[Openvas-discuss] nmap + sourcefire = new vulnerability scanner
oday@fas.harvard.edu
oday at fas.harvard.edu
Fri May 25 08:25:08 CEST 2007
I think this has some relevance for the group here:
http://applications.linux.com/article.pl?sid=07/05/22/2239246&from=rss
Sourcefire and Insecure.org announced today that they will collaborate to
develop an open source Nmap-based vulnerability detection tool. The engine will
come from Insecure.org, based on its Nmap Scripting Engine (NSE), and Sourcefire
will develop plug-ins for the engine.
Sourcefire is the commercial venture formed by Martin Roesch, creator of the
very popular Snort, an open source intrusion detection system. Its business
model is based on a dual-licensing scheme. While Snort itself is free software,
licensed under the GPL, the "rules" it uses to identify specific threats are
dual-licensed.
Sourcefire subscription customers get closed-source versions of the rules, which
they are not allowed to distribute under any conditions, as soon as they are
available. After 30 days, the Vulnerability Research Team (VRT) rules (verified
by Sourcefire) are released under the GPL to anyone who registers and downloads
them. Other rules, developed by the open source community, are available as
well, under whatever license the creator has released them.
The Nmap-contributed engine will replace similar functionality currently used by
Sourcefire in its 3D System, which combines Snort with other components to
provide a complete system to "discover, determine, and defend." Sourcefire told
us today that they are unsure which license the plug-ins will be released
initially.
Fyodor, the creator of Nmap, took time from his busy schedule to brief us on
this new development for the project.
"Besides the Nmap Scripting Engine, we're working on a new cross-platform
graphical interface named UMIT. We are also ramping up for the Google Summer of
Code, which starts next Monday. Google sponsored six talented students to work
on Nmapfor the summer!"
If that's not enough, he added "Oh, and Nmap is celebrating its 10th anniversary
on September 1!"
Fyodor told us that the NSE is licensed under the GPL, and will continue to be
moving forward. He also said that he expects that Sourcefire will use a
dual-licensing scheme for the plugins, which would allow Nmap to include them
in its distribution, probably on a time-delayed basis as Sourcefire currently
does with Snort rules.
Fyodor denies that this news will serve to make him even richer and more famous,
saying "The Nmap project already had our 5 seconds of fame when Trinity used
Nmap to hack the Matrix. So for NSE we're trying to make the Internet a little
bit more secure rather than shooting for fame and glory."
More information about the Openvas-discuss
mailing list