Subject: RE: Nessus 3.0's failed community
From: "Larry M. Augustin" <lma@lmaugustin.com>
Date: Tue, 29 Nov 2005 16:02:06 -0800

Is this a failure of community, or a failure of business model?  Most Open
Source companies I know don't get a lot of leverage developing the core of
their software.  But that's not a big deal to them.  They get a lot of
benefits in testing, bug fixing, integration, and sales & marketing.  In
fact, the sales & marketing advantages seem to outweigh the R&D savings by a
significant factor.  The benefit of Open Source to the developing company
doesn't seem to be contributed code.

So I wonder if Nessus isn't looking for the benefits of being Open Source in
the wrong place?

Larry


> -----Original Message-----
> From: Brian Behlendorf [mailto:brian@collab.net]
> Sent: Sunday, November 27, 2005 4:43 AM
> To: fsb@crynwr.com
> Subject: Nessus 3.0's failed community
> 
> 
> So, is this an example that the open source approach isn't guaranteed to
> work no matter how "open" you are, or did Ron fail to provide both the
> processes and motivations to facilitate outside contribution?  It always
> surprises me when I hear certain open source companies brag about the fact
> that they get no outside contributors, or they have to rewrite everything
> that people offer them anyways, like that's some mark of success.  Isn't
> it instead a competitive weakness?  If you have to invest everything
> necessary to create a quality product, and all your service competitors
> have to do is learn how your product works....
> 
>  	Brian
> 
> ---------- Forwarded message ----------
> Date: 26 Nov 2005 23:26:04 -0000
> Subject: Nessus 3.0 discussed
> Link: http://slashdot.org/article.pl?sid=05/11/26/1629237
> Posted by: ScuttleMonkey, on 2005-11-26 21:33:00
> 
>     An anonymous reader writes "Nessus is one of the world's most popular
>     (open source) vulnerability scanners, used in over 75,000
>     organizations world-wide. Many of the world's largest organizations
>     are realizing significant cost savings by using Nessus to audit
>     business-critical enterprise devices and applications. With the recent
>     news of [1]going closed source Ron Gula took a few minutes to [2]talk
>     to SecurityFocus. From the article: 'I speak to a lot of different
>     open source project managers and they say similar stuff -- it's mostly
>     free users and not really code contributors.' What would happen now?
>     Nessus 3 will provide an average 5x speed improvement compared to the
>     old, but open source, 2.x version, and a lot of new features."
> 
> References
> 
>     1. http://it.slashdot.org/article.pl?sid=05/10/06/1853248&tid=172
>     2. http://www.securityfocus.com/columnists/371