Hi Harold,
Here are the relative points from our FAQ:
Q. We are a software or hardware manufacturer and we would like to
include the Nessus 3 engine and the Tenable Plugin Feed in the
products we sell to our customers?
A. Not without acquiring a license from Tenable to do so. To inquire
about an OEM agreement with Tenable for the Nessus 3 engine and the
Tenable Plugins on a case by case basis. To inquire about an OEM
agreement for Tenable's Nessus 3 software, please send a request to
[EMAIL PROTECTED]
Q. Can I include the Direct Feed or Registered Feed with our product?
A. No. Tenable Plugins, which are only available through the Direct
Feed or Registered Feed, are subject to a license that prohibits you
from including them in your own product. In other words, the Tenable
Plugins are licensed only for use with Registered Nessus Scanners
obtained directly from www.nessus.org or www.tenablesecurity.com.
Back to Plugin FAQ
From a legal and liability point of view, I don't want to
make any statements about how vendor X has built or distributed
their product with or without a Nessus scanner. The issue is
complex because it's really a question of:
- are they using the Nessus 2 or Nessus 3 engine?
- if they modified the Nessus 2 engine, did they submit their
changes to comply with the GPL?
- Are they distributing a limited set of plugins out of the box,
but each one of their VARs actually configures it with a direct
or registered feed?
- Are they claiming to write their own checks, but their checks
are obvious copies of Tenable plugins?
It's a fairly complex issue.
WRT to Cisco's Clean Access product though, we were told by Cisco
reps at the RSA booth that Cisco TAC won't support a Clean Access
product running the latest plugins from Tenable. We've also asked
them to remove the reference in their docs about downloading Nessus
plugins from Tenable.
Ron Gula
Tenable Network Security
At 11:39 PM 3/5/2006, Harold Zawinsky wrote:
Renaud and Ron,
I recently looked at Cisco's Clean Access product as well as a number of
other network access control products including Bradford, Vernier and
Lockdown. I was amazed at how many use Nessus. I'm confused about
whether I can download and use the Nessus plug-ins with these
solutions. I see on your site that you say that the registered or
direct plug-in feeds may not be used with any other products. However,
these companies are saying its ok to use the Nessus plug-ins. For
example, Cisco even says in their release notes where to download your
plug-ins from your site. If I buy Cisco's Clean Access product am I in
violation of your license agreement? What about with the other
products? Can you please clarify?
cheers
Harold
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
