Software, even though it is free can soon become a risk to use because the exploits discovered by hackers don’t get shut down through development and testing. Community developers are very good at producing software for their own use, but they are blind to its faults and unwilling to overhaul it in the face of requests from business users. The next logical step along the path to commercialization was to invest in a full-time development team. So, there was a good income earner waiting to be picked up without removing the commitment to keep Nessus free. Offering a support package makes Nessus attractive. The software may be free, but businesses won’t touch it unless it is fully supported. This is where the charging structure of a commercial service added on top of open-source software wins.īy creating a charging service provider that is the definitive owner of Nessus, Deraison ensured the uptake of the Nessus Vulnerability Scanner by the business community. The key need for businesses when considering software acquisition is that it should be reliable and supported. Businesses don’t care about the price of software – it is just an expense and can be written off against tax. The commercial logic behind creating a paid version of free software is that most open source projects don’t attract corporate users. Many open-source projects have a paid alternative. The move to put a commercial skin on a free open-source product is not unusual. Tenable was formed in 2002 but didn’t come up with a paid version of Nessus until 2005. Nessus 3 is a considerable advancement to the previous versions and the hobbyists that produced forks of the code don’t have the resources to fully compete with Tenable. By investing in developing Nessus privately, Tenable has ensured that it keeps ahead of its rivals, both free and paid. Under the GNU licensing system, those copies can’t be sold commercially, only given away. Tenable is relaxed about the continued existence of the Nessus 2 code and the presence of near copies in the market. The move to proprietary ownership prevented Nessus from being completely crowded out by re-labeled copies of its own code. It went from being the only vulnerability scanner in the world to the leading vulnerability scanner. However, with Nessus, Deraison invented the concept of ‘remote vulnerability scanners’. The availability of the source code for Nessus 2 led to the creation of forks, providing rivals to the Nessus system. Earlier versions are still available under GNU General Public licenses. When Nessus 3 was released, the open-source project closed down, taking Nessus fully into the business as a proprietary system. Although the development project was community-driven, Deraison owned the copyright of the software. He set Nessus up as an open-source project and lead the community development of the software part-time while pursuing a career in IT during the day.Ĭontroversially, Deraison set up Tenable Network Security to manage the commercial possibility of the Nessus software. How can a product be older than the company that developed it? The Nessus system was developed by an individual, Renaud Deraison, and first released in 1998. Tenable, Inc began operations in 2002, but Nessus is much older than that. Although it has remediation procedures, it isn’t as comprehensive in the solutions section as a typical endpoint protection system would be. Nessus is a sort of firewall/antivirus system, but not quite. It watches running processes for abnormal behavior and it also monitors network traffic patterns. Nessus checks both hardware and software for known vulnerabilities. With all of these impressive statistics under its belt, you’re probably wondering why you have never heard of the Nessus Vulnerability Scanner. It has more than 57.000 Common Vulnerabilities and Exposures (CVE) in its dictionary and has the lowest false positive reporting rate in the industry. It has been installed more than 2 million times and is currently working to protect 27,000 businesses around the globe. A survey by Cybersecurity Insiders discovered that Nessus was the most widely deployed application vulnerability scanner in the world. This is the headline of the Forrester Wave Vulnerability Risk Management report for Q4 2019. The technology impact market research company, Forrester assessed Tenable’s Nessus Vulnerability Scanner as the leading vulnerability risk manager in the world.
0 Comments
Leave a Reply. |