Nessus Roadmap / Nessus 3.0.0rc1 testers wanted

Renaud Deraison deraison at nessus.org
Wed Oct 5 13:13:52 EDT 2005 

On Oct 5, 2005, at 12:53, Nordwall, Douglas J wrote:
>>
>> Nessus 3 will be available free of charge, including on the Windows
>> platform, but will not be released under the GPL.
>>
> Could you go into some of the reasons why this license change is  
> taking effect? I'm sure that "business reasons" were involved in  
> it, but if you can, I would like to hear more detailed reasons. If  
> there are some technical or licensing reasons, I would be  
> interested as well, as I know there are sometimes functionalities  
> that would greatly improve a product that you cannot simply include  
> because they belong to someone else.

Virtually nobody has ever contributed anything to improve the  
scanning _engine_ over the last 6 years. I'm not talking about shoe- 
horning DB support in nessusd, but really to contribute things which  
make the scans faster, or Nessus more powerful.

Michel Arboi, a friend of mine, is one exception to that, and Nicolas  
Pouvesle, a colleague at Tenable, is another exception to that.

A number of companies are _using_ the source code against us, by  
selling or renting appliances, thus exploiting a loophole in the  
GPL.  So in that regard, we have been fueling our own competition and  
we want to put an end to that. Nessus3 contains an improved engine,  
and we don't want our competition to claim to have improved "their"  
scanner.

[...]
> I do not envy your support headache. Having supported a variety of  
> unixes, I know that developing for many of them can be quite  
> challenging.
>

It's actually making things simpler. Some distributions (ie: Debian)  
apply unapproved patches to Nessus, which make things virtually  
impossible to support when they do not break functionality. There is  
also some random users compiling Nessus on estoric hardware or  
operating system or both, which makes things also impossible to support.


> I am also guessing that the plugins will remain open for viewing at  
> least,

Yes. A huge majority of the plugins will continue to be distributed  
in the same way as today.


> I am also guessing that the policy compliance plugins may not be  
> open for viewing.

Yes. This is the small minority.



                                     -- Renaud

More information about the Nessus mailing list