Slashdot Mirror
Nessus 3.0 Released
duplo1 writes Tenable Security has announced the release of Nessus 3.0. Nessus is an enterprise level vulnerability scanner and this new version brings a complete rewrite of the Nessus engine redesigned for increased speed and efficiency running on the average, twice as fast as Nessus 2. From the release: "In addition to gaining dramatic improvements in performance, Tenable also provides an optional Direct Feed subscription service for Nessus 3.0 which provides immediate access to new vulnerability checks and entitles Nessus 3.0 users to commercial support from Tenable. The Tenable Plugins include support for a rating methodology called Common Vulnerability Scoring System (CVSS) that can be used to express the criticality of a discovered vulnerability or threat."
You know, not GPL anymore. Did that escape you while writing the ad?
Worth mentioning (though it has already been covered here on /.) is that this is the first closed-source version.
English is easier said than done.
"Do you mean to tell me that the Nessus team found every vuln themselves and then coded an exploit to check for such vuln?"
In a nutshell yes. They don't actually find all the vulnerabilities themselves, for that you can simply check the CVE database/etc. However as far as writing the plugins to check for the actual flaw/etc most of those were written by the core team, very few have been contributed by outsiders. Basically Nessus loses almost no outside development in moving to a closed source model, one of the biggest reasons to open source something (gain outside developers).