Recently, Michael Arnone from Federal Computer Week wrote an article about various open source projects going closed source. The article mentioned Nessus, OpenBSD and Mozilla and had several quotes from industry experts. We felt some of the comments about Tenable and Nessus were taken out of context and I would like to add some commentary to them:
- Nick Selby, a senior analyst for 451 Group, mentioned that "Nessus was probably the first major open-source IT security tool to become proprietary". We feel that both the Tripwire integrity checking tool and Gauntlet firewall projects had gone from open source to closed-source projects long before Tenable even existed.
- The article gives the impression that the licensing change was big news. I agree it made some headlines, but we've added far more users to the Nessus community. Most of these users are on the Windows platform and are not driven by the need to use an open source product. I think the real story is that most folks can get a product with a license and support model that is in line with their corporate guidelines.
- The article also implied that people were required to change their scanners. We have many users still running Nessus 2 and Tenable is still maintaining it, free of charge. For organizations who want to use that platform, we are not preventing them at all. Users who want more performance and support do have the option to upgrade to Nessus 3.