Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nessus 3.0 discussed

Posted by ScuttleMonkey on from the profits-and-the-bottom-line dept.

An anonymous reader writes "Nessus is one of the world's most popular (open source) vulnerability scanners, used in over 75,000 organizations world-wide. Many of the world's largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications. With the recent news of going closed source Ron Gula took a few minutes to talk to SecurityFocus. From the article: 'I speak to a lot of different open source project managers and they say similar stuff -- it's mostly free users and not really code contributors.' What would happen now? Nessus 3 will provide an average 5x speed improvement compared to the old, but open source, 2.x version, and a lot of new features."

5 of 131 comments (clear)

  1. More info links by lampiaio · · Score: 5, Funny

    Wikipedia entry
    Official Website

    sorry, bad karma makes people do this kind of post...
    :(

    --
    My other account has mod points.
  2. Seems simple enough... by Anonymous Coward · · Score: 5, Interesting

    You own the project. You can decide whether it's open source or not.

    However, some questions:

    1. Can someone more familiar with the licensing process elaborate on the pandora's box here?

    Imagine that you are a code contributor who in **good faith** contributed a patch or entire modules under the assumption that such contributions were going to be under that open source license. Now that the company pulls the source and closes it down, does that mean they took your work and will use it for their closed source purposes without your consent? Profit from it? Can you revoke their access to it? I can't imagine that such licenses have a statement of what happens to the code once it leaves your hands and goes into the archive... Imagine: "All your work becomes property of our CVS tree and cannot be returned if the tree becomes closed."

    2. Why wouldn't they just keep the CVS tree accessible by main developers and give only those important people commit access?

    Like pretty much any large project (*BSD, Linux kernel) does? Yep, I know -- they make it so those without such access cannot check out code just to see if they want to be part of the project in the first place. But could they be convinced if enough people show interest? I guess that's the problem -- too many users, not enough developers or users with enough motivation/ability to make useful changes and additions.

    3. How long until we see OpenNessus or (insert clever derivative name here)?

    Just like other projects with licensing/source/philosophical issues - make a fork of the last available code and try to go their own way. Just like OpenBSD from NetBSD, IPCOP from Smoothwall, etc. etc.

    Just curious.

  3. End of the day, you don't eat good intentions by xtal · · Score: 5, Insightful

    It's unfortunate it went closed source versus a service-supported model, but in the real world, there's cheques to sign. If one group is doing the efforts and not being compensated, that's the cathedral model, and cathedrals have collection plates. Open source works best when users are developers. That also explains the state of most of the user interfaces on the more complicated projects. (sarcasm, but with a grain of truth)

    Something else I've noticed is open source works well on widgets and shared components and APIs. Once the toolset becomes very focused and vertical in appeal, the model works less well - unless the users are also developers.

    It will be interesting to see how the forked version works.

    Smoothwall has done a good job with their approach. We'll see how it continues in the future.

    --
    ..don't panic
  4. open source != open source project by penguin-collective · · Score: 5, Interesting

    'I speak to a lot of different open source project managers and they say similar stuff -- it's mostly free users and not really code contributors.'

    If your open source project is popular but you don't manage to attract contributors, the fault is likely with the people managing the open source project: any popular project potentially has hundreds of contributors.

    Just writing software, making it open source, and having it become popular doesn't create an "open source project"--you have to design and manage the project as an open source project. You have to make it easy for people to contribute, organize the code appropriately, be nice to potential contributors, and give people an incentive to contribute.

    (Just one data point: last I looked at Nessus, it didn't look like a good foundation to build on for our needs.)

  5. What do you mean, "Funny"?? by lampiaio · · Score: 5, Funny

    "Funny" gives me no karma points! Get those informatives moving!

    --
    My other account has mod points.