Hi Robert,
I need to reply to Renaud, Ron and Tenable and have not done so - just lazy I guess. I asked very specific questions about the Tenable/Nessus relationship and their business plans. They have been amazingly honest and forth-coming. I know most corporations would be this open.
Maybe you meant "would 'not' be so open" ?
I'm curious what your concern with Nessus is? Are you a consultant, a vendor, a security researcher, .etc? If we new what your specific issues with Nessus and the changes were, we can either agree to disagree or try to clarify.
1. The majority of the plugins will be proprietary to Tenable. There is no real room to have any real involvement by an open-source community when the submissions will compete (and push-come-to-shove loose to the Tenable submissions), so the future of Nessus plugins will be to support Tenable activities
Technically, this is Tenable's policy. However, our intent is not to shut out open-source developers. We've taken more input to Nessus now then before. Of course, the other view to this is that we *hardly* got submissions from the open source community on Microsoft Tuesdays or during worm outbreaks. Don't get me wrong, we got *some*, but nothing that approaches the commitment to maintaining a lab, doing QA on the NASLs, maintaining the NASLs, killing false positives in old checks, .etc.
2. The core Nessus system will become proprietary Tenable (as alluded to by Renaud's remarks to this message).
Not so.
Far as I can tell by the responses by most on this list, this seems to be fine with most Nessus users. As I have stated - Nessus is a critical resource for the entire world, if you include cyber-terrorism looming, and such.
This is FUD. I really feel there will not be a cyber-terrorism event anytime soon.
Once Nessus is closed and Tenable, and if Tenable were to collaps, be sold to another company, or whatever - Nessus will be gone.
The same was true before Tenable became involved with Renaud. Previously, the number of people involved with Nessus could be counted on one hand. Now you need a spread sheet to keep track of who is doing what with testing, research, working with the OS vendors, .etc. *and* the original Nessus people are still very much running things as they see fit.
And one other thing, you have absolutely no basis to make **any** claims about what will happen to Nessus if/when something good/bad happens to Tenable.
> So, my interest is more than *idle*.
I'm still not sure what your interest is. My guess (and I have no basis for this) is that you were using Nessus to somehow make money, deliver a service, .etc or that you need the latest Nessus checks but can't afford $1200 a year per scanner.
Ron Gula, CTO Tenable Network Security
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
