RE: Nessus closes source => How to help open source projects

["Martin O'Neal" <martin.oneal () corsaire com>]

> Lets keep discussion going.

My 2p. For what it is worth. ;)

Whilst it is completely understandable where Renaud and Tenable are
taking the Nessus project (all those that didn't see this chain of
events unfolding months ago, go to the back of the class) it will leave
a vacuum in the Open Source arena.

Just to state the obvious though, the real value in a vuln scanner isn't
the scanner itself, but the signatures. And in turn, the signatures
simply identify the vulnerabilities; the more interesting of which are
generally not discovered by the product vendors, or scanner vendors, but
by third-party consultancies and independent researchers. Vulnerability
scanners are sold on the back of the timeliness of this information. The
consultancies have this information months before the commercial vuln
scanner vendors. This is, I think, worth exploring.

The NMAP list probably isn't the best place to discuss this in detail,
but I would be keen to talk further with anyone who would be interested
in pooling research output, development time and potentially funds to
either continue developing the GPLed Nessus engine (or a viable
alternative) and signatures.

Is there a better place for the discussion?

Regards,
Martin O'Neal




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev