Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Nessus free version cancelled, now $1200/year
From: stripes <stripes () tigerlair com>
Date: Wed, 21 May 2008 19:31:49 -0700

Hi Fyodor,

Check out OpenVAS, http://www.openvas.org. It's a FOSS replacement
for Nessus. I believe it's off the last GNU version.


On Wed, May 21, 2008 at 07:17:36PM -0700, Fyodor wrote:
I normally don't post Nessus news to nmap-dev, but this affects Nmap
somewhat.  There is a new link on Nessus.Org to an "Important message
for our Nessus users":

And FAQ at : http://www.nessus.org/documentation/index.php?doc=feed-faq

The letter says that they are removing the free (but registration and
EULA acceptance required) "registered feed".  Users (except some
"personal non-commercial" users who qualify for a crippled "Home
Feed") now have to pay $1200/year to use Nessus.

Now don't go thinking this is just a crass attempt to milk more money
from Nessus users!  On the contrary, Tenable explains in the letter
that they are only removing the free version "to better reflect the
needs [of] our community".

There was already a big vacuum in the open source vulnerability
scanner space after Nessus closed their source in '05, and now that
vacuum expands to free vulnerability scanners in general.  It is time
the Nmap project step up to the plate and redouble our efforts with
the Nmap Scripting Engine!  We already have more than 40 scripts, and
we have two talented full-time GSoC NSE coders this Summer (Patrick
Donnelly and Philip Pickering).  I had a two hour IRC meeting with
them (and Diman) today.  I'm not suggesting that Nmap become a
vulnerability scanner as comprehensive as Nessus, but I do believe
that we can serve an important part of that market just by
concentrating on network discovery and remotely exploitable
vulnerabilities.  Nessus may have 20,000 plugins, but many of them are
ancient or are local filesystem checks for a patch issued by a
specific distribution.  Perhaps 90% of the value in Nessus is in the
top few hundred plugins.

While I'm a bit disappointed by this Nessus change, I respect that it
is Tenable's choice to make.  However, the Nmap Project is not
following suit.  We believe that we can best reflect the needs of our
community by staying free!


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

Gomez: I have seen the unholy     (\`--/') _ _______ .-r-.  
maggots which feast in the dark    >.~.\ `` ` `,`,`. ,'_'~`.
recesses of the human soul!       (v_," ; `,-\ ; : ; \/,-~) \  
Morticia: They're at camp.         `--'_..),-/ ' ' '_.>-' )`.`.__.')
stripes at tigerlair dot com      ((,((,__..'~~~~~~((,__..'  `-..-'fL    

Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]