Sunday, 15 June 2008

Nessus and Commercialisation

Welcome to the world of economics. We are in (like it or not) a world of supply and demand. A world of limited resources.

In response to those asking “what about those who have submitted to Nessus”:
Back in the deep dark 90’s I hosted the Australian mirror for Nessus. When you chose “Select a server near you: Australia”, we where hosting it. My team and company submitted a fair number of things. So I believe that I can speak with authority with this topic.

Guess what I HAVE been paid for this time. Not in money, but in the same as all the others have. I used the product. I did my job, sold consulting time and got paid. Money did not come from Nessus directly, but I have made money from them. Just like all the other people who have used it commercially.

Being that there is an economic aspect to the earth, we can not forget this. The people who created and who maintain Nessus can other things as well. Do we presume to state that they have to maintain it in perpetuity – gratis?

Even when those people have added some input into Nessus, compare this to the commercial cost of a tool. I doubt that there are many who have added anywhere near enough to account for the cost of the alternative products. I remember signing for over $50k for ISS licenses at one point. I have not submitted that amount of effort myself to the Nessus project, and this is over a decade. This is including where I allowed staff to build new plugs and submit them in work time.

But wait, I still gained for that as well. And much of the material used was gained from clients. In particular, my former company at the time was maintaining security systems for the Australian Stock Exchange. We gained a large amount of information on threats, new attacks etc (strange that a stock exchange should be a target…). Some of this ended as new plugins. Again, we benefited from this. I benefited from this. I made money from Nessus as have most on this list who use it.

If it made you job easier, you have received something for nothing. If you have used it for consulting you have something for nothing. If you have used it to learn from, you have something for nothing and continue to do so. Rather than whining about the HUGE cost (which is less than I spend on coffee), be thankful for all the time it was free!

Yet it is free for education. It remains free for a number of purposes.

Commercialisation is not a bad thing. The Nessus team have a right to earn money for their efforts. They are not slaves bound to code for the great unwashed for eternity.

If you do not like it, there are options. Buy another commercial product (or again is this the we need something for free argument?)

To all those self centred, ignorant people, grow up! You are milking the developers of Nessus and have done so for years. They have a RIGHT to gain for their labour. Even the damned communists where not daft enough to believe that people had to work for nothing. At the price, Nessus is a bargain.

If you want a free alternative that is guaranteed to remain free, put in your own time. I will do the same. I will happily create a deed to form the product that will legally guarantee it remains both free and available. There is a catch to this. Those who volunteer will need to guarantee (in a legally binding sense) there time (in perpetuity). The product will be free at the cost of say 5 hours a week that you either do or to which you give the equal monetary compensation, say $120 an hour.

At current rates the annuity cost (financially assuming existing bond rates) for this equates to about US$260,000 (2 weeks holiday annually included). Who wants to sign up? I will write it and the software will be set as free forever and maintained. But if you drop out without signing up a replacement, trust me when I state that I will made the deed tight enough that even bankruptcy will not save you from paying out the remainder in money other then time.

For this is exactly what many of us are in effect demanding of the Nessus team.

This is in effect what the Nessus team have done. In fact, most if not all of them have done far more than this. We have in effect bled millions from them that they could have made, and we whine when the cow stops giving milk. Rather than being grateful for ALL that we have received, we complain!

No comments: