[Openvas-discuss] Next Tier for the OpenVAS feed: join with OSSIM/AlienVault

[Jan-Oliver Wagner]

Hello,

currently there are two NVT feed for OpenVAS available:

 * The OpenVAS NVT Feed: http://www.openvas.org/openvas-nvt-feed.html

 * The AlienVault Feed: http://www.ossim.com/free_nessus_feed.php

The OpenVAS feed was limited to a consistent feed for the Debian Local
Security Checks so far and was permanently updated.

The AlienVault Feed derives from the needs of the OSSIM project
that incorporated Nessus in the past and now is going for OpenVAS.
It was created recently and uses the OpenVAS concept based on RSYNC
and GnuPG detached signatures. Additional to openvas-plugins and the
OpenVAS NVT feed it contained several NVTs from SecPod and AlienVault.

Vital discussion has established recently between OpenVAS and OSSIM
and the bottom line is to join forces. Not a surprise for cooperative-minded
Free Software people ;-)

IMHO, there is no reason why OpenVAS NVT feed shouldn't be changed/extended
in its contents/mission in order to suffice the needs of the OSSIM users.
Basically this would mean to simply add any available .nasl script that is committed
to openvas-plugins (all the SecPod scripts arrived in openvas-plugins trunk
already today - thanks to Chandra).
The mission of the OpenVAS NVT Feed would then be changed to something like
"Newest NVTs from Developer Team's Repository".

There are some smaller issues that would need to be discussed (like
clever structuring of families, OIDs and so on).
In fact I do not see any major blocker why we shouldn't start this right away.
Quite the opposite - (even slightly) diverging  feed contents, would cause
a lot of headache over time when trying to understand/discuss with other some
scanning  results.

Opinions welcome.

Best

	Jan

-- 
Dr. Jan-Oliver Wagner                        Intevation GmbH, Osnabrück
Amtsgericht Osnabrück, HR B 18998             http://www.intevation.de/
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner