By Sam Varghese
October 11, 2005
A group of British security researchers has decided to start a fork of
the popular Nessus vulnerability scanner, following a decision by the
owner of Nessus to change the licence under which the scanner was
Nessus was released under the General Public License (GPL) which means
its code was freely available.
The change of licensing terms was announced last week by Renaud
Deraison, who began the Nessus Project in 1998. Four years later,
Deraison co-founded a company named Tenable Network Security which now
Last week, Deraison said  the forthcoming version of Nessus,
version 3.0, would be available free, but not under the GPL.
He said the current version, Nessus 2.0, would continue to be
maintained under the GPL with bug fixes.
The British team is headed by Tim Brown who, in a posting  to the
Full-Disclosure vulnerability mailing list, said the fork would be
"As a result of recent announcements by Tenable, we believe a fork of
Nessus is required to allow future free development of this tool," he
Brown said the decision had been taken after consulting colleagues
from within the security industry.
"While we would like to believe that we will be able to continue to
take updates of the Nessus 2 source code from the Nessus website, we
will be endeavouring to add fresh functionality and plugins as part of
the GNessUs project," he wrote.
"The fork will be based on the current nessus 2.2.5 packages from
GNU/Debian (sic), the source of which can be found above in a slightly
modified form. We would welcome contact from any interested
InfoSec News v2.0 - Coming Soon!