Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nessus 3.0 Released

Posted by ScuttleMonkey on from the now-vulnerable-to-consumer-aquisition dept.

duplo1 writes Tenable Security has announced the release of Nessus 3.0. Nessus is an enterprise level vulnerability scanner and this new version brings a complete rewrite of the Nessus engine redesigned for increased speed and efficiency running on the average, twice as fast as Nessus 2. From the release: "In addition to gaining dramatic improvements in performance, Tenable also provides an optional Direct Feed subscription service for Nessus 3.0 which provides immediate access to new vulnerability checks and entitles Nessus 3.0 users to commercial support from Tenable. The Tenable Plugins include support for a rating methodology called Common Vulnerability Scoring System (CVSS) that can be used to express the criticality of a discovered vulnerability or threat."

14 of 108 comments (clear)

  1. There's also the itsy bitsy license change... by Anonymous Coward · · Score: 5, Informative

    You know, not GPL anymore. Did that escape you while writing the ad?

    1. Re:There's also the itsy bitsy license change... by burns210 · · Score: 3, Informative

      Yea, they do actually. It is a revenue source for slashdot, paid stories. No kidding.

    2. Re:There's also the itsy bitsy license change... by Mark+Round · · Score: 4, Interesting

      Which is a major PITA, as there's currently no download for anything other than x86 Linux/FreeBSD. I run Nessus on Solaris (I'm the maintainer for the Blastwave.org packages), and it is this ramification of the license change that I find most infuriating. It wouldn't perhaps be so bad if Tenable could guarantee that all platforms would have binaries available for them - but this means they're leaving a large section of their userbase out in the cold. And woe betide you if you're running anything they consider really obscure or not worth supporting. Here's to the continued development of the forked GPL version.

    3. Re:There's also the itsy bitsy license change... by Mark+Round · · Score: 4, Insightful

      And if I wanted to host this at our datacentre, in order to scan the systems on our network which is firewalled off from the outside world ? I'd then have to shell out for additional rack space, power, etc. Not to mention that in many environments "just bung a live CD into an x86 box" won't get past upper management ? Throwing additional hardware (even if it is "commodity" as you say) is hardly a great solution and only further encourages vendors to provide closed source solutions.

      Once the source is closed, your option of running software on the platform of your choice may be gone forever. You're then totally dependant on the developer to continue supporting your platform. You also, by extension, have to hope they never go out of business, especially if their product incorporates some sort of time-locked licensing. If they wake up one morning and decide that it's no longer economically viable to continue building their product for your platform, you're screwed. Never mind that you may have built your entire infrastructure around a certain technology, and it's not economically viable for you to jump ship to whatever the flavour of the month is; if you want to continue running closed source product X, you have to dance to the beat of the developers' drum.

  2. Nessus 3 no longer GPL by hunterx11 · · Score: 4, Informative

    Worth mentioning (though it has already been covered here on /.) is that this is the first closed-source version.

    --
    English is easier said than done.
    1. Re:Nessus 3 no longer GPL by barefootgenius · · Score: 5, Informative

      It has forked though. Here's their DokuWiki link

      http://www.openvas.org/doku.php?id=

      --
      /. bug #926803 - Why I can post.
  3. Hindmost by Spy+Handler · · Score: 4, Funny
    Nessus is an enterprise level vulnerability scanner

    I thought he was Hindmost's lover :o

  4. Now that Tenable is /.'d by Cherita+Chen · · Score: 3, Informative
    You can find a mirror to the release here. Good luck trying to download though...

    http://www.networkmirror.com/EA6knu7cjqyrJMp6/home .businesswire.com/portal/site/google/index.jsp%3Fn dmViewId%3Dnews_view%26newsId%3D20051212005715%26n ewsLang%3Den.html

    --
    I'm not fat, just big boned...
  5. v3.0 Download? What Download? by perlionex · · Score: 3, Interesting
    Nessus 3.0 is immediately available for download from Tenable...
    Their website doesn't list 3.0 as being available for download, just the old 2.26. What's up?
    --
    Gan Family Homepage
  6. Vulnerability shoots and scores by Neo-Rio-101 · · Score: 4, Insightful

    Without trying to sound like spam, we're currently using a vulnerability checking system called "nCircle IP360" (yeah, knock off the Xbox jokes). This thing needs constant updates and upgrades in order to keep track of the numerous vulnerabilities out in the wild. The thing even detects a Commodore 64 with ethernet cartridge as a recognized operating system! It too, gives each server it tests a vulnerability score.

    Thing is, when you're talking about constantly updated files for vulnerabilities, we're delving into the realm of virus-scanners and ad-ware scanners. There's gold in those downloadable updates people. Makes sense to me why Nessus is no longer open sourcing their new stuff.

    --
    READY.
    PRINT ""+-0
  7. Yeah, but there's also... by hug_the_penguin · · Score: 5, Interesting
    ...the fact it's majorly improved. Of the people here, most of them won't care that it's closed source, purely because of the reason they closed the source. If it hadn't been for rebranding issues, (IMO a fault with the GPL), nessus would still be open source. It's still the best there is, people will still use it.

    Not everyone will avoid anything that isn't free/libre, especially if the quality is good. The free software community brought it upon themselves by not helping out and in the case of the rebranders, for stealing all sources of revenue nessus had when GPL. 100 hour weeks hacking on code don't come for free, you know. We'd all prefer it to be free, but it's not essential

    --
    ~HTP~ Hug that tux ;)
    1. Re:Yeah, but there's also... by seifried · · Score: 5, Informative

      "Do you mean to tell me that the Nessus team found every vuln themselves and then coded an exploit to check for such vuln?"

      In a nutshell yes. They don't actually find all the vulnerabilities themselves, for that you can simply check the CVE database/etc. However as far as writing the plugins to check for the actual flaw/etc most of those were written by the core team, very few have been contributed by outsiders. Basically Nessus loses almost no outside development in moving to a closed source model, one of the biggest reasons to open source something (gain outside developers).

    2. Re:Yeah, but there's also... by Kjella · · Score: 3, Insightful

      If it hadn't been for rebranding issues, (IMO a fault with the GPL), nessus would still be open source.

      If your OSS business model relies on someone else not slapping their logo on it and selling it, then you have the wrong business model. It is not a fault with the GPL, and I'd be very worried if the GPL started making demands on when or if you could fork a project. I can sell "Mynix computers with Mohawk web server, YourSQL database and MyHP scripting language" (= LAMP) any day of the week, I doubt anyone would buy it. As long as the rebranders were respecting the GPL, it is Nessus' fault for not getting through to their customers about who is the source of this tool, and whom to support if they want it to continue. If you can't make any money other than on product sale, perhaps OSS is not for you. I'd much rather accept that than to see the GPL expand to become something like a "look, but don't touch" model.

      --
      Live today, because you never know what tomorrow brings
  8. To be fair... by victorhooi · · Score: 4, Insightful
    Guys, lay off the slagging, ok?


    I mean, seriously, it's been GPL all these years, the developers were putting in the hours and the hard work (And don't give me that c*ap about community contributions, because in relative terms, there wasn't really any).


    And they were suffering because people were essentially taking their work and simply rebranding it and selling it as their own. Isn't it only fair that Tenable themselves should now have the opportunity to sell what is, after all predominantly their work?


    I'm quick sick of all these GPL-fanatical twits going on about how evil Tenable is for doing what any reasonable person would have done. It's a wonder that Tenable put up with all the other companies selling their work for as long as they did.


    Also, guys, lay off the whole "haha, we slash-dotted your server" cracks..I mean, what can possible stand before the might of /., huh? Sun, eBay, Amazon, all of these petty masses shall cower before us, for we shall crush them under teh (sic) boot of our T1 1337-ness....


    cya,
    Victor