It might be an interesting experience to hear what actually happens on Microsoft Patch Tuesday. How many open source submissions do you actually receive on that day? How soon after a patch is released does a test get deployed? Then how long do we have to wait until it is part of the feed? I think the answer to the last question is 7 days if I recall from an earlier post.
Jonathan Jesse Network+, Linux+, A+ MCSA Network Specialist Founders Trust Personal Bank This page and any accompanying documents contain confidential information intended for a specific individual and purpose. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ron Gula Sent: Wednesday, January 26, 2005 4:44 PM To: [email protected] Subject: RE: Tenable license discussion - Nessus engine Hi Robert, >I need to reply to Renaud, Ron and Tenable and have not done so - just lazy >I guess. I asked very specific questions about the Tenable/Nessus >relationship and their business plans. They have been amazingly honest and >forth-coming. I know most corporations would be this open. Maybe you meant "would 'not' be so open" ? I'm curious what your concern with Nessus is? Are you a consultant, a vendor, a security researcher, .etc? If we new what your specific issues with Nessus and the changes were, we can either agree to disagree or try to clarify. > 1. The majority of the plugins will be proprietary to Tenable. There is >no real room to have any real involvement by an open-source community when >the submissions will compete (and push-come-to-shove loose to the Tenable >submissions), so the future of Nessus plugins will be to support Tenable >activities Technically, this is Tenable's policy. However, our intent is not to shut out open-source developers. We've taken more input to Nessus now then before. Of course, the other view to this is that we *hardly* got submissions from the open source community on Microsoft Tuesdays or during worm outbreaks. Don't get me wrong, we got *some*, but nothing that approaches the commitment to maintaining a lab, doing QA on the NASLs, maintaining the NASLs, killing false positives in old checks, .etc. > 2. The core Nessus system will become proprietary Tenable (as alluded to >by Renaud's remarks to this message). Not so. >Far as I can tell by the responses by most on this list, this seems to be >fine with most Nessus users. As I have stated - Nessus is a critical >resource for the entire world, if you include cyber-terrorism looming, and >such. This is FUD. I really feel there will not be a cyber-terrorism event anytime soon. >Once Nessus is closed and Tenable, and if Tenable were to collaps, be >sold to another company, or whatever - Nessus will be gone. The same was true before Tenable became involved with Renaud. Previously, the number of people involved with Nessus could be counted on one hand. Now you need a spread sheet to keep track of who is doing what with testing, research, working with the OS vendors, .etc. *and* the original Nessus people are still very much running things as they see fit. And one other thing, you have absolutely no basis to make **any** claims about what will happen to Nessus if/when something good/bad happens to Tenable. > So, my interest is more than *idle*. I'm still not sure what your interest is. My guess (and I have no basis for this) is that you were using Nessus to somehow make money, deliver a service, .etc or that you need the latest Nessus checks but can't afford $1200 a year per scanner. Ron Gula, CTO Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
