lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue Oct 11 03:05:13 2005
From: jericho at attrition.org (security curmudgeon)
Subject: Call to participate: GNessUs security scanner


Hi Tim,

Don't take this as anything but honest questions please! I am curious 
about everyone's thoughts and opinions on this, as I have mostly seen 
Renaud/Ron/Tenable pointing out some facts, and most replies being a bit 
lacking in reason and explanation. I ask these questions to *anyone* that 
has replied to the Nessus announcement.

: GNessUs is a GPL fork of the Nessus security scanner. As a result of 
: recent announcements by Tenable, we believe a fork of Nessus is required 
: to allow future free development of this tool.
: 
: Whilst we would like to believe that we will be able to continue to take 
: updates of the Nessus 2 source code from the Nessus web site we will be 
: endeavoring to add fresh functionality and plugins as part of the 
: GNessUs project. The fork will be based on the current nessus 2.2.5 
: packages from GNU/Debian, the source of which can be found above in a 
: slightly modified form. We would welcome contact from any interested 
: developers.

Nessus has been open source for a long time. Despite that, the majority of 
contributions have come from a very small amount of people. Even with 
plugins, some 95% (i think) were written by the Nessus team, not outside 
contributors.

Recently on DailyDave, Ron Gula replied:

  > Now that it is being closed, I wonder how long it takes before the 
  > community once supporting Renauld will fork the current  code and 
  > carry on by themselves.

  We haven't had any support of this kind. I really feel there are very 
  capable programers out there who can contribute to Nessus, but to date 
  we haven't really gotten any. Even on the NASL vuln check side, a 
  majority of the plugins are Tenable.

Renaud has also pointed this out, although I can't find the exact 
quote/list post. As far as the Nessus engine and functionality, there have 
been basically no real contributions or enhancements from anyone other 
than the core team/Tenable.

All that said, my questions: Why do you see a need to fork the Nessus tree 
at this time? Why haven't you or anyone else contributed in the past? 
Finally, do you think that if more people supported Nessus with 
contributions of code/time/enhancements, that they would have kept things 
the same?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ