With news settling in that the makers of the network vulnerability scanner Nessus will not open source the next version of the software, the team behind the soon-to-be-renamed GNessUs project is growing fast and attracting attention.

Word broke on October 5 that Tenable Network Security, the company founded in 1998 to hold the copyright for Nessus, would not release Nessus 3.0 under the GNU General Public License (GPL). The company said it would continue to maintain the GPLed 2.2.x series, but would not open the source of the impending Nessus 3. By October 10, the GNessUs project launched a fork based on Nessus 2.2.5 and a community quickly began forming around it.

Tim Brown, a penetration tester for Portcullis Computer Security Limited in the UK and founder of GNessUs, said the idea to fork the project came out of conversations with colleagues in the security industry in England.

Brown said that the company's move to drop the GPL for Nessus 3 was no great surprise after Tenable split the plugin streams for the software and ignored concerns by Brown and others that vulnerabilities would be missed because people refused to check the streams for either fiscal or ethical reasons. "My fork is dedicated to that community," Brown said.

The split last December created a three-part stream structure that offered a fee-based "Direct Feed" with the latest vulnerability checks available from Tenable, a delayed feed available to those who registered with Tenable and agreed to Tenable's license agreement for plugins, and a "GPL Feed" with plugins from the user community.

The link for this article located at Newsforge is no longer available.