Re: Nessus Roadmap / Nessus 3.0.0rc1 testers wanted


On Oct 5, 2005, at 9:16 AM, Renaud Deraison wrote:

Hi everyone,


We are a few weeks away from releasing Nessus 3.0.0, and I'd like to 
take some time to explain our roadmap in this regard.

Nessus 3 / Nessus 2 Roadmap
----------------------------



<snip stuff about performance>


This sounds quite nice. Nessus has always been a fast scanner for me (save in a few situations that I don't blame it for being slow) and it's nice to see that it will be even lighter on the machine.


Nessus 3 will be available free of charge, including on the Windows 
platform, but will not be released under the GPL.

Could you go into some of the reasons why this license change is taking effect? I'm sure that "business reasons" were involved in it, but if you can, I would like to hear more detailed reasons. If there are some technical or licensing reasons, I would be interested as well, as I know there are sometimes functionalities that would greatly improve a product that you cannot simply include because they belong to someone else.

I don't want to sound like an open source zealot, because i use plenty of closed source software, but I really do enjoy my security products to be open as much as possible. This reassures me greatly that I am getting a product that I can hand verify if I need to. It means that I don't have to trust Tenable... I can look at the code myself. I've not had to do that very much, but on occasion it has been handy. 

Nessus 3 will be available for many platforms, but do understand that 
we won't be able to support every distribution / operating system 
available. I also understand that some free software advocates won't 
want to use a binary-only Nessus 3. This is why Nessus 2 will 
continue to be maintained and will stay under the GPL.

I do not envy your support headache. Having supported a variety of unixes, I know that developing for many of them can be quite challenging.

To make things simple :

  - Nessus 2 : GPL, will have regular releases containing bug fixes
  - Nessus 3 : free of charge, contains major improvements


The two versions can share most of their plugins -- we intend to 
maintain backward compatibility whenever possible for most 
vulnerability checks. Some checks will only work on Nessus 3 (ie: we 
are about to release a set of plugins to determine policy 
compliance), but the huge majority will work on either platform 
likewise.

I am also guessing that the plugins will remain open for viewing at least, if not open source (I think most of them are though). If this is not the case, I would certainly like to know about it. 

I am also guessing that the policy compliance plugins may not be open for viewing.

Doug Nordwall
Pacific Northwest National Lab

This archive was generated by a fusion of Pipermail 0.09 (Mailman edition) and MHonArc 2.6.8.