Full Disclosure mailing list archives
Re: Call to participate: GNessUs security scanner
From: security curmudgeon <jericho () attrition org>
Date: Mon, 10 Oct 2005 22:07:19 -0400 (EDT)
Hi Tim, Don't take this as anything but honest questions please! I am curious about everyone's thoughts and opinions on this, as I have mostly seen Renaud/Ron/Tenable pointing out some facts, and most replies being a bit lacking in reason and explanation. I ask these questions to *anyone* that has replied to the Nessus announcement. : GNessUs is a GPL fork of the Nessus security scanner. As a result of : recent announcements by Tenable, we believe a fork of Nessus is required : to allow future free development of this tool. : : Whilst we would like to believe that we will be able to continue to take : updates of the Nessus 2 source code from the Nessus web site we will be : endeavoring to add fresh functionality and plugins as part of the : GNessUs project. The fork will be based on the current nessus 2.2.5 : packages from GNU/Debian, the source of which can be found above in a : slightly modified form. We would welcome contact from any interested : developers. Nessus has been open source for a long time. Despite that, the majority of contributions have come from a very small amount of people. Even with plugins, some 95% (i think) were written by the Nessus team, not outside contributors. Recently on DailyDave, Ron Gula replied: > Now that it is being closed, I wonder how long it takes before the > community once supporting Renauld will fork the current code and > carry on by themselves. We haven't had any support of this kind. I really feel there are very capable programers out there who can contribute to Nessus, but to date we haven't really gotten any. Even on the NASL vuln check side, a majority of the plugins are Tenable. Renaud has also pointed this out, although I can't find the exact quote/list post. As far as the Nessus engine and functionality, there have been basically no real contributions or enhancements from anyone other than the core team/Tenable. All that said, my questions: Why do you see a need to fork the Nessus tree at this time? Why haven't you or anyone else contributed in the past? Finally, do you think that if more people supported Nessus with contributions of code/time/enhancements, that they would have kept things the same? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Call to participate: GNessUs security scanner Tim Brown (Oct 10)
- Re: Call to participate: GNessUs security scanner sk (Oct 10)
- Re: Call to participate: GNessUs security scanner security curmudgeon (Oct 10)
- Re: Call to participate: GNessUs security scanner Valdis . Kletnieks (Oct 10)
- Re: Call to participate: GNessUs security scanner Vincent Archer (Oct 11)
- Re: Call to participate: GNessUs security scanner MadHat (Oct 11)
- Re: Call to participate: GNessUs security scanner Tim Brown (Oct 15)
- Re: Call to participate: GNessUs security scanner Tim Brown (Oct 15)
- Re: Call to participate: GNessUs security scanner Valdis . Kletnieks (Oct 10)
- RE: Call to participate: GNessUs security scanner Adriel Desautels (Oct 11)
- Re: Call to participate: GNessUs security scanner Thierry Zoller (Oct 11)
- RE: Call to participate: GNessUs security scanner Adriel Desautels (Oct 15)
- Re: Call to participate: GNessUs security scanner Morning Wood (Oct 11)
- Re: Call to participate: GNessUs security scanner Barrie Dempster (Oct 11)