Nessus: Celebrating 15 Years

This year marks the 15th anniversary of the Nessus® vulnerability scanner.

Over the years, there have been many significant improvements to Nessus, and it’s repeatedly proven to be an essential part of the information security industry. For example, Nessus has consistently ranked among the top 3 network security tools on SecTools.Org for the past 14 years.

Check out the growth and top categories of the Nessus plugins, code size of major releases, worldwide usage, and a timeline of major milestones.

Plugins Over the Years

Number of Lines of Code per Release

Top Plugin Families

Nessus ProfessionalFeed Activations by Country

The History of Nessus

Renaud Deraison, 17 years old, announced the initial public release of Nessus®

April 4, 1998

Ran on Linux and was bundled with 50 plugins written in C


Windows auditing added


Nessus 1.0 release

May 17, 2000

Nessus won the "Vulnerability Scanners Shoot Out" by Network Computing magazine


First time a major publication compared Nessus to other commercial offerings


Tenable Network Security Inc. founded

September 2002

Tenable announced Lightning 1.0 (now called SecurityCenter™) to centrally manage multiple Nessus scanners

January 8, 2003

Tenable introduces first of its kind passive vulnerability scanner, NeVO 1.0 (now called Passive Vulnerability Scanner™), to complement Nessus

September 2003

Tenable introduced its unified Nessus Client — first Nessus GUI from Tenable

December 2005

Nessus 3 support for Mac OS X

March 2006

First time Nessus scanned for configurations via .audit files

August 1, 2006

First SCADA plugins released

December 11, 2006

Sensitive data discovery added — find SSNs, credit card numbers, "Top Secret", and more

March 28, 2007

Tenable SecurityCenter and Nessus certified to conduct CIS-certified configuration audits of Windows 2003 Server systems

May 21, 2007

IPv6 security auditing

March 12, 2008

SecurityCenter received SCAP certification from NIST

April 15, 2008

Ubuntu now supported

May 2008
May 14, 2008

PCI DSS plugins released

October 20, 2008

First Microsoft SQL servers database audits for DISA STIG compliance

February 2009

Nessus was named one of SC Magazine’s "Top 20 Products" of the last 20 years

November 2009

Nessus API and Flash-based web interface introduced

November 30, 2009

Nessus added support for auditing network devices starting with Cisco routers and firewalls

June 18, 2010

Exploitability index classified vulnerabilities as exploitable or not

October 1, 2010

Nessus Perimeter Service™ launched

December 7, 2010

Nessus, Perimeter Service, and SecurityCenter were the first to add botnet, reputation, and malicious content protection

March 16, 2011

Support for 20 different Unix/Linux platforms

April 2011

Patch management cross referencing announced

December 6, 2011

Nessus Perimeter Service with the Tenable PCI Scanning Service launched

April 17, 2012

Malicious process detection

May 30, 2012

Mobile device vulnerabilities detection

July 19, 2012

15,000 Nessus and SecurityCenter customers worldwide

September 5, 2012

HTML5 interface was Generally Available

November 20, 2012

Nessus' 15th birthday

April 4, 2013