Results 1 to 3 of 3

Thread: Nessus 3 going commercial

  1. #1
    Senior Member
    Join Date
    Jun 2003

    Post Nessus 3 going commercial

    Sadly, but truly, Nessus 3 is going commercial. Only binary distribution will be available and no source code would be included. However, Fyodor announced (on the mailing list) that nmap has no intentions of going commercial.Tenable argues that this move is necessary to further improve Nessus and/or make more money. Renaud annonunced on the Nessus list today that open source hasn't really worked for Nessus because "virtually nobody has ever contributed anything to improve the scanning _engine_ over the last 6 years."

    Fyodor thinks that its about time, when the developers start contributing more aggressively towards open source project and could help making this world a better place.


  2. #2
    Junior Member
    Join Date
    Oct 2005
    Damn! That would suck...

    I'd say it's the second option - make more money.

    At least nmap remains free.

    Maybe Fyodor would stop letting them use nmap to shake things up...
    Compiling all the stuff for OS X...

  3. #3
    Senior Member
    Join Date
    Jan 2003
    Hey Hey,

    It's a shame to see it happen... and while ommy has hit most of the storyline dead on, I'd just like to expand on parts of it... As well as Fyodor's suggestions for keeping open source alive

    (All these quotes are from the nmap-hackers and nessus mailing lists)

    To make things simple :

    - Nessus 2 : GPL, will have regular releases containing bug fixes
    - Nessus 3 : free of charge, contains major improvements
    I think it's important to note that Nessus 2 will still be kept up-to-date and source will still be available.

    I also don't consider it to be commercial... It will still be available free of charge, however as ommy said, as a binary only. It's going closed-source

    Nessus 3 will be available free of charge, including on the Windows platform, but will not be released under the GPL.

    Nessus 3 will be available for many platforms, but do understand that we won't be able to support every distribution / operating system available. I also understand that some free software advocates won't want to use a binary-only Nessus 3. This is why Nessus 2 will continue to be maintained and will stay under the GPL.
    While it's a shame to see the open source project halted and the future releases become closed source, at least the software is still made available free of charge in many instances. It's also nice to see that they'll be openly distributing a Windows version.


    Fyodor's Suggestion
    If you are feeling ambitious, write and distribute your own little
    program to solve a problem you are having or otherwise makes your
    life easier. It doesn't have to be anything big or fancy at first.
    Nmap started out as a little 2,000-line utility published in Phrack
    magazine. Post your creation to Freshmeat, or to nmap-dev if it
    relates to Nmap in some way. Hmm, I think there is a current vacuum
    in the open source vulnerability scanner field .

    o Or take a more active coding role for an existing open source
    project. In the Nmap world, former Google SoC students are
    developing three promising projects: NmapGUI and UMIT are new GUIs
    and results viewers for large Nmap scans, and Ncat is a powerful
    reinterpretation of the venerable Netcat. Working code for all
    three of these is available if you join the Nmap-dev list
    (http://cgi.insecure.org/mailman/listinfo/nmap-dev) and I'm sure the
    respective authors (Ole Morten Grodaas, Adriano Monteiro, and Chris
    Gibson) would appreciate help, feedback, and testing.

    o Find a bug in some open source software? Try to reproduce it with
    the latest version of the software and do some web searching to see
    if it is already known/fixed. If not, report it with full details
    about how to reproduce it and the platform and software version of
    the software you are running. It is even better if you can submit a
    patch which fixes the problem.

    o Join the relevant mailing lists for the project and help out new
    users. Maybe you can write or translate some documentation, such as a
    tutorial for using the product or a HOWTO for using it to solve a
    common need.

    o The Nmap Project does not accept financial donations, but many other
    projects do. If some little project does exactly what you need and
    saves you half a day of work or makes it into your regular-usage
    arsenal of tools, consider kicking the author back $5 or $10. Not
    only will it help defray costs of the project, but it shows the author
    that users really appreciate his/her work and thus makes a newer
    version more likely. Similarly, if you see an ad on the project
    web site that interests you, click on it and spend a couple minutes
    checking the product out.

    o Spread the word! Commercial software houses pay to spread the word
    about their product in magazines, web sites, TV, conferences, etc.
    Open source projects such as Nmap can't. So if you find a project
    useful, don't hesitate to post a link on your web page and mention it
    (including the URL) on mailing list, newsgroup, and web forum posts.
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts