Corsaire form alliance with the Nessus project to supply free vulnerability detection pluggins
Woking --- 6, July 2004 --- Corsaire (http://www.corsaire.com
), a global leader in information security solutions and vulnerability research, has today announced an alliance with the Nessus project (http://www.nessus.org
) to facilitate the supply of free vulnerability detection pluggins.
The Nessus security scanner is the de facto standard for the detection of vulnerabilities within a network environment and already has a database of over 2100 pluggin signatures. It is provided under the terms of the GNU Open Source license and is freely available to anyone with the wherewithal to download it.
Under the terms of the alliance there will be a co-ordinated release of Nessus pluggins at the same time as any Corsaire security advisory. This will allow users of the open source Nessus security scanner software to be able to detect the presence of vulnerabilities within their network environment as soon as knowledge of the vulnerabilities enters the public domain.
"The window of opportunity between a vulnerability being announced and the subsequent worm, virus or attack tool appearing is decreasing all the time", remarks Martin O'Neal, Technical Director of Corsaire. "By freely supplying detection signatures in this way, Corsaire will be proactively helping to reduce risk by providing organisations with a practical approach to making the most of the limited time that is available."
Corsaire currently have a catalogue of around 45 unreleased vulnerabilities affecting over 140 different products, all of which will be ported to a working pluggin signature.
"Obviously, the process has to be conducted responsibly", says O'Neal. "Any signature that would be released under this alliance would be scripted in such a way as to provide only detection capabilities, and not to supply enough information from which a working exploit could be engineered."
Renaud Deraison, leader of the Nessus project, "Corsaire are well-regarded in the security industry and I was delighted when they approached me with the idea of forming this alliance. Our alliance is utterly unique; it signals a fresh approach from the industry - an information security supplier willing to provide vulnerability detection signatures consistently, freely and en masse under an open source arrangement."