Re: Alternatives to Nessus, License question

[Ron Gula <rgula_at_tenablesecurity.com>]

> I love the answer you gave the person bringing up one of those pesky
> license questions.  Damn people who want to follow the rules!  I would
> also question the line in the license.  Does this really mean you can't
> use the Debian packages?  I doubt it, but it should be clarified.

The Tenable direct and registered plugins are for use, only with Nessus
daemons you've downloaded from nessus.org as either binary or source. If
you've gotten your Nessus daemon from a vendor who has put Nessus into
their product, another UNIX distro, .etc, the plugins are not for those
distributions, and the GPL plugins are what you should use.

> How about the CPAN modules that let you run Nessus plug ins from perl
> programs?

I'm not familiar with that implementation. I did see a CPAN module that
allowed parsing of Nessus plugins. Either way, execution of the Tenable
direct or registered feeds is only for daemons obtained from nessus.org.

> Personally, I think the license for Nessus is fine.  But  there should
> always be room for a serious conversation without having answers like
> your thrown at people.

This is a public list. We really don't want to censor it or moderate it,
even though we've seen a lot of folks post content here which makes others
feel un-comfortable.

Ron Gula, CTO
Tenable Network Security