Penetration Testing mailing list archives
Re: Nessus - open or closed source?
From: Stefano Zanero <s.zanero () securenetwork it>
Date: Tue, 08 Nov 2005 13:59:07 +0100
Disclaimer 1: I A N A L Disclaimer 2: I am not a native speaker Justin Ross quote:
DoD Instruction 8500.2, Information Assurance (IA) Implementation, dated February 6, 2003. "Binary or machine executable public domain software products and other software products with limited or no warranty such as those commonly known as freeware or shareware are not used in DoD information systems unless they are necessary for mission accomplishment and there are no alternative IT solutions available. Such products are assessed for information assurance impacts, and approved for use by the DAA. The assessment addresses the fact that such software products are difficult or impossible to review, repair, or extend, given that the Government does not have access to the original source code and there is no owner who could make such repairs on behalf of the Government."
What is written right there is that BINARY public domain software can not be used. It doesn't say ANYTHING against FOSS software such as Nessus has been until now. So, in fact, moving to a CLOSED software model is a step AGAINST this requirement. Am I missing something ? -- Cordiali saluti, Ing. Stefano Zanero --------------------------- Secure Network S.r.l. www.securenetwork.it ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Nessus - open or closed source?, (continued)
- Re: Nessus - open or closed source? Alex Bihlmaier (Nov 05)
- Re: Nessus - open or closed source? S.A.B.R.O. Net Security (Nov 06)
- Re: Nessus - open or closed source? Robert BARABAS (Nov 05)
- Re: Nessus - open or closed source? King Fuddler (Nov 05)
- Re: Nessus - open or closed source? brandon . steili (Nov 04)
- Re: Nessus - open or closed source? Jay D. Dyson (Nov 05)
- Re: Nessus - open or closed source? Justin . Ross (Nov 07)
- Re: Nessus - open or closed source? Justin Ferguson (Nov 07)
- Re: Nessus - open or closed source? crazy frog crazy frog (Nov 08)
- Re: Nessus - open or closed source? Javier Fernandez-Sanguino (Nov 08)
- Re: Nessus - open or closed source? Stefano Zanero (Nov 08)
- Re: Nessus - open or closed source? Jay D. Dyson (Nov 05)
- Re: Nessus - open or closed source? Alex Bihlmaier (Nov 05)
- RE: Nessus - open or closed source? Jason Baeder (Nov 09)
- Re: Nessus - open or closed source? Javier Fernandez-Sanguino (Nov 10)