lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue Oct 11 16:26:50 2005
From: madhat at unspecific.com (MadHat)
Subject: Call to participate: GNessUs security scanner 

On Oct 11, 2005, at 12:34 AM, Valdis.Kletnieks@...edu wrote:
> On Mon, 10 Oct 2005 22:07:19 EDT, security curmudgeon said
>> Nessus has been open source for a long time. Despite that, the  
>> majority of
>> contributions have come from a very small amount of people. Even with
>> plugins, some 95% (i think) were written by the Nessus team, not  
>> outside
>> contributors.
>>
>
> At least for some people (including myself), software verifiability  
> and
> transparency is important.  I've never contributed code to the  
> Nessus tree, but
> the availability of the source so we can tell what it's *really*  
> doing has been
> important more than once.  And there's philosophical appeal in  the  
> idea of a
> product being open-source, and software company business models  
> organized
> around consulting/support contracts (see Sendmail Inc or Red Hat  
> for example).
>
> Having said that, I don't particularly insist that it need be a  
> *GPL* license.
> Most of the OSI "Open Source" licenses would be acceptable (and in  
> fact, I've
> dealt successfully with more than one project where the source was  
> "available
> but closed" - Dan Bernstein isn't the only guy with his style of  
> licensing).
>
> Of course, the fact that the Nessus 2.2.5 tree is *already* GPL  
> means 2 things:
>
> 1) Tim is totally in his rights to start a fork - if anything, the  
> right to
> fork the tree is one of the primary rights under the GPL.

Not all of 2.2 is GPL.  Many of the NASL scripts are not, and this  
includes ALL of the SMB stuff.  Only the engine is GPL.  All of the  
SMB stuff (meaning the functions to connect to Windows shares and  
query the registry and check SMB specific "stuff") is implemented in  
NASL code, not in the engine.  When 2.2 came out, the shift to non- 
GPL scripts changed more than just the checks, some of the inner  
workings of NASL through include scripts and dependancies also became  
non-GPL, though I don't think most people noticed this.

--
MadHat (at) Unspecific.com, C?ISSP
E786 7B30 7534 DCC2 94D5  91DE E922 0B21 9DDC 3E98
gpg --keyserver wwwkeys.us.pgp.net --recv-keys 9DDC3E98

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ