Penetration Testing mailing list archives

Re: Nessus - open or closed source?

From: Stefano Zanero <s.zanero () securenetwork it>
Date: Tue, 08 Nov 2005 13:59:07 +0100

Disclaimer 1: I A N A L

Disclaimer 2: I am not a native speaker

Justin Ross quote:

DoD Instruction 8500.2, Information
Assurance (IA) Implementation, dated February 6, 2003. 

"Binary or machine executable public domain software products and other 
software products with limited or no warranty such as those commonly known 
as freeware or shareware are not used in DoD information systems unless 
they are necessary for mission accomplishment and there are no alternative 
IT solutions available. Such products are assessed for information 
assurance impacts, and approved for use by the
DAA. The assessment addresses the fact that such software products are 
difficult or impossible to review, repair, or extend, given that the 
Government does not have access to the original source code and there is 
no owner who could make such repairs on behalf of the Government."


What is written right there is that BINARY public domain software can
not be used. It doesn't say ANYTHING against FOSS software such as
Nessus has been until now.

So, in fact, moving to a CLOSED software model is a step AGAINST this
requirement. Am I missing something ?

-- 
Cordiali saluti,
Ing. Stefano Zanero
---------------------------
Secure Network S.r.l.
www.securenetwork.it

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Re: Nessus - open or closed source?, (continued)
- Re: Nessus - open or closed source? Alex Bihlmaier (Nov 05)
  - Re: Nessus - open or closed source? S.A.B.R.O. Net Security (Nov 06)
- Re: Nessus - open or closed source? Robert BARABAS (Nov 05)
- Re: Nessus - open or closed source? King Fuddler (Nov 05)
- Re: Nessus - open or closed source? brandon . steili (Nov 04)
  - Re: Nessus - open or closed source? Jay D. Dyson (Nov 05)
    - Re: Nessus - open or closed source? Justin . Ross (Nov 07)
    - Re: Nessus - open or closed source? Justin Ferguson (Nov 07)
    - Re: Nessus - open or closed source? crazy frog crazy frog (Nov 08)
    - Re: Nessus - open or closed source? Javier Fernandez-Sanguino (Nov 08)
    - Re: Nessus - open or closed source? Stefano Zanero (Nov 08)
- RE: Nessus - open or closed source? Todd Towles (Nov 04)
- RE: Nessus - open or closed source? Troy L. Mayes (Nov 05)
- RE: Nessus - open or closed source? Miller, Joseph A (Nov 08)
  - RE: Nessus - open or closed source? Jason Baeder (Nov 09)
- Re: Nessus - open or closed source? Justin . Ross (Nov 08)
- Re: Nessus - open or closed source? Justin . Ross (Nov 08)
  - Re: Nessus - open or closed source? Javier Fernandez-Sanguino (Nov 10)