All the Rage: Nessus: Open Source No More

Tenable Network Security, developer of the open-source Nessus vulnerability scanner, is changing the terms on Nessus 3.0 from GPL (general public license) to a closed-source license, terms not yet disclosed. The executables still will be free to users, and third-party products can execute it, but third-party vendors will not be able to bundle the Nessus engine into their products for free or manage the Nessus installation. The move is not entirely unexpected: Tenable was already limiting use of the Nessus plug-ins within Nessus or NeWT scanners. Nessus 2.x will still be under the GPL and will continue to be supported, Tenable said.

Tenable's move has raised an outcry, but it shouldn't be a surprise to anyone. For some time now, some software and appliance vendors have been repackaging and selling open-source software without giving back to the open-source project. In some cases, vendors have even violated the GPL by modifying the source code--without publishing the changes. You can see some examples at gpl- violations.org. If vendors continue to violate the terms of the open-source development agreement, you can expect others to follow Tenable's lead. This door-closing is regrettable, but the software generally remains free to users, and the only ones affected are unscrupulous vendors.

www.securitypipeline.com/