From: Ron Gula (rgulatenablesecurity.com)
Date: Fri Oct 07 2005 - 20:52:06 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> What should be of more concern to the community is that the Nessus
> source is being closed. Personally, I would have suggested to adjust
> pricing a bit and add restrictions to counter reseller-leeching, but
> keep the source open.

How would charging people more money prevent them from not abiding by
the GPL or even Tenable's license agreements?

- Nessus 2 source is still available, GPLed and will be maintained.
- Nessus 3 will be available shortly and be free

> Now that it is being closed, I wonder how long it
> takes before the community once supporting Renauld will fork the
> current
> code and carry on by themselves.

We haven't had any support of this kind. I really feel there are very
capable programers out there who can contribute to Nessus, but to date
we haven't really gotten any. Even on the NASL vuln check side, a
majority of the plugins are Tenable.

> Open source software has the interesting property to survive attempts
> to
> privatize code into proprietary environments, mainly be forking and
> living on.

It sure does. Again, we're not trying to hide Nessus 2 code. We've just
made many improvements to the engine and don't want to expose these
algorithms.

> (Ron, I know you read DD. Please reconsider turning your back on the
> community. Raise prices or do whatever, but leave the code open.)

Why do you need the code? Right now, the vulnerability checks are still
in NASL too.

I don't think we're turning our back at all. Giving away a product two
to five times faster than the current open source version makes most
people very happy.

Rasing prices screws the average nessus user and puts recent
vulnerability checks out of the hands of people who can't afford it.

--rgula

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]