Full Disclosure mailing list archives

Re: Call to participate: GNessUs security scanner

From: security curmudgeon <jericho () attrition org>
Date: Mon, 10 Oct 2005 22:07:19 -0400 (EDT)


Hi Tim,

Don't take this as anything but honest questions please! I am curious 
about everyone's thoughts and opinions on this, as I have mostly seen 
Renaud/Ron/Tenable pointing out some facts, and most replies being a bit 
lacking in reason and explanation. I ask these questions to *anyone* that 
has replied to the Nessus announcement.

: GNessUs is a GPL fork of the Nessus security scanner. As a result of 
: recent announcements by Tenable, we believe a fork of Nessus is required 
: to allow future free development of this tool.
: 
: Whilst we would like to believe that we will be able to continue to take 
: updates of the Nessus 2 source code from the Nessus web site we will be 
: endeavoring to add fresh functionality and plugins as part of the 
: GNessUs project. The fork will be based on the current nessus 2.2.5 
: packages from GNU/Debian, the source of which can be found above in a 
: slightly modified form. We would welcome contact from any interested 
: developers.

Nessus has been open source for a long time. Despite that, the majority of 
contributions have come from a very small amount of people. Even with 
plugins, some 95% (i think) were written by the Nessus team, not outside 
contributors.

Recently on DailyDave, Ron Gula replied:

  > Now that it is being closed, I wonder how long it takes before the 
  > community once supporting Renauld will fork the current  code and 
  > carry on by themselves.

  We haven't had any support of this kind. I really feel there are very 
  capable programers out there who can contribute to Nessus, but to date 
  we haven't really gotten any. Even on the NASL vuln check side, a 
  majority of the plugins are Tenable.

Renaud has also pointed this out, although I can't find the exact 
quote/list post. As far as the Nessus engine and functionality, there have 
been basically no real contributions or enhancements from anyone other 
than the core team/Tenable.

All that said, my questions: Why do you see a need to fork the Nessus tree 
at this time? Why haven't you or anyone else contributed in the past? 
Finally, do you think that if more people supported Nessus with 
contributions of code/time/enhancements, that they would have kept things 
the same?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Call to participate: GNessUs security scanner Tim Brown (Oct 10)
- Re: Call to participate: GNessUs security scanner sk (Oct 10)
- Re: Call to participate: GNessUs security scanner security curmudgeon (Oct 10)
  - Re: Call to participate: GNessUs security scanner Valdis . Kletnieks (Oct 10)
    - Re: Call to participate: GNessUs security scanner Vincent Archer (Oct 11)
    - Re: Call to participate: GNessUs security scanner MadHat (Oct 11)
    - Re: Call to participate: GNessUs security scanner Tim Brown (Oct 15)
    - Re: Call to participate: GNessUs security scanner Tim Brown (Oct 15)
  - RE: Call to participate: GNessUs security scanner Adriel Desautels (Oct 11)
    - Re: Call to participate: GNessUs security scanner Thierry Zoller (Oct 11)
    - RE: Call to participate: GNessUs security scanner Adriel Desautels (Oct 15)
    - Re: Call to participate: GNessUs security scanner Morning Wood (Oct 11)
  - Re: Call to participate: GNessUs security scanner Barrie Dempster (Oct 11)

(Thread continues...)