Nessus News (2.2.1 / Plugin Feed / New WebSite)

Kevin Davis kevin.davis at mindless.com
Tue Dec 7 20:40:34 EST 2004 

I have a couple of questions.  Presumably the GPL plugin development would 
be independent of the Tenable development.  It would seem that it would 
often be the case when some really important critical vulnerability comes 
out that both branches (since they are independent) immediately develops a 
plugin for it.  So what happens then?  Would there be two redundant plugins 
available, one being the Tenable and the other GPL?  The GPL one being 
available immediately and the Tenable one being available 7 days later (for 
free registered license)?  Should there be two redundant plugins?

I'm also curious about what kind of quality control there is on the plugins. 
Does anyone do any QC on them (Tenable or GPL) before they are officially 
available?  If one writes a plugin that feels should be included, what is 
the process of submitting it and then how is it determined to be officially 
added to CVS?

P.S.  It seems that your certificate for free feed registration has a 
problem with it.

----- Original Message ----- 
From: "Renaud Deraison" <deraison at nessus.org>
To: <nessus at list.nessus.org>; <nessus-announce at list.nessus.org>
Sent: Tuesday, December 07, 2004 9:29 AM
Subject: Nessus News (2.2.1 / Plugin Feed / New WebSite)


>
>
> Hello everyone,
>
> I'd like to do several announcements today :
>
>
> 1. Change in policy in the Nessus Plugin Feed
> 2. Nessus 2.2.1 has been released
> 3. NessusWX workaround
> 4. Nessus.org got a facelift
>
>
> 1. Change in policy in the Nessus Plugin Feed
> ---------------------------------------------
>
> We have decided to change the way the new plugins are being released
> and published. Today, whenever a user types 'nessus-update-plugins',
> he receives all the newest plugins from
> http://www.nessus.org/nasl/all-2.0.tar.gz.
>
>
> Basically, several changes are occuring :
>
> - The first one, is that the current feed will only contain GPL plugins
> (ie: currently about 2,000 plugins). This means that the current
> command "nessus-update-plugins" will continue to work properly, but you
> will get less plugins than what you can get today, as (as many of you
> have noticed), plugins released by my company (Tenable) are *not* released
> under the GPL
>
> - When downloading Nessus 2.2.1 (and newer), you now have the
> opportunity to "register". ie: submit your email address and you will
> receive an "activation code", which will entitle you to receive a full
> plugin feed (GPL + Tenable).  We do not intend to contact you thru this
> email address, except to send you an activation code and to inform you
> if you generate too much traffic (believe it or not, there are people
> out there downloading all the Nessus plugins _EVERY MINUTE_). To use
> the activation code, you'll need to upgrade to Nessus 2.2.1 and
> use the new 'nessus-fetch' command line utility.
>
> - Users now have the opportunity to buy access to a "Direct Plugin
> Feed". What this really means is that the free feed will actually be
> delayed by seven days for non-GPL plugins. If you are one of these
> companies who need to be 100% up-to-date, such a subscription will be of
> some interest to you. More information at :
>
> http://www.tenablesecurity.com/products/direct.shtml
>
>
> So there are three ways to update plugins now :
>
> - a GPL feed containing the plugins submitted by the community ;
>
> - a Registered feed containing the latest plugins submitted by
>   the community, and the plugins written by Tenable delayed
>   by 7 days ;
>
> - a commercial Direct Feed which contains all the newest and greatest
>   plugins ;
>
>

More information about the Nessus mailing list