Nmap Development mailing list archives
RE: [RFC] Vulnerability library proposal
From: "Rob Nicholls" <robert () robnicholls co uk>
Date: Tue, 9 Aug 2011 16:29:53 +0100
I would prefer that Nmap doesn't compete with OSVDB (or other databases), but my concern with including or allowing people to use a third party database such as OSVDB is that this could lead to licence issues (unless we can agree an alternative license). OSVDB probably isn't too bad compared to other databases, but at a glance I believe we'd have to retain the license agreement with the database (if we distribute it), notify them if we plan on integrating their database with Nmap (e.g. Nmap or an NSE script makes use of either a local or external copy of the data) and we would need to credit them in reports (all output formats?) and Nmap's execution (e.g. help) unless we negotiate an alternative license. Given that other tools often rely on Nmap's output, it's possible we might cause license issues for them (as the free license is non-transferable). Rob -----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of Djalal Harouni Sent: 09 August 2011 02:49 To: Christian Heinrich Cc: nmap-dev; Fyodor Subject: Re: [RFC] Vulnerability library proposal On Tue, Aug 09, 2011 at 11:13:02AM +1000, Christian Heinrich wrote:
Djalal, On Tue, Aug 9, 2011 at 12:08 AM, Djalal Harouni <tixxdz () opendz org> wrote:We are designing this NSE vulns library to be flexible, so users can use their own DB like this 'Vuln::DB' or the 'OSVDB' etc. Perhaps Nmap will even have its own database ?I would prefer if nmap didn't compete with OSVDB, rather leverage their data and contribute any errors in QA of the nmap results.
I think that Fyodor prefers that Nmap has its own DB. I'm note sure about this: I think that Nmap will not include any external DB, we'll just write some scripts to query webservices or local DBs if they are present (if they were previously downloaded by users).
I am lead to believe that the revenue from Vuln::DB is invested in the development of Dradis. Maybe nmap contributing to the development of Vuln::DB could ne negotiated?
I don't know. Fyodor is the person who can answer these questions. Thanks Christian. -- tixxdz http://opendz.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- RE: [RFC] Vulnerability library proposal, (continued)
- RE: [RFC] Vulnerability library proposal Rob Nicholls (Aug 07)
- Re: [RFC] Vulnerability library proposal Henri Doreau (Aug 09)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 09)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 09)
- Re: [RFC] Vulnerability library proposal Daniel Miller (Aug 09)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 09)
- Re: [RFC] Vulnerability library proposal Henri Doreau (Aug 09)
- RE: [RFC] Vulnerability library proposal Rob Nicholls (Aug 07)
- Re: [RFC] Vulnerability library proposal Christian Heinrich (Aug 09)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 09)
- Re: [RFC] Vulnerability library proposal Christian Heinrich (Aug 09)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 09)
- RE: [RFC] Vulnerability library proposal Rob Nicholls (Aug 09)
- Re: [RFC] Vulnerability library proposal Christian Heinrich (Aug 09)
- RE: [RFC] Vulnerability library proposal Rob Nicholls (Aug 09)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 09)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 09)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 12)
- Re: [RFC] Vulnerability library proposal Djalal Harouni (Aug 09)
- Re: [RFC] Vulnerability library proposal Christian Heinrich (Aug 09)