Re: bleeding nessus [was: Re: Funny note here on a worm]

[John Lampe <jwlampe () nessus org>]

Gadi Evron wrote:

>
> I believe (I am naturally, delusional) that you (Tenable) did indeed put
> your name on plugin(s) you did not write. Check me on it as again, I am
> naturally wrong by saying this.
>
> How do I think that I feel that I know that? Because I do search the web
> for plugins (which is difficult as you try and kill anything that is not
> Tenable controlled and release only what suits you),


Hi Gadi,
Regarding Tenable squashing websites that host plugins, I'm not sure 
that you can show that.  I didn't become a Tenable employee until late 
2003, and I had around 100 plugins up on my website before that time 
(2000 - 2003).  Even after becoming employed by Tenable, I was never 
asked to remove plugins...in fact, before now it was never even 
mentioned...google for
inurl:(nessus|nasl|plugin) filetype:nasl -site:nessus.org

As far as Tenable controlling what is and isn't released, that's just 
good Quality Control...it wasn't like every submitted plugin was 
automatically thrown into CVS before Tenable came along. I'm a Tenable 
employee and I've had checks rejected because they weren't up to snuff 
wrt the QA group.  It's a *good* thing (for the community and the plugin 
writer) to have a QA team test plugins for false positives, speed, 
accuracy, destructiveness, etc.

> and there have been
> some occasion(s) where a certain plugin later appeared on your site with
> the wrong name on it. Obviously by mistake.


Which plugin was that?

--
John Lampe
jwlampe@{tenablesecurity.com,nessus.org}
Researcher, Tenable Network Security
http://www.tenablesecurity.com
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave