Nessus 3 vs. OpenVAS
A recent announcement of a new Nessus 3 plugin (Nessus 3 Agent-less Compliance checks) reminded me of this particular open source vs. closed source can of worms.
To state the obvious, it’s up to the copyright holder to chose the license under which their product ships. It is also obvious that closing the source on a previously open-source project is certain to antagonize a subset of users and perhaps a sizeable one at that. Tenable spun their decision one way, the people that kicked off the OpenVAS fork have a different view. I haven’t kept tabs on either Tenable or OpenVAS; perhaps they’re both doing well, perhaps not.
Speaking for myself, Nessus 3 as closed source doesn’t work for me for philosophical and pragmatical reasons. It seems increasingly geared towards a clientele that is shopping for an off-the-shelf product and while I don’t know how much the open-source user community contributed back to the project, there is less incentive to contribute to a commercial project.