Date: Thu, 6 Oct 2005 09:04:27 -0700 From: "Gayn Winters" <gayn.winters@bristolsystems.com> To: <freebsd-questions@freebsd.org> Subject: Nessus no longer open source Message-ID: <058f01c5ca8f$a3ed7730$c901a8c0@workdog>
next in thread | raw e-mail | index | archive | help
One of the highest rated open source security programs, nessus, will no longer be open source. Quoting from an email from Renaud Deraison <rderaison@tenablesecurity.com> to nessus-announce@lists.nessus.org, "Nessus 3 will be available free of charge, including on the Windows platform, but will not be released under the GPL. "Nessus 3 will be available for many platforms, but do understand that we won't be able to support every distribution / operating system available. I also understand that some free software advocates won't want to use a binary-only Nessus 3. This is why Nessus 2 will continue to be maintained and will stay under the GPL." I'm not sure if Nessus 3 will be supported as a FreeBSD package. Apparently the folks at Tenable feel that they have been supporting the open source community but have been getting little back in plug-ins and vulnerabilities and virtually nothing back on the scanning engine for over six years. In fact, they have been slowly tightening their licensing (cf. http://mail.nessus.org/pipermail/nessus/2005-January/msg00185.html), and it would appear that they can and will continue to tighten it over time. Fyodor's analysis (http://seclists.org/lists/nmap-hackers/2005/Oct-Dec/0000.html) is that the open source community should take heed. He provides a list of ways to contribute to open source software projects. While the list is excellent, there are no new ideas in it. The thing that seems germane to the FreeBSD community is that ports, even extremely popular ones, are vulnerable, since under the GPL the AUTHOR of the code is not bound by the same restrictions that the users are. I'm not a lawyer, but as I understand it, the author can create a derived work of something under the GPL and license the derived work (a "rewrite" in the case of nessus 3) and arbitrarily restrict it. Given Renaud's claim that no one contributed to the scanning engine, he seems to have every right to create a new and closed version of it. The moral here, if there is one, is that if you really like a port, then you should contribute to it one way or another! Comments? -gayn
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?058f01c5ca8f$a3ed7730$c901a8c0>