Nessus Closes Source

Looks like as of version 3, Nessus will no longer be an Open Source app. In doing a little research here, it looks like many people have been suspicious of Tenable Security for a while now though. One of the main reasons Renaud gave for this change was “A number of companies are using the source code against us, by selling or renting appliances, thus exploiting a loophole in the GPL”. That's not a “loophole”, one of the main ideas of the GPL is to avoid vendor lockin. Tenable doesn't seem to get this and clearly wasn't able to differentiate themselves in a way that allowed them to make money. He also claimed that there were very few contributions made from the community. This seems to be a direct result of the attitude of the Tenable, as I've seen more then a few “we tried” stories around. In the end, having a successful Open Source project is about so much more than having good code. I've said this dozens of times – IMHO the success of Linux has more to do with Linus' personality and leadership skills than his coding ability. I stand by that. Now, this doesn't mean that he's not a good coder, just that you need so much more. Here's the CNet article and also a response from Fyodor. It's good to see that nmap won't be following suit. I had the pleasure of meeting Fyodor and can say that he really gets it – both from a technical *and* non-technical perspective. His response has some good pointers. It should be interesting to see if someone forks Nessus2-GPL (I am already hearing rumors that someone will) and what will become of Nessus3 (the non-GPL version) and Tenable. I also wonder how they will handle code that was contributed to Nessus under the GPL by non-Tenable employees.
, , ,
–jeremy

Advertisements

2 Responses to Nessus Closes Source

  1. Anonymous says:

    Now, can they actually do that? If they use GPL code, don't they have to keep derivative works open too? I'm assuming that they aren't doing a complete re-write.

  2. Anonymous says:

    It seems that they claim to have gotten permission from each contributor, which I find astonishing to be honest. I'd guess we'll hear more about this aspect at some point after the official release.
    –jeremy

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: