RE: Tenable's license changes (and why the license changed)

[Ron Gula <rgula_at_tenablesecurity.com>]

> "Robert Keith" <Robert.Keithi_at_technolords.com> said ...

> Paying a subscription for $1200 per year is not an issue in most cases,
> though this pricing model should probably be expanded to support a wider
> market, but this can be done at any time in the future.

Agreed. However, we are not considering any changes at this time.

> The question is still the restrictions placed on the subscription license
> will insite competitors of Tenable to branch out and create alternate plugin
> sources.  Some of the well funded organizations which rely Nessus include
> Symantic, FoundStone, nCircle and various branches of the US government (and
> other governments as well).

I can't comment on Symantec, Foundstone or nCircle's plans to offer Nessus
plugins. However, most of the CERT agencies we speak with want to coordinate
with us and not compete with us. Most federal organizations have no problem
paying $1200 for a Nessus feed.

> For Tenable to force competition in the security market when Tenable should
> be cornering this market creates a serious risk for the future of Nessus and
> Tenable.  This should be avoided at any cost.

Although we can give you many technical reasons why Nessus is better than
other scanners, we feel that in many ways, the vulnerability scanner market
has been comoditized and the real research is in actually managing the
vulnerabilities discovered. This is why we are very concerned with companies
that re-use Nessus and focus totally on vulnerability management. It is an
unfair advantage to them to simply hide their use of Nessus in their products.

And as far as cornering the market, we don't publish statistics of which
specific organizations use Nessus, but we're approaching 100,000 of them
at this point. Our NeWT scanner, the class C version specifically, helped
add a few 10,000 users as well.

Ron Gula, CTO
Tenable Network Security