Re: Nessus free version cancelled, now $1200/year

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 21 May 2008 19:31:49 -0700 or thereabouts stripes
<stripes () tigerlair com> wrote:

> Hi Fyodor,
>
> Check out OpenVAS, http://www.openvas.org. It's a FOSS replacement
> for Nessus. I believe it's off the last GNU version.
>
> -Anne

IIRC the primary motivation for closing the Nessus source was that the
developers felt like they didn't get enough community contribution to
either the engine or plugins to justify not trying to turn it into a
commercial product.

I suspect OvenVAS has the same trouble.  The design of Nessus was
rather poor and hackish -- no one really *enjoyed* writing plugins for
it.

The real power of Nessus is in all the work that has been done to
support DCE/RPC/SNMP/SMB/SSL etc.  As with Metasploit and other popular
frameworks, the included libraries are the killer-app.

When new vulnerability are discovered or exploits come out people want
the Nessus or Metasploit plugin.  Nmap with NSE hasn't been out
long enough for people to say "Where's the NSE script?".

Nmap will do well because NSE is designed well and getting better by
the day (thanks Diman, David, and Patrick).  NSE is still picking up
that critical mass it needs for it to be come a "household name" like
Nessus but I'm confident that it will get there.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkg1GQcACgkQqaGPzAsl94L61wCgnS3KpqjtJ5Ejj4oRKOzZfO6+
TQwAnjxM9E78Nvl908ZzPEjKZVBnazPH
=IX24
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org