mailing list archives
Re: Call to participate: GNessUs security scanner
From: security curmudgeon <jericho () attrition org>
Date: Mon, 10 Oct 2005 22:07:19 -0400 (EDT)
Don't take this as anything but honest questions please! I am curious
about everyone's thoughts and opinions on this, as I have mostly seen
Renaud/Ron/Tenable pointing out some facts, and most replies being a bit
lacking in reason and explanation. I ask these questions to *anyone* that
has replied to the Nessus announcement.
: GNessUs is a GPL fork of the Nessus security scanner. As a result of
: recent announcements by Tenable, we believe a fork of Nessus is required
: to allow future free development of this tool.
: Whilst we would like to believe that we will be able to continue to take
: updates of the Nessus 2 source code from the Nessus web site we will be
: endeavoring to add fresh functionality and plugins as part of the
: GNessUs project. The fork will be based on the current nessus 2.2.5
: packages from GNU/Debian, the source of which can be found above in a
: slightly modified form. We would welcome contact from any interested
Nessus has been open source for a long time. Despite that, the majority of
contributions have come from a very small amount of people. Even with
plugins, some 95% (i think) were written by the Nessus team, not outside
Recently on DailyDave, Ron Gula replied:
> Now that it is being closed, I wonder how long it takes before the
> community once supporting Renauld will fork the current code and
> carry on by themselves.
We haven't had any support of this kind. I really feel there are very
capable programers out there who can contribute to Nessus, but to date
we haven't really gotten any. Even on the NASL vuln check side, a
majority of the plugins are Tenable.
Renaud has also pointed this out, although I can't find the exact
quote/list post. As far as the Nessus engine and functionality, there have
been basically no real contributions or enhancements from anyone other
than the core team/Tenable.
All that said, my questions: Why do you see a need to fork the Nessus tree
at this time? Why haven't you or anyone else contributed in the past?
Finally, do you think that if more people supported Nessus with
contributions of code/time/enhancements, that they would have kept things
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/