Ron,
Thanks for pointing out the FAQs. I have reviewed them and am still a
bit confused. I understand your hesitation to speak about specific
vendors, however, I am fearful of being on the wrong side of this. If
the manufacturer is running Nessus 2.x on a integrated appliance
(NEssus + manufacturer's proprietary code), it sounds like I shouldn't
be downloading the plug-ins because I would be in violation of your
agreement. Can you confirm that so that I have some direction on
whether to proceed or not?
Harold
-------- Original Message --------
Subject: Re: Nessus license question
From: Ron Gula <[EMAIL PROTECTED]>
Date: Mon, March 06, 2006 3:51 am
To: [email protected]
Hi Harold,
Here are the relative points from our FAQ:
Q. We are a software or hardware manufacturer and we would like to
include the Nessus 3 engine and the Tenable Plugin Feed in the
products we sell to our customers?
A. Not without acquiring a license from Tenable to do so. To inquire
about an OEM agreement with Tenable for the Nessus 3 engine and the
Tenable Plugins on a case by case basis. To inquire about an OEM
agreement for Tenable's Nessus 3 software, please send a request to
[EMAIL PROTECTED]
Q. Can I include the Direct Feed or Registered Feed with our product?
A. No. Tenable Plugins, which are only available through the Direct
Feed or Registered Feed, are subject to a license that prohibits you
from including them in your own product. In other words, the Tenable
Plugins are licensed only for use with Registered Nessus Scanners
obtained directly from www.nessus.org or www.tenablesecurity.com.
Back to Plugin FAQ
From a legal and liability point of view, I don't want to
make any statements about how vendor X has built or distributed
their product with or without a Nessus scanner. The issue is
complex because it's really a question of:
- are they using the Nessus 2 or Nessus 3 engine?
- if they modified the Nessus 2 engine, did they submit their
changes to comply with the GPL?
- Are they distributing a limited set of plugins out of the box,
but each one of their VARs actually configures it with a direct
or registered feed?
- Are they claiming to write their own checks, but their checks
are obvious copies of Tenable plugins?
It's a fairly complex issue.
WRT to Cisco's Clean Access product though, we were told by Cisco
reps at the RSA booth that Cisco TAC won't support a Clean Access
product running the latest plugins from Tenable. We've also asked
them to remove the reference in their docs about downloading Nessus
plugins from Tenable.
Ron Gula
Tenable Network Security
At 11:39 PM 3/5/2006, Harold Zawinsky wrote:
>Renaud and Ron,
>
>I recently looked at Cisco's Clean Access product as well as a number of
>other network access control products including Bradford, Vernier and
>Lockdown. I was amazed at how many use Nessus. I'm confused about
>whether I can download and use the Nessus plug-ins with these
>solutions. I see on your site that you say that the registered or
>direct plug-in feeds may not be used with any other products. However,
>these companies are saying its ok to use the Nessus plug-ins. For
>example, Cisco even says in their release notes where to download your
>plug-ins from your site. If I buy Cisco's Clean Access product am I in
>violation of your license agreement? What about with the other
>products? Can you please clarify?
>
>cheers
>Harold
>
>_______________________________________________
>Nessus mailing list
>[email protected]
>http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
