Re: Tenable license discussion - Nessus engine

"rgula_at_tenablesecurity.com" <rgula_at_tenablesecurity.com> · Wed, 26 Jan 2005 22:19:30 -0500

> rgula_at_tenablesecurity.com wrote:
> 
> >I'm sure the sourcefire folks are thrilled at haveing a 
> >another signature farm out there. Having a false positive
> >in an IDS sig just means more alerts. Having a bad plugin
> >for Nessus means angry system administrators and
> tarnishing >the name of Nessus. 
> >

> Interesting response. So are you saying you don't like it
> - or it would  break the license? 

I don't like it. If the plugins were not GPL, this would
break the license. 

;-) We are talking
> theoretically here - there's been  nothing but hot air so
> far on the issue of others writing "competing"  plugins -
> but it could (legally) happen?

I'm not a lawyer.

> As far as snort goes, I haven't heard any complaints from
> Sourcefire  about having the competition - to be honest -
> they meet the needs of two  different market segments.

You would not hear complaints. It is extreamly difficult
for any vendor (unless you are microsoft) to make complaints
about people who volunteer their time, regardless of the
quality of research or code. 

> It's disingenuous to say that a separate  plugins stream
> would "tarnishing the name of Nessus" - it hasn't 
> happened to Snort - and a site would have to actually do
> something to  pull such a structure in. I can't see how
> they could say it was Nessus's  fault.

Customers of Tenable have a much different level of
expectation for support than those who don't. And even
those who are not Tenable customers regularly email our
support links for questions about Nessus. Most of us on
the list are technical and detail orientated, but for
those of us who aren't, when they grab the Nessus scanner
and a set of plugins that may not be up to par, Nessus
will suffer the blame, not the plugin writters. No one
asks 'what plugins were you using' they ask, what tool
were you using. 

> In both cases of Snort and Nessus, I like them as they
> have quality  control of their "official" plugins - but
> give me the ability to create  my own - or use others that
> someone else has written. Such a feature is  one of their
> greatest assets.

I can re-word this to say, "give me the ability to use
someone else's plugins that are up to date, so I don't 
have to pay for Tenable's feed". Now that is not what you
said, but if it is something *other* than a recent plugin
for a recent vulnerability, Tenable is gladdly accepting,
maintaining, QAing, .etc new plugins sent to us and they
are all GPLed. 

If folks really want lots of alternatives for
non-traditional 
checks or stuff outside of the current body of plugins, I'd 
really welcome that. However, most of the conversations on
and off list have been around avoiding payment of the
license
fee for the direct feed. 

Ron