[gnessus-discuss] OSVDB & Gnessus (fwd)
timb at openvas.org
Thu Nov 3 10:42:11 CET 2005
News just in... have added it too the Wiki... any thoughts? I guess
someone should liase with them.
Tim Brown, OpenVAS
<mailto:timb at openvas.org>
---------- Forwarded message ----------
Date: Wed, 02 Nov 2005 23:03:13 -0500
From: Sullo <sullo at cirt.net>
To: timb at openvas.org
Subject: OSVDB & Gnessus
First let me introduce myself. My name is Chris Sullo, and I'm one of the project leaders for the Open Source Vulnerability Database (OSVDB.org) and occasional contributor to Nessus via new or updated plugins.
I'm writing to discuss the potential of OSVDB working with the OpenVAS/Gnessus project.
When we developed the OSVDB roadmap, we outlined a goal to house GPL NASL plugins for Nessus. Recent events with Tenable's licensing (which you're obviously aware of) have made this goal even more important. While Tenable states they will continue to support the 2.x branch of Nessus, it's clear the primary development of code and (likely in the future) plugins will be geared towards the 3.x branch.
We would like to support the OpenVAS project by stepping up our plans to house GPL NASL tests as part of OSVDB. This can provide the framework for keeping up with the steady flow of new vulnerabilities, as well as back-filling vulnerabilities currently tested by Tenable proprietary code. The OSVDB back-end can support queues of vulnerabilities that do not have GPL plugins defined, and automatically generate the framework for a NASL script which already includes the OSVDB text description of the vuln and appropriate references to external information. In addition, OSVDB is a registered US non-profit organization (as "Open Security Foundation"), which could lend some legitimacy and allay any fears that the motives of OpenVAS may be commercial in nature.
I think there are a lot of ways the projects could benefit each other, and I'd love to discuss these ideas or any you have. There are already almost 20,000 vulnerabilities in OSVDB, and it is growing daily. With proper tools and the ability to manage those vulns, a GPL plugin feed could quickly grow to cover much more than the current plugin feed does.
http://www.cirt.net/ | http://www.osvdb.org/
More information about the Openvas-discuss