> Robert Keith wrote: > > >So, the direction for Nessus seems to be: > > 1. The majority of the plugins will be proprietary to > Tenable. There is >no real room to have any real > involvement by an open-source community when >the > submissions will compete (and push-come-to-shove loose to > the Tenable >submissions), so the future of Nessus plugins > will be to support Tenable >activities > > > > > I don't think that's the only path... > > As far as I'm aware, you could do what happened in Snort > when SourceFire was formed, and the official development > became done by the Sourcefire group. Namely, start a > "bleeding edge" subset of plugins. I don't think Tenable > would have any issues with that?
I have *huge* issued with that, and I have delt with this before. Back in my Dragon IDS days (a commercial, closed source IDS), someone started producing signatures that worked with Dragon. Paying customers wanted to run those signatures **and** the commercial signatures even though there was overlap. What they got was a lot of varrying quality to the code, duplicates, errors, .etc. My compay at the time had to end up QAing those signatures as well, which ment more work and money spent on stuff we had nothing to do with. > Better watch those > "equivalent" rules don't look like they were cut-n-pasted > from Tenable's feed of course! ;-) We watch for this sort of thing all the time. It happens much more often than people realize. > So you could have the "officially sanctioned" plugins from > Tenable, and "bleeding edge" plugins from the Open Source > community. > > And those who care about quality will stick to > the Tenable ones ;-) [not to slight the Snort Bleeding > edge stuff - hell - I contribute to that! It's just their > False Positive rate is a lot higher due to the sorts of > stuff their rules look for, and they are more interested > in getting rules out that detect the bad things than in > quality control] I'm sure the sourcefire folks are thrilled at haveing a another signature farm out there. Having a false positive in an IDS sig just means more alerts. Having a bad plugin for Nessus means angry system administrators and tarnishing the name of Nessus. Ron Gula, CTO Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
