![[SJF Logo]](../../images/sjflogo.gif)
I'm a big fan of Nessus, the open-source vulnerability scanner, and I wrote about this excellent tool in Linux Magazine some time ago. There is an active developer community, and when a new vulnerability is announced, a plugin is usually built quickly and released.
Nessus competes with very expensive commercial scanners, such as Retina from eEye or FoundScan from FoundStone. It's not difficult to spend a couple of thousand dollars on these kinds of tools, and it's much more expensive if you're using these tools in a security consulting practice.
I dip a toe or two in Nessus development from time to time and am on the mailing list, and today we saw this doozy:
Date: Tue, 11 Nov 2003 11:07:23 -0800
From: Paul Weekley <pweekley@netxposed.com>
To: nessus@list.nessus.org
Subject: Nessus Reporting
Our company uses Nessus as its main engine for network audits of vulnerabilities. This is an awesome utility. While using Nessus, we have produced our own report which converts the xml output into both a standard report and a top level 'executive' report in both html and pdf formats.
Would others be interested in having their scans converted into this easy to ready, graphical reports for a modest price? Also, we are considering producing other report styles based on feed back.
We thought that this would allow another way to 'stand above' other reports by providing an easier and more attractive presentation.
We are interested in your input.
Paul Weekley
pweekley@netxposed.com
http://www.netxposed.com
Those not really hip to the whole "Open Source" thing might need this translated a bit: here's my effort:
If one would speculate "Hmmm, this won't go over so well", one would be right, and it's best embodied by the response from Renaud Deraison, the author and main driving force behind this wonderful tool.
Hello everybody.We make money selling security services using the free Nessus scanner, which is the fruit of the free labors of many on the mailing list. Like many of you, we've written some add-on software to work with Nessus, but unlike many of you who give it all back, we'd like to see if any of you want to pay us to use it.
Did we mention that we love your free scanner?
The old "think before you post" maxim comes to mind here.From: Renaud Deraison To: nessus@list.nessus.org Subject: Re: Nessus Reporting Paul, could you remind us what your company does or did to help Nessus developement before anyone even starts considering paying to get "better" reports ? Thanks, -- Renaud
Posted by Steve at November 11, 2003 07:11 PM
| TrackBack