Re: Nmap/Sourcefire Collaboration

[Fyodor <fyodor () insecure org>]

On Thu, May 24, 2007 at 03:28:20PM -0700, doug () hcsw org wrote:
> I'm sure you're well
> aware of the friction and problems these issues caused for Nessus and I'd
> hate to see Nmap go down a similar road.

Hi Doug.  I'd hate to see that too!  And I'm happy to report that this
isn't anything like the case of Nessus going proprietary.  The Nmap
license isn't changing, and we'll only be accepting scripts from
SouceFire if they are under the Nmap license.  It is similar to the
case of Google, who is sponsoring people to work on NSE and write NSE
scripts.  We will accept scripts from pretty much any corporation or
individual as long as they are under the Nmap license.  In exchange
for contributing scripts to Nmap, SourceFire gets to use the Nmap
Technology within their products.  That part is similar to the
licenses which dozens of companies buy to embed Nmap within their
products.  Those licenses and web advertising are the main funding for
the Nmap project.

So nothing is changing much for us, except that we'll have Google AND
Sourcefire helping with NSE development this summer.  That should
certainly speed things up!

While the Nmap license isn't changing related to this, I still hope to
change it to the Nmap Public Source License at some point.  I posted a
draft of that last November
(http://seclists.org/nmap-dev/2006/q4/0126.html), but I haven't had
time to work on that for the last 6 months.  I need to follow up on a
lead I have for a good open source copyright lawyer to review it.

Also, I'm not trying to turn Nmap into Nessus.  There is a big
difference between adding some checks for common and critical remote
vulnerabilities and implementing a comprehensive vuln scanner such as
Nessus with tens of thousands of checks.

Cheers,
-F


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org