From jan-oliver.wagner at intevation.de Mon Aug 4 11:14:39 2008 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Mon, 4 Aug 2008 11:14:39 +0200 Subject: [Openvas-announce] openvas-compendium 0.1.0 released Message-ID: <200808041114.42002.jan-oliver.wagner@intevation.de> Hello, the OpenVAS developers are happy to announce the first draft of the new OpenVAS Compendium 0.1.0. The LaTeX source code as well as a PDF and a HTML version are available for download at: http://wald.intevation.org/frs/?group_id=29&release_id=194 The is the first initial release of openvas-compendium. The Compendium replaces the previous openvas-manual. Note that this document is not complete yet. Further authors on special topics are welcome. Main changes: * Restart of the main documentation for OpenVAS. * The new document is based on LateX instead of lyx. * Switch to CC by SA license. Many thanks to everyone who has contributed to this release: Tim Brown, Carsten Koch Mauthe, Jan-Oliver Wagner and Michael Wiegand. Regards, Jan-Oliver Wagner -- Dr. Jan-Oliver Wagner Intevation GmbH, Osnabr?ck Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From jan-oliver.wagner at intevation.de Wed Aug 6 20:26:25 2008 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Wed, 6 Aug 2008 20:26:25 +0200 Subject: [Openvas-announce] OpenVAS Toolchain for Network Vulnerability Tests Established and Stable Message-ID: <200808062026.28295.jan-oliver.wagner@intevation.de> OpenVAS Toolchain for Network Vulnerability Tests Established and Stable, Now Focussing on Tests Development and Documentation In July 2008 the OpenVAS developer team finished the update cycle of the 1.0 release including all four server modules and the client. The most work during this update cycle went into cleanups and support for RPM and Debian packagers. The number of necessary bug-fixes remained pleasing low. OpenVAS installation packages are readily available for various platforms: OpenSUSE, Fedora, Mandrake, FreeBSD and Gentoo. Debian and Ubuntu are in the works. OpenVAS-Client is additionally available for MS Windows operating systems. The OpenVAS developer team has started creating a comprehensive documentation for the whole toolchain; the next major challenge for the project is now to extend the range of the vulnerability tests for present and upcoming CVEs, BIDs etc. It is a fundamental goal of the OpenVAS project team to accompany the Free Software OpenVAS network security scanner licensend under GNU GPL with a feed of vulnerability tests being Open Source and readily available for everyone as well. Additional contributors are welcome to join the OpenVAS developer team. Contact to OpenVAS development team via: www.openvas.org From michael.wiegand at intevation.de Fri Aug 22 13:51:41 2008 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Fri, 22 Aug 2008 13:51:41 +0200 Subject: [Openvas-announce] Contest: Best Advances for OpenVAS Network Vulnerability Tests Message-ID: <200808221351.41670.michael.wiegand@intevation.de> Contest: Best Advances for OpenVAS Network Vulnerability Tests ============================================================== The OpenVAS Team (Open Vulnerability Assessment System, [1]) has started a contest and calls for submission of patches, scripts, converters or anything else that significantly improves the OpenVAS framework and extends Open Source Network Vulnerability Testing. You are free to choose the area of improvements, examples are: * New .nasl scripts for recent security alerts * NASL libraries for simplifying development of new test scripts * Converter routines that (semi-)automatically create NASL scripts from formal security alerts. * Performance improvements for the current tests. There are many other ways to extend and improve the OpenVAS framework. The only hard requirement is that your solution is published as Free Software under GNU GPLv2+. The following rewards have already been offered by the contest sponsors: 1st place: 500 Euro 2nd place: 300 Euro 3rd place: 200 Euro The rewards might increase because additional sponsors are welcome to add to the rewards as along as the contest is open. The contest page [2] on the OpenVAS website will be kept up-to-date with the latest rewards. If you want to sponsor the contest, please get in touch with the project contacts [3]. The sponsors and OpenVAS steering committee will jointly choose the winners based on these criteria: * number of CVEs/BIDs covered * relevance of the covered alerts * sustainable future benefit (e.g. in the case of supporting APIs) * how well the development was coordinated via the public OpenVAS mailing lists (teams may win as well) * code quality (documentation, design, style) Contest sponsors are (sorted by amount sponsored): * Intevation GmbH, www.intevation.net * DN-Systems GmbH, www.dn-systems.de * Tim Brown Time table: 2008-08-23: Contest starts 2008-10-15: Contest closes 2008-10-30: Winners nominated How to participate: * express you wish to participate on the OpenVAS developer mailing list and present your idea * summarize you contribution before contests closes and submit it to the OpenVAS developer mailing list [1] http://www.openvas.org/ [2] http://www.openvas.org/openvas-contest.html [3] http://www.openvas.org/constitution.html -- Michael Wiegand OpenPGP key: D7D049EC Intevation GmbH, Osnabr?ck http://www.intevation.de/ Amtsgericht Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From michael.wiegand at intevation.de Mon Aug 25 12:06:26 2008 From: michael.wiegand at intevation.de (Michael Wiegand) Date: Mon, 25 Aug 2008 12:06:26 +0200 Subject: [Openvas-announce] openvas-server 1.0.2 Message-ID: <200808251206.26671.michael.wiegand@intevation.de> Hello, the OpenVAS developers are happy to announce that openvas-server 1.0.2 has just been released. The source code is already available for download (at http://wald.intevation.org/frs/?group_id=29&release_id=196); binary packages are expected to follow soon. This is a bug fix release for the OpenVAS-Server 1.0 series. It fixes two issues that could under some circumstances break the creation of new users or cause a network scan to exit prematurely, reporting an empty result. These bugs were introduced in 1.0.1, versions 1.0.0 and prior are not affected by this bug. If you are having the problems described above, we recommend that you upgrade to 1.0.2. Many thanks to everyone who has contributed to this release: Vlatko Kosturjak, Javier Fernandez-Sanguino and Michael Wiegand. Main changes are: * Removed obsolete documentation files. * Updated Debian packaing files. * Path fixes for openvas-adduser, openvas-mkcert-client, openvas-mkcert and openvas-rmuser * Fixed a serious bug that under certain circumstances killed a server process with SIGSEGV. * Added man page for openvas-mkcert-client * Some cleanups Regards, Michael Wiegand -- Michael Wiegand OpenPGP key: D7D049EC Intevation GmbH, Osnabr?ck http://www.intevation.de/ Amtsgericht Osnabr?ck, HR B 18998 Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner From jan-oliver.wagner at intevation.de Thu Aug 28 22:39:26 2008 From: jan-oliver.wagner at intevation.de (Jan-Oliver Wagner) Date: Thu, 28 Aug 2008 22:39:26 +0200 Subject: [Openvas-announce] openvas-compendium 0.2.0 released Message-ID: <200808282239.30701.jan-oliver.wagner@intevation.de> Hello, the OpenVAS developers are happy to announce the second draft of the new OpenVAS Compendium, release 0.2.0. The LaTeX source code as well as a PDF and a HTML version are available for download at: http://wald.intevation.org/frs/?group_id=29&release_id=197 Additionally, starting with 0.2.0, the compendium is available online: http://www.openvas.org/compendium/openvas-compendium.html Various sections have been reworked, filled and added. The task of this release is to identify the remaining TODOs for the final 1.0 release. The PDF version grew by 30 pages and is now at 87 pages. Main changes are: * Information about NVT feeds added * Information about NASL including APIs added * Information about Knwoledge Base (KB) added * Information about source code management, code quality and other developer support added * Reworked various chapters in order cleanup for final release. Contributors to this release: Jan-Oliver Wagner and Michael Wiegand. Regards, Jan-Oliver Wagner -- Dr. Jan-Oliver Wagner Intevation GmbH Amtsgericht Osnabr?ck, HR B 18998 http://www.intevation.de/ Gesch?ftsf?hrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner