rgula@tenablesecurity.com wrote:
I'm sure the sourcefire folks are thrilled at haveing a
another signature farm out there. Having a false positive
in an IDS sig just means more alerts. Having a bad plugin
for Nessus means angry system administrators and
tarnishing >the name of Nessus.
Interesting response. So are you saying you don't like it
- or it would break the license?
I don't like it. If the plugins were not GPL, this would
break the license.
;-) We are talking
theoretically here - there's been nothing but hot air so
far on the issue of others writing "competing" plugins -
but it could (legally) happen?
I'm not a lawyer.
As far as snort goes, I haven't heard any complaints from
Sourcefire about having the competition - to be honest -
they meet the needs of two different market segments.
You would not hear complaints. It is extreamly difficult
for any vendor (unless you are microsoft) to make complaints
about people who volunteer their time, regardless of the
quality of research or code.
It's disingenuous to say that a separate plugins stream
would "tarnishing the name of Nessus" - it hasn't
happened to Snort - and a site would have to actually do
something to pull such a structure in. I can't see how
they could say it was Nessus's fault.
Customers of Tenable have a much different level of
expectation for support than those who don't. And even
those who are not Tenable customers regularly email our
support links for questions about Nessus. Most of us on
the list are technical and detail orientated, but for
those of us who aren't, when they grab the Nessus scanner
and a set of plugins that may not be up to par, Nessus
will suffer the blame, not the plugin writters. No one
asks 'what plugins were you using' they ask, what tool
were you using.
In both cases of Snort and Nessus, I like them as they
have quality control of their "official" plugins - but
give me the ability to create my own - or use others that
someone else has written. Such a feature is one of their
greatest assets.
I can re-word this to say, "give me the ability to use
someone else's plugins that are up to date, so I don't
have to pay for Tenable's feed". Now that is not what you
said, but if it is something *other* than a recent plugin
for a recent vulnerability, Tenable is gladdly accepting,
maintaining, QAing, .etc new plugins sent to us and they
are all GPLed.
If folks really want lots of alternatives for
non-traditional
checks or stuff outside of the current body of plugins, I'd
really welcome that. However, most of the conversations on
and off list have been around avoiding payment of the
license
fee for the direct feed.
Ron
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
