[gnessus-discuss] Contributions (fwd)

Jason security at brvenik.com
Wed Nov 2 16:59:21 CET 2005

Robert Berkowitz wrote:
>>Thus, I suggest to always ask any volunteering contributor whether
>>they are able to write plugins or can test them thoroughly.
>>At best, make them responsible for certain areas (eg. MS security
>>bulletins, PHP or any other sensible grouping of security issues).
>>From the initial contact with people/companies willing to contribute
> we have had good response so far in the form of them willing to
> contribute to the plugin base.
> I would reccomend us taking a look at how the bleeding snort project
> accepts new signatures and perhaps model our plugin submission around
> it.

Being an aggregation point for plugins is ok but adopting the we accept
and publish anything mantra will negatively affect the ultimate quality
of the project. Bleeding rules for snort are often very poor quality,
lack documentation, have rudimentary testing, and are ultimately
irresponsible in that they lead people to believe they have coverage for
something they often do not.

If the project is to accept plugins from anyone without regard to
quality or effectiveness then there need to be a rating system behind it
so that people can understand the scope of the plugin and the
reliability it affords. Quality is more important than having X
capability for Y which may only impact a small subset of the population
and negatively affect the system overall.

> _______________________________________________
> gnessus-discuss mailing list
> gnessus-discuss at gnessus.org
> http://www.nth-dimension.org.uk/mailman/listinfo.cgi/gnessus-discuss

More information about the Openvas-discuss mailing list