RE: Sourcefire Acquired by Check Point Software

[Ron Gula <rgula () tenablesecurity com>]

> What should be of more concern to the community is that the Nessus
> source is being closed. Personally, I would have suggested to adjust
> pricing a bit and add restrictions to counter reseller-leeching, but
> keep the source open.

How would charging people more money prevent them from not abiding by 
the GPL or even Tenable's license agreements?

- Nessus 2 source is still available, GPLed and will be maintained.
- Nessus 3 will be available shortly and be free

> Now that it is being closed, I wonder how long it
> takes before the community once supporting Renauld will fork the 
> current
> code and carry on by themselves.

We haven't had any support of this kind. I really feel there are very 
capable programers out there who can contribute to Nessus, but to date 
we haven't really gotten any. Even on the NASL vuln check side, a 
majority of the plugins are Tenable.

> Open source software has the interesting property to survive attempts 
> to
> privatize code into proprietary environments, mainly be forking and
> living on.

It sure does. Again, we're not trying to hide Nessus 2 code. We've just 
made many improvements to the engine and don't want to expose these 
algorithms.

> (Ron, I know you read DD. Please reconsider turning your back on the
> community. Raise prices or do whatever, but leave the code open.)

Why do you need the code? Right now, the vulnerability checks are still 
in NASL too.

I don't think we're turning our back at all. Giving away a product two 
to five times faster than the current open source version makes most 
people very happy.

Rasing prices screws the average nessus user and puts recent 
vulnerability checks out of the hands of people who can't afford it.

--rgula