- Nokia's new N97 vs. the iPhone
- 10 Microsoft research projects
- Hard to get justice in MySpace case
- Smartphone smackdown: Storm vs. iPhone
- Apple removes antivirus support page
Tenable Network Security, the sponsor for the widely used open source vulnerability scanning tool Nessus for discovering weaknesses in software, plans to commercialize Nessus in a major upgrade to be unveiled next month.
Tenable CEO Ron Gula said the main technical change in the upcoming Nessus 3.0 is that it will run vulnerability scans at five times the speed of Nessus 2.0. Like Nessus 2.0, which runs on a variety of computer platforms, Nessus 3.0 will be free. But end users will have to obtain a commercial license for it rather than the less formal open source general public license. Tenable also anticipates offering a line of Nessus appliances in the future, and said the reason for the shift is because many organizations outright reject using open source tools due to concerns about support.
“We want to bring Nessus to a larger audience, so Nessus 3.0 is going to be closed source,” Gula said. “If it’s not open source, a lot of government agencies and enterprises can use it, where before they wouldn’t.”
Tenable estimates about 80,000 organizations use Nessus. Tenable, which sells the Lighting management console, earns service fees from Nessus open source users willing to pay for updated threat signatures when they’re available rather than waiting a week when the signatures are made available for free.
In addition, open source Nessus is also known to be used as a scanning component in many network security products, such as the ArcSight security-event management product. Tenable said it’s not tracking this kind of OEM use at present, and it hasn’t yet decided on an OEM strategy for Nessus 3.0.
Gula said Tenable intends to continue to make Nessus 2.0 available as open source and to maintain it, but others, fearing the end of Nessus as a open source tool, announced the intention to take Nessus 2.0 source code and keep developing it on their own. A U.K.-based group, dubbing itself GnessUS, vowed to “add fresh functionality and plug-ins” to Nessus, asking interested developers to join.
Burton Group analyst Eric Maiwald said commercial vulnerability scanners typically include more functionality than Nessus, which is an effective scanner but doesn’t have management components such as workflow, prioritization and remediation.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment