Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [RFC] Vulnerability library proposal

From: "Rob Nicholls" <robert () robnicholls co uk>
Date: Tue, 9 Aug 2011 16:29:53 +0100
I would prefer that Nmap doesn't compete with OSVDB (or other databases),
but my concern with including or allowing people to use a third party
database such as OSVDB is that this could lead to licence issues (unless we
can agree an alternative license).

OSVDB probably isn't too bad compared to other databases, but at a glance I
believe we'd have to retain the license agreement with the database (if we
distribute it), notify them if we plan on integrating their database with
Nmap (e.g. Nmap or an NSE script makes use of either a local or external
copy of the data) and we would need to credit them in reports (all output
formats?) and Nmap's execution (e.g. help) unless we negotiate an
alternative license. Given that other tools often rely on Nmap's output,
it's possible we might cause license issues for them (as the free license is
non-transferable). 

Rob

-----Original Message-----
From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org]
On Behalf Of Djalal Harouni
Sent: 09 August 2011 02:49
To: Christian Heinrich
Cc: nmap-dev; Fyodor
Subject: Re: [RFC] Vulnerability library proposal

On Tue, Aug 09, 2011 at 11:13:02AM +1000, Christian Heinrich wrote:

Djalal,

On Tue, Aug 9, 2011 at 12:08 AM, Djalal Harouni <tixxdz () opendz org> wrote:

We are designing this NSE vulns library to be flexible, so users can 
use their own DB like this 'Vuln::DB' or the 'OSVDB' etc. Perhaps 
Nmap will even have its own database ?


I would prefer if nmap didn't compete with OSVDB, rather leverage 
their data and contribute any errors in QA of the nmap results.

I think that Fyodor prefers that Nmap has its own DB.

I'm note sure about this:
I think that Nmap will not include any external DB, we'll just write some
scripts to query webservices or local DBs if they are present (if they were
previously downloaded by users).


I am lead to believe that the revenue from Vuln::DB is invested in the 
development of Dradis.  Maybe nmap contributing to the development of 
Vuln::DB could ne negotiated?

I don't know. Fyodor is the person who can answer these questions.

Thanks Christian.

--
tixxdz
http://opendz.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: