tag:blogger.com,1999:blog-6690994337395244641.post3363712084132559536..comments2022-03-30T14:14:56.448-05:00Comments on Paul Melson's Blog: Is it illegal to pass off Nessus reports as your own?PaulMhttp://www.blogger.com/profile/02530533566781746778noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-6690994337395244641.post-38803953455596950542007-04-13T05:53:00.000-05:002007-04-13T05:53:00.000-05:00Tenable has added very much to Nessus during the p...Tenable has added very much to Nessus during the past 4 years and Renaud is still very involved as a Tenable co-founder. There are partnerships with OS vendors, much more resources to add new checks and so on. <BR/><BR/>As for the question wrt copyright, we can absolutely put a copyright on the plugins that were written by Tenable, just like any author can put in their work.<BR/><BR/>Typically debate about this sort of stuff comes up when a vendor wants to include Nessus 2 and some of the older plugins that were available before Tenable clarified the subscription licenses. What this amounts to is having a scanner with vulnerability checks that are very out of date. <BR/><BR/>It also leaves the customer hanging because their vendor can't use the more advanced features of Nessus 3, nor the latest plugin checks. It also gives a false sense of security as the customers never get alerts for things like this week's MS Tuesday checks.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6690994337395244641.post-67329399930906974172007-04-12T20:20:00.000-05:002007-04-12T20:20:00.000-05:00Ron,Thank you for your reply. I definitely agree ...Ron,<BR/><BR/>Thank you for your reply. I definitely agree that there are those consultants that aren't upfront about or even outright deny their use of Nessus. To me this is foolish behavior, since those that know, know that Nessus is one of the best vuln scanners available. <BR/><BR/>I used to do pen-testing at a company where we used Nessus and a commercial product for the initial scans. The commercial product changed over the years - typically dictated by partner relationships - but Nessus remained.<BR/><BR/>There's no question in my mind that Nessus has always been better than 90% the work of Renaud. That said, is Tenable legally able to mainain the copyright of the NASL scripts that were created/contributed in Nessus' GPL days?PaulMhttps://www.blogger.com/profile/02530533566781746778noreply@blogger.comtag:blogger.com,1999:blog-6690994337395244641.post-22032502046489574072007-04-12T19:05:00.000-05:002007-04-12T19:05:00.000-05:00Hi Paul, The majority of the 14,000 plugins availa...Hi Paul, <BR/><BR/>The majority of the 14,000 plugins available in the Direct or Registered Nessus feeds were written by Tenable. <BR/><BR/>The plugins that were contributed by 3rd parties also have the copyright of the original author, but are also maintained by Tenable with bug fixes, new types of checks, false positive/negative tweaks and so on. <BR/><BR/>I think a lot of organizations, consultants, service providers and so on use Nessus "legally" (or maybe "honestly" is a better word), but there are more than a few that cross the line in over-claiming what they deliver or developed.Anonymousnoreply@blogger.com