Free Open-Source vs. Commercial Security Tools?

sahirh asks: "I work as a penetration tester and recently started writing a whitepaper on the benefits of free, open-source security tools over commercial tools. Through my own experiences, I've found that many free tools such as Nessus and Kismet are more reliable and have better features than expensive commercial alternatives like ISS Internet Scanner or Airopeek. I've also noticed that tools like Ettercap have no commercial alternative. Further, the flexibility offered by the open-source nature of such tools is a great benefit. I'd like to ask for Slashdot's experiences and opinions on why you don't need to spend thousands of dollars on an expensive tool to perform a professional security assessment." Update: 02/07 11:15pm EDT by C : Thanks to all who wrote in to let us know the proper URL to the Kismet site.

Re:Accountability -- Reminde me not to hire you

[Stephen+Samuel]

I would use commercial software. Why? Because if something does go wrong, it is the vendors fault and not yours.

grunt: Admiral! There's a missile comming our way, and the defence systems have just blue screened!
admiral: Thank god I can blame Microsoft for this!
missile: BOOM!

So you'd use inferior software just because you can point the finger at someone else when the software fails??? Wouldn't you rather use the best software for the job (even if it's cheaper)??

I mean, it's not like most commercial vendors take any responsibility for their software, anyways -- have you read your EULA's recently?

At least with open source software, you have the option of fixing any bugs yourself if the vendor refuses to. With Proprietary code, your only choice is to grin, bend over and wait for your bill.