Dailydave mailing list archives
Re: bleeding nessus [was: Re: Funny note here on a worm]
From: Ron Gula <rgula () tenablesecurity com>
Date: Sun, 01 May 2005 19:42:35 -0400
At 05:28 PM 5/1/2005, Gadi Evron wrote:
> So someone who submits one, maybe two Nessus plugins which took 5-10 > minutes to write is entitled to what? Lifetime updates? If folks submit > plugins to us, they go right into the GPL feed. If folks submit plugins > to us on MS Tuesday for new vulns, we don't accept them. It doesn't > mean they can't publish them someplace else though, or use them on > their own. I also really don't like the argument that somehow open > source security projects are responsible for providing free securing > solutions for non-profit organizations. Oh come on.
;)
Tenable is known for saying: "There is no need for a community, we already have a nessus community!" Hey, let's start a community... get people writing plugins and get things going, but no... "There is no need for a community, we already have a nessus community!" But then... " If folks submit plugins > to us on MS Tuesday for new vulns, we don't accept them. It doesn't > mean they can't publish them someplace else though, or use them on > their own. " What other place?!
Any place you want. There is a bunch of Nessus stuff unrelated to Tenable and not hosted on Nessus.org. We're not pretending to or claiming to do everything. For example, we're still maintaining NessusWX, even though we have many more people using our NeWT vulnerability scanner for Windows.
Tenable is the most confusing company out there; 1. They do great work, and should be appreciated. 2. They want to earn money rather than give everything away for others to earn money with, which is good. 3. They keep saying there is a community and they run it. 4. They keep resisting anything not-tenable, and admit to denying whatever might be against their own money-making agenda (which is also cool). 5. They claim to run an open community for nessus. That is very cool.
Are those your quotes? I can quote you now that you think we're cool I think.
Just tell me how it all works together? Not so cool.
As of today: ---There are 7738 plugins in the direct feed (2252 in the non-registered GPL feed and 7709 in the registered feed), covering 2893 unique CVE ids and 3633 unique Bugtraq IDs.
--- For those 7709 "registered" checks, you can use them for free, you just can't put them into a product and re-sell it as your own. If you really, really need those other 38 checks, you can wait seven days or pay Tenable money. The GPL feed has no restrictions on it, other than to comply with the GPL.
I much prefer SF's way of doing things with snort. There is a snort community with GPL rules, with nessus there is just some sort of dictatorship and very limited number of people writing plugins.
That's great, but the snort community ruleset has not had a release since 4/5 while the SF VRT was updated 4/20. Also, the current registered VRT has ~3395 signatures in it. The community rules have slightly more than 100. At bleeding snort, which has been up and running for some time now with lots of commercial sponsors, they have 900 rules, 100 of which detect malware. My point here is that regardless of the merit's of Sourcefire's strategy to work with community writers, or the comment that you think we're a dictatorship, the "community" has yet to really contribute. This includes the 100s of commercial companies which make use of Nessus and Snort. I would highly encourage you to write a NASL script and submit it to us. You'll see that we maintain your copyright, and will also maintain your code if we find issues or false positives with it over time. Tenable's only policy (besides not accepting just poorly written NASL scripts, stuff that has high false positive rates, .etc) is that we won't take NASL scripts for recently disclosed vulnerabilities. Looking through the last 30 NASLs added, there were at least two non-Tenable folks contributing to the GPL feeds.
That is all once again cool, but don't sell ice to Eskimos, m'kay?
I guess I'm not sure what you would like to see Tenable do. Please feel free to discuss it with me on/off list.
If your point is being commercial - I have nothing against it, good luck! But don't give us this kind of two-faced statements about supporting open source and building an open community based on contribution and mutual assistance.
Unfortunately, that is an untruth from the get-go. If I was going to stand up and say Nessus had significantly more than 1000 contributors, I'd be a liar. There are more than 100,000 organizations which make use of Nessus. It's an open-source community of users, not contributors. Our goal was to increase the size of that community, and we've done that to a great extent over the past few years. Adding Nessus 'local' checks for UNIX as well as releasing a Windows version (NeWT) added a lot of users. Most of those "local" checks were user contributions as well.
I think it's time a tenable free nessus community got assembled. It is becoming apparent that it will never work with them.
I'm not sure what won't work. We've only made it difficult for the vendors who base their products and offerings on Nessus. For the vast majority of the users, they are hardly effected. I'd be very interested (on or off list) to hear specifically how our changes have effected you. There have been several non-Tenable initiatives already. There will likely be more. I've seen some really good work, but not anything that trumps using our 7-day old checks for free. A lot of them use the awesome power of regex to remove any copyright and replace it with something else. Ron Gula, CTO Tenable Network Security _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Interesting call for research..., (continued)
- Re: Interesting call for research... Gadi Evron (May 01)
- Re: Funny note here on a worm Jason (May 01)
- Re: Funny note here on a worm Jason (May 01)
- Re: Funny note here on a worm Gadi Evron (May 01)
- Re: Funny note here on a worm Jason (May 01)
- RE: Funny note here on a worm Kyle Quest (May 01)
- Re: Funny note here on a worm Jason (May 01)
- Re: Funny note here on a worm Gadi Evron (May 01)
- Re: Funny note here on a worm Jason (May 01)
- RE: Funny note here on a worm Ron Gula (May 01)
- bleeding nessus [was: Re: Funny note here on a worm] Gadi Evron (May 01)
- Re: bleeding nessus [was: Re: Funny note here on a worm] Ron Gula (May 01)
- Re: bleeding nessus [was: Re: Funny note here on a worm] byte_jump (May 01)
- Re: bleeding nessus [was: Re: Funny note here on a worm] Ron Gula (May 02)
- Re: bleeding nessus [was: Re: Funny note here on a worm] Gadi Evron (May 03)
- Re: bleeding nessus [was: Re: Funny note here on a worm] John Lampe (May 03)
- Message not available
- Re: bleeding nessus [was: Re: Funny note here on a worm] Gadi Evron (May 03)
- bleeding nessus [was: Re: Funny note here on a worm] Gadi Evron (May 01)