Home > Privacy, Security > Interview: Nessus’ Ron Gula Interview: Nessus’ Ron Gula Thom Holwerda 2005-11-24 Privacy, Security 11 Comments Here is an interview with Ron Gula, to get a glimpse of Tenable’s free Nessus 3 vulnerability scanner. The interview discusses license changes, community involvement, daemon security, GPL open-source versus free, and more. About The Author Thom Holwerda Follow me on Twitter @thomholwerda 11 Comments 2005-11-25 2:01 am mjmoran ” Why did you choose to change the license of Nessus? Ron Gula: Customer demand. Organizations want a free product that they can use, and a place they can get commercial support and training from if needed. I’d also like to point out that although Nessus 3 is not released under the GPL, Tenable is still actively maintaining Nessus 2. We just released an update for Nessus 2.2 with lots of improvements.” This doesn’t make much sense. If they can change the license, then couldn’t they have dual-licensed it if there was this customer demand? Later, Mr. Gula mentions the speed increase, and makes a reference to what they did being the “special sauce”, which makes the customer demand reason seem a little shaky. Now, its their code, they can do as they want, but, I wish they would be forthright with their reasons. -Mike 2005-11-25 3:11 pm Tyr. Now, its their code, they can do as they want, but, I wish they would be forthright with their reasons. Yeah this kind of corporate spin really gets to me too. As if a bunch of their customers called them up and said “Oh yeah by the way please stop making your source code available to us.” And then come the contradictory stories : “the overwhelming reason was to have a better relationship with our user base – a majority of which can’t really use GPL code” So they can’t use GPL software … only they were. And instead of fighting the policy that would have prevented them from becoming your customers in the first place, you do a 180 ans support it. Jeez, just say you wanted more control and more money. At least then people can respect the honesty, if not the decision. 2005-11-25 5:25 am Been using Newt for a while now. Excited that it is now going to be free for bigger networks. 2005-11-25 5:26 am “GPL open-source versus free” – what a stupid comment. GPL software is as free as software will get. The only restriction is that the software remain free. 2005-11-25 12:00 pm Marcellus “GPL software is as free as software will get.” With hopes that this won’t degenerate, BSD licensed software is actually more free. 2005-11-25 2:08 pm John Nilsson With hopes that this won’t degenerate, Yeah, right. You belive in santa too? BSD licensed software is actually more free. This the thing that allway degenerate into a definition of free. Youre argument implies that a BSD licensed software is more free than a GPL licensed software. Assuming that you mean the software and not it’s users or service consumers, I think your are wrong. The GPL or BSD license doesn’t restrict the software in any way so booth are equally free in the sense that the software are free to do anything. Things that can make software non-free would be DMCA or software patents. If we assume that you mean that the BSD license gives more freedom to the user of the software and by virtue of that fact is inherently more free then we must define what the software actually is. Is a software an aggregation of all it’s past and future versions? If this is the case we should measure the freedom of a software is the sum of the freedoms granted to all users and all versions of the software. Ft = sum(Fv*U) (Fv = freedom of a version, U = users) Copyleft ensures that any future version of the software can not be less free than any of the past versions. (Fv+1 >= Fv) With copyleft we thus know that Ft always aproaches infinity if U >=1 Without copyleft OTOH Fv has the potential of reaching 0 so there is no guarantee that Ft will aproach infinity thus BSD it potentioally less free than GPL — This whole post is intended to be fun, but pleas continue the math if you please 😉 2005-11-25 6:36 pm Marcellus “Assuming that you mean the software and not it’s users or service consumers, I think your are wrong.” I’d say that since GPL software can’t (statically) link itself (legally) to software from certain other licenses, whereas BSD licensed can in the same case, BSD licensed software is more free The math should be completed with value of the software itself (by some usable metric), and the value it provides to the user. Another thing that is needed is a metric for survivability, which Nessus is now a perfect example of Now to sit back and watch how the Penguins vs Daemons fight goes Edited 2005-11-25 18:37 2005-11-26 2:05 am John Nilsson I’d say that since GPL software can’t (statically) link itself (legally) to software from certain other licenses, whereas BSD licensed can in the same case, BSD licensed software is more free A BSD licensed software isn’t allowed to link it self to a GPL licensed software, so in this case it’s a draw. Becase the BSD licensed software would also have to become a GPL licensed software to have that freedom ;p 2005-11-25 7:41 am Speaking as one of the main guys behind http://www.openvas.org, I found it curious that no mention was made of the various forks (including our own) in existence. 2005-11-25 12:45 pm They got too fed up with companys ripping of their sourcecode and using it in commercial products. You can’t blame them for closing the source, Hell it’s still free as in beer, and they were pretty much the only developers so closing the source won’t change things much. And hey you’re free to fork v2.2 and make your GPL v2.3 better than their closed v3. 2005-11-25 8:24 pm SQwerl “and they were pretty much the only developers so closing the source won’t change things much.” Yeah, I saw that also. If you aren’t getting anyone to submit actual code contributions, why keep it open? There really is no good reason to keep it GPL’d, since they aren’t getting any of the real benefits (code contributions) from the community. Hey, its still free to use. It isn’t like they had to do that.