Yesterday Tenable Network Security announced an update to their subscription model for their very popular vulnerability scanner Nessus. The bottom line is that as of July 31st 2008, any commercial use of the application will require a paid subscription. A small bit of good news is that it will still be free for home use and education purposes.
I know a ton of people that use Nessus, and now they face a buying decision of $1200 per license. While the cost per license is relatively cheap comparing to other vendors in the vulnerability scanner area, I miss the open source days of Nessus. But I understand their business decision, and I hope that people support the change.
Martin McKeay also posted his thoughts on the subject, and even had a podcast with Ron Gula himself about the changes.
Update: Nessus is dirt cheap comparing to eEye’s Retina! One Nessus license is $1,200, with maintenance included. The license doesn’t restrict the number of devices you can scan, so its basically unlimited. The cost for an equivalent license at eEye is … wait for it … close to $20,000! And then you have maintenance costs starting at $5,000! Compare the two and Nessus is a no-brain decision. I am sure that Tenable knew what their competition was charging, and I applaud them for not gouging their prices as well. I’m all for companies earning money on a product they developed, but don’t you think $20,000 is a bit much?
I think that this decision is a problem for lots of small companies, organizations, educational, NGO and so on. You have other possibilities to continue using Nessus in a free way. There are companies wich started to offer free feeds to use with Nessus after the Tenable announcement. For example, http://www.alienvault.com/free_feed_for_nessus.php has an automatic free feed wich is daily updated, or you can download feeds from http://www.secpod.org although they have to been manually installed.
Awesome to know that there are alternatives to the commercial Nessus plugin feed.