Nessus 3.0 Released

← Back to Stories (view on slashdot.org)

Posted by ScuttleMonkey on Monday December 12, 2005 @08:23PM from the now-vulnerable-to-consumer-aquisition dept.

duplo1 writes Tenable Security has announced the release of Nessus 3.0. Nessus is an enterprise level vulnerability scanner and this new version brings a complete rewrite of the Nessus engine redesigned for increased speed and efficiency running on the average, twice as fast as Nessus 2. From the release: "In addition to gaining dramatic improvements in performance, Tenable also provides an optional Direct Feed subscription service for Nessus 3.0 which provides immediate access to new vulnerability checks and entitles Nessus 3.0 users to commercial support from Tenable. The Tenable Plugins include support for a rating methodology called Common Vulnerability Scoring System (CVSS) that can be used to express the criticality of a discovered vulnerability or threat."

4 of 108 comments (clear)

Min score:

Reason:

Sort:

Vulnerability shoots and scores by Neo-Rio-101 · 2005-12-12 20:58 · Score: 4, Insightful

Without trying to sound like spam, we're currently using a vulnerability checking system called "nCircle IP360" (yeah, knock off the Xbox jokes). This thing needs constant updates and upgrades in order to keep track of the numerous vulnerabilities out in the wild. The thing even detects a Commodore 64 with ethernet cartridge as a recognized operating system! It too, gives each server it tests a vulnerability score.

Thing is, when you're talking about constantly updated files for vulnerabilities, we're delving into the realm of virus-scanners and ad-ware scanners. There's gold in those downloadable updates people. Makes sense to me why Nessus is no longer open sourcing their new stuff.

--
READY.
PRINT ""+-0
To be fair... by victorhooi · 2005-12-12 22:10 · Score: 4, Insightful

Guys, lay off the slagging, ok?

I mean, seriously, it's been GPL all these years, the developers were putting in the hours and the hard work (And don't give me that c*ap about community contributions, because in relative terms, there wasn't really any).

And they were suffering because people were essentially taking their work and simply rebranding it and selling it as their own. Isn't it only fair that Tenable themselves should now have the opportunity to sell what is, after all predominantly their work?

I'm quick sick of all these GPL-fanatical twits going on about how evil Tenable is for doing what any reasonable person would have done. It's a wonder that Tenable put up with all the other companies selling their work for as long as they did.

Also, guys, lay off the whole "haha, we slash-dotted your server" cracks..I mean, what can possible stand before the might of /., huh? Sun, eBay, Amazon, all of these petty masses shall cower before us, for we shall crush them under teh (sic) boot of our T1 1337-ness....

cya,
Victor
Re:Yeah, but there's also... by Kjella · 2005-12-12 23:49 · Score: 3, Insightful

If it hadn't been for rebranding issues, (IMO a fault with the GPL), nessus would still be open source.

If your OSS business model relies on someone else not slapping their logo on it and selling it, then you have the wrong business model. It is not a fault with the GPL, and I'd be very worried if the GPL started making demands on when or if you could fork a project. I can sell "Mynix computers with Mohawk web server, YourSQL database and MyHP scripting language" (= LAMP) any day of the week, I doubt anyone would buy it. As long as the rebranders were respecting the GPL, it is Nessus' fault for not getting through to their customers about who is the source of this tool, and whom to support if they want it to continue. If you can't make any money other than on product sale, perhaps OSS is not for you. I'd much rather accept that than to see the GPL expand to become something like a "look, but don't touch" model.

--
Live today, because you never know what tomorrow brings
Re:There's also the itsy bitsy license change... by Mark+Round · 2005-12-13 01:52 · Score: 4, Insightful

And if I wanted to host this at our datacentre, in order to scan the systems on our network which is firewalled off from the outside world ? I'd then have to shell out for additional rack space, power, etc. Not to mention that in many environments "just bung a live CD into an x86 box" won't get past upper management ? Throwing additional hardware (even if it is "commodity" as you say) is hardly a great solution and only further encourages vendors to provide closed source solutions.

Once the source is closed, your option of running software on the platform of your choice may be gone forever. You're then totally dependant on the developer to continue supporting your platform. You also, by extension, have to hope they never go out of business, especially if their product incorporates some sort of time-locked licensing. If they wake up one morning and decide that it's no longer economically viable to continue building their product for your platform, you're screwed. Never mind that you may have built your entire infrastructure around a certain technology, and it's not economically viable for you to jump ship to whatever the flavour of the month is; if you want to continue running closed source product X, you have to dance to the beat of the developers' drum.