright as part of the GNU Public License.

A “Registered Feed” is available for free to the general public, but new plugins are added seven days after they are added to the Direct Feed.

Plugins accepted with a copyright under the GNU Public License will be distributed to the Direct, Registered and GPL feeds at the same time.

http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1034903,00.html

Posted on 12/16
News • (0) CommentsPermalink