Re: [RFC] Vulnerability library proposal

[Christian Heinrich <christian.heinrich () cmlh id au>]

Rob,

On Wed, Aug 10, 2011 at 1:29 AM, Rob Nicholls <robert () robnicholls co uk> wrote:
> I would prefer that Nmap doesn't compete with OSVDB (or other databases),
> but my concern with including or allowing people to use a third party
> database such as OSVDB is that this could lead to licence issues (unless we
> can agree an alternative license).
>
> OSVDB probably isn't too bad compared to other databases, but at a glance I
> believe we'd have to retain the license agreement with the database (if we
> distribute it), notify them if we plan on integrating their database with
> Nmap (e.g. Nmap or an NSE script makes use of either a local or external
> copy of the data) and we would need to credit them in reports (all output
> formats?) and Nmap's execution (e.g. help) unless we negotiate an
> alternative license. Given that other tools often rely on Nmap's output,
> it's possible we might cause license issues for them (as the free license is
> non-transferable).

I can't find a specific URL which addresses licensing but I did find
http://osvdb.org/faq#osvdb4sale and http://osvdb.org/integrators


-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/