> [EMAIL PROTECTED] wrote: > > >I'm sure the sourcefire folks are thrilled at haveing a > >another signature farm out there. Having a false positive > >in an IDS sig just means more alerts. Having a bad plugin > >for Nessus means angry system administrators and > tarnishing >the name of Nessus. > > > Interesting response. So are you saying you don't like it > - or it would break the license?
I don't like it. If the plugins were not GPL, this would break the license. ;-) We are talking > theoretically here - there's been nothing but hot air so > far on the issue of others writing "competing" plugins - > but it could (legally) happen? I'm not a lawyer. > As far as snort goes, I haven't heard any complaints from > Sourcefire about having the competition - to be honest - > they meet the needs of two different market segments. You would not hear complaints. It is extreamly difficult for any vendor (unless you are microsoft) to make complaints about people who volunteer their time, regardless of the quality of research or code. > It's disingenuous to say that a separate plugins stream > would "tarnishing the name of Nessus" - it hasn't > happened to Snort - and a site would have to actually do > something to pull such a structure in. I can't see how > they could say it was Nessus's fault. Customers of Tenable have a much different level of expectation for support than those who don't. And even those who are not Tenable customers regularly email our support links for questions about Nessus. Most of us on the list are technical and detail orientated, but for those of us who aren't, when they grab the Nessus scanner and a set of plugins that may not be up to par, Nessus will suffer the blame, not the plugin writters. No one asks 'what plugins were you using' they ask, what tool were you using. > In both cases of Snort and Nessus, I like them as they > have quality control of their "official" plugins - but > give me the ability to create my own - or use others that > someone else has written. Such a feature is one of their > greatest assets. I can re-word this to say, "give me the ability to use someone else's plugins that are up to date, so I don't have to pay for Tenable's feed". Now that is not what you said, but if it is something *other* than a recent plugin for a recent vulnerability, Tenable is gladdly accepting, maintaining, QAing, .etc new plugins sent to us and they are all GPLed. If folks really want lots of alternatives for non-traditional checks or stuff outside of the current body of plugins, I'd really welcome that. However, most of the conversations on and off list have been around avoiding payment of the license fee for the direct feed. Ron _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
