This year marks the 15th anniversary of the Nessus® vulnerability scanner. Over the years, there have been many significant improvements to Nessus, and it’s repeatedly proven to be an essential part of my information security toolset.
I started using Nessus about 13 years ago. As a UNIX systems administrator, I was tasked with implementing security across our systems in preparation for a security audit. Naturally, one of the pieces of software I discovered was Nessus, which allowed me to scan my systems, reduce the number of exposed services, and apply patches to the operating system and software.
Fast forward to today, and guess what? It’s still a crucial part of my security toolkit — I use Nessus in support of penetration testing efforts, to evaluate the security of my own systems, and test the security of software and devices before they’re deployed.
We published a Nessus timeline which highlights more than 30 key milestones over the past 15 years.
Below are some examples:
- April 4, 1998: Renaud Deraison, 17 years old, announced the initial public release of Nessus — ran on Linux and was bundled with 50 plugins written in C.
- 2001: First time a major publication compared Nessus to other commercial offerings. Nessus won the “Vulnerability Scanners Shoot Out” by Network Computing magazine.
- 2002: 1,000 plugins available
- January 8, 2003: Tenable announced Lightning 1.0 (now called SecurityCenter™) to centrally manage multiple Nessus scanners
- August 1, 2006: First time Nessus scanned for configurations via .audit files
- December 11, 2006: First SCADA plugins released
- March 12, 2008: IPv6 security auditing added
- May 14, 2008: Nessus reached 20,000+ plugins and 5,000,000+ downloads
- November 30, 2009: Nessus API and Flash-based web interface introduced
- June 18, 2010: Nessus added support for auditing network devices starting with Cisco routers and firewalls
- October 1, 2010: Exploitability index classified vulnerabilities as exploitable or not
- December 7, 2010: Nessus Perimeter Service™ launched
- March 16, 2011: Nessus, Perimeter Service, and SecurityCenter™ were the first to add botnet, reputation, and malicious content protection.
- December 6, 2011: Patch management cross referencing announced
- May 30, 2012: Malicious process detection added
- July 19, 2012: Mobile device vulnerabilities detection introduced
- November 20, 2012: HTML5 interface was GA
As of today, April 4, 2013, the official 15th birthday of Nessus, there are 54,396 plugins, 55,000+ .audit checks, and 10,000,000+ downloads. It’s a testament to the hard work of Renaud and several talented software engineers who have contributed to the Nessus engine itself, the API, and the plugins. Happy 15th birthday, Nessus, and I’m looking forward to the next 15 years.
If you'd like to leave birthday wishes for Nessus or tell us how Nessus has benefitted your organization, please leave us a comment!