[Openvas-announce] OpenVAS-5 BETA-Test phase started

Jan-Oliver Wagner Jan-Oliver.Wagner at greenbone.net
Thu Jan 5 23:16:09 CET 2012


the OpenVAS developers are proud to announce that the test phase for the
upcoming OpenVAS-5 started and the first releases have become available.

OpenVAS-5 is yet another major evolution step of the Open Vulnerability
Assessment System. Advances range from integration of CVE and CPE databse,
an Asset Management over vulnerability prognosis, a improved user interface
and not at least improved scanning and detection capabilities.

The OpenVAS-5-based Greenbone Security Manager recently passed the SCAP
validation of US agency NIST for category Unauthenticated Scanner.
All required criteria were added to OpenVAS-5.

A few features are still in the works and will be added over the next
couple of weeks during the Beta phase. Together with improvements based
on user feedback.

It is planned to close beta phase in february, entering the release
candidate phase. The aim is to release OpenVAS-5 in march, exactly
one year after the release of OpenVAS-4.

Major new features:

 * The web interface has been comprehensively updated, reflecting
   various of the following features. The navigation box is turned
   into a menu bar.
 * Introduced references section for results
 * Improved default reports
 * Support for listing NVTs addressing a certain CVE
 * Support for override lifetimes
 * Support for note lifetimes
 * Support for asset management
 * Support for integrated SCAP data
 * Support for prognostic scans
 * Support for large database files on 32-bit platforms
 * Support for task observers
 * Support for individual time zones for users
 * The max_host and max_checks scan performance parameters have been moved
   from scan configs to tasks
 * Support for delta reports
 * Trashcan: It is now possible to place objects in a trashcan
   instead of deleting them directly.
 * Support for container task (imported reports)
 * Support for specifying an SSH port for Local Security Checks
 * Support for escalating result to a Sourcefire Defense Center
 * Support for using an SSH key pair for SSH authentication
 * OpenVAS Management Protocol (OMP): New version 3.0 reflects new
   functionality of OpenVAS Manager and has all timestamps converted
   to cover timezone.
 * New user role "observer" for read-only access
 * Improved network scanning via nmap
 * Improved support for ssh scanning
Apart from this, comprehensive internal cleanups and improvements of the
build environment happened.


 * OpenVAS Scanner remains compatible with the previous release,
   so the latest release of the old OpenVAS-Client still works.

 * The OpenVAS NVT Feed will be extended with tests that take advantage of the
   network scan feature but fully keeps the behaviour for previous releases.

 * The OpenVAS Manager has a migration option for updating
   a OpenVAS Manager 1.0 / 2.0 SQL database to 3.0. But there is no support
   to downgrade the database back to 1.0 / 2.0.


If you like to try out the beta version of the upcoming OpenVAS-5 release,
you should install it separately from your stable release.

The OpenVAS team very much appreciates reports on any experiences with this
BETA series of OpenVAS-5. Please report on the OpenVAS mailing lists.

All download links can be found on the OpenVAS homepage:

A number of binary installation packages has shown up already and we are very
thankful for the great work of the package maintainers.
Best regards

        Jan-Oliver Wagner

Dr. Jan-Oliver Wagner |  ++49-541-335084-0  |  http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner

More information about the Openvas-announce mailing list