Hello Rolando,
Please know that many here at Tenable have been Nessus users and supporters in one way or another for a very long time. Also know that managers from Tenable's R&D team, Product team, QA team & Customer Support team follow the Nessus list closely for what the community is interested in or finds painful and needs fixed or a better solution. Please comment / complain away, we do listen. All we can ask is that you be civil about it for professional respect, something that nearly all members of the Nessus mailing lists have been.
On Nessus.
There is currently no intent on closing Nessus. While I cannot speak about what the long term future holds, we are very committed to the open source project Renaud created, that is Nessus, for a variety of reasons. You may have noticed that Tenable has even taken to updating NessusWX, the Windows based Nessus client that had some bugs (a related by independant project that had gone stale) by using resources from our Windows development staff. We gave away our updated solution even though it is a competing product to Tenable's NeWT scanner.
That said, someone has to pay for the developers, researchers, servers, bandwidth, research costs (a lab is dedicated to this), QA effort, the donuts Renaud speaks of (I'll have to go looking for those), etc. It's not all free. Tenable, represents one of many efforts to follow an open source model while simultaneously supporting a for profit business that accelerates the development and research process of the tool. So far, this has worked well for Tenable and the Nessus project as many of the changes in Nessus in the last two years represents a major effort to equal all of the purely commercial products available and in many ways, exceed their capabilities. This has continued to be available for free to the public. What Tenable has noticed is that many companies and small service groups are have begun employing Nessus in commercial ventures and sometimes we run into direct competition with said organizations using our own product against us.
Somehow, this seems less than fair and most importantly, this is not the community.
For the community, it's a pretty powerful tool that we are only asking that users register to use. Without that registration, companies that are out of line with the licensing can claim to have never seen any restrictions about the use of Nessus. This eliminates that loophole while still allowing the private, community users to use Nessus free of charge. This is a notification to those groups that they have always been out of line with the licensing of Nessus. Also, many of these vulnerability assessment organizations develop changes and plugins which they do not contribute to the project, breaking the GPL license and the license held by Tenable over the engine and specific plugins. Tenable on the other hand has worked hard to increase the functionality and speed of Nessus and this coding effort is available to you for free at nessus.org. When the NeWT scanner was initially released, it was significantly faster than Nessus, changes were implemented into Nessus that took advantage of the lessons learned in NeWT and brought its speed on par with NeWT. (Renaud would never allow such a situation between UNIX and Windows to persist. ;-D ) My group maintains a number of proprietary UNIX OS's in our lab to assist with porting Nessus to these platforms even though Tenable receives no direct value from these efforts and we plan on increasing the number. The community is directly benefiting from Tenable.
Tenable's legal paths are not something I can comment on so I have to end this message here. But please know that from every part of the management at Tenable, we like the Nessus tool as a GPL'd open source project. We do gather good testing information from the community and respect that contribution. There will continue to be new features added to Nessus, funded and produced by Renaud and Tenable and free for your use.
I thought the community should hear this from one more part of the Tenable management team.
Hope this helps.
Regards,
-- Dan
Daniel Bowman Director of Support & QA Tenable Network Security
----- Original Message ----- From: Rolando Azpurua
To: [EMAIL PROTECTED] ; [EMAIL PROTECTED]
Sent: Monday, December 13, 2004 12:55 PM
Subject: RE: questions regarding new plug-in policy
I am a user. I have never contributed to the project I have no rights to talk and criticize? It has been your project and effort that started as a complete GPL effort. As always happens, people gets greedy People wants more power And they decidewd to yell at everybody else. What can we do?
Rolando
Hyland Jeremy J CONT KPWA <[EMAIL PROTECTED]> wrote:
I am most annoyed because I have seen this trend before. Now you want us to register, next year it becomes purely pay for subscription, one year later Nessus isn't even supported any more and is replaced by a proprietary Tenable product.
Apparently I was mistaken about the number of contributors. I just assumed that with 2000+ GPL plug-ins, there must have been quite a few people involved for non commercial reasons.
-----Original Message----- From: Renaud Deraison [mailto:[EMAIL PROTECTED] Sent: Monday, December 13, 2004 9:06 AM To: [EMAIL PROTECTED] Subject: Re: questions regarding new plug-in policy
On Mon, Dec 13, 2004 at 08:55:34AM -0800, Hyland Jeremy J CONT KPWA wrote:
But what about my question? Will Tenable be taking legal action against companies violating the license agreement on copyrighted plug-ins?
I do not discuss such legal matters in public.
In addition, how do you expect me to take your company seriously when you respond to email in such a manner.
I speak for myself.
You guys are the ones changing the game here, so if you want to maintain your formally loyal user base, then you need to adequately sell us on these changes.
First, we may be the one to "change the game", but I'll remind you that we're the one who started it. And Renaud+Tenable are _by far_ the biggest contributors to Nessus (both the plugins and the engine), while you've been a user so far. In another mail you stated that Nessus was the work of "hundreds of developpers". I suggest you look at the CVS logs and everything to see how many contributors there have really been over time.
Second, I don't need to sell you on these changes, because it's not a vote. If you're not happy with this new p olicy, then stop using the plugins we wrote and stick to the GPL plugins. That's plain and simple, and best of all, it does not require any change on your side.
Third, you still have not told me WHAT the annoyance was. I'm sure that it would benefit to the whole community if you could underline real annoyances which I'll be happy to fix, instead of complaining for no reason.
-- Renaud
_______________________________________________
Nessus mailing list
[EMAIL PROTECTED]
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
