Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Giving Nessus Reports to clients -- Licensing, Legal, etc

from [Ron Gula] Network Security [Permanent Link]
Subject: Re: Giving Nessus Reports to clients -- Licensing, Legal, etc
Date: Mon, 09 Apr 2007 18:42:56 -0400 
Jon D wrote:

I've heard of PenTesters giving a Nessus scan report to the client as part
of their final report.
I read through the nessus licensing agreement, and I didn't say where it
said it's not allowed.

Is this legal?
Also, is it legal to copy text from the nessus scan for a report?



Thanks in advance.



Hi Jon,

The real issue I have here is what is passed off to a client as original
work. For example, there are many MSPs who take the Nessus direct feed,
rip out any reference to Tenable Network Security or Nessus and pass off
the entire context as original work. Technically, this isn't a copy,
it's editing the results to make it look like something else.

As far as things being "legal" though, I would not recommend you seek
legal advice for using Nessus on this list -- seek them from a lawyer. I
don't have any idea what sort of service level agreements you're making
with your customers, if you've given your customers indemnification, if
you are honoring the Nessus trademark or even what you (or your sales or
marketing group) told your customer. I've even seen issues where a
consulting organization has had their lawyers assert that no open source
tools were being used on a job, only to find our that someone was still
using Nessus 2, MetaSploit and so on.

Ron Gula, CTO
Tenable Network Security


















_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Nessus Compliance Check White Paper Question, Nicolas Pouvesle
Next by Date:  Nessus users, how to see a list, delete one or more, Burslan, Mel
Previous by Thread:  Giving Nessus Reports to clients -- Licensing, Legal, etc, Jon D
Next by Thread:  Nessus Compliance Check White Paper Question, jfvanmeter
Indexes:  [Date] [Thread] [Top] [All Lists]