Corsaire form alliance with the Nessus project to supply free vulnerability detection pluggins
Woking, Surrey, UK — 7 July 2004 —Corsaire (http://www.corsaire.com), a global leader in information security solutions and vulnerability research, has today announced an alliance with the Nessus project (http://www.nessus.org) to facilitate the supply of free vulnerability detection pluggins.
The Nessus security scanner is the de facto standard for the detection of vulnerabilities within a network environment and already has a database of over 2100 pluggin signatures. It is provided under the terms of the GNU Open Source license and is freely available to anyone with the wherewithal to download it.
Under the terms of the alliance there will be a co-ordinated release of Nessus pluggins at the same time as any Corsaire security advisory. This will allow users of the open source Nessus security scanner software to be able to detect the presence of vulnerabilities within their network environment as soon as knowledge of the vulnerabilities enters the public domain.
The window of opportunity between a vulnerability being announced and the subsequent worm, virus or attack tool appearing is decreasing all the time, remarks Martin ONeal, Technical Director of Corsaire. By freely supplying detection signatures in this way, Corsaire will be proactively helping to reduce risk by providing organisations with a practical approach to making the most of the limited time that is available.
Corsaire currently have a catalogue of around 45 unreleased vulnerabilities affecting over 140 different products, all of which will be ported to a working pluggin signature.
Obviously, the process has to be conducted responsibly, says ONeal. Any signature that would be released under this alliance would be scripted in such a way as to provide only detection capabilities, and not to supply enough information from which a working exploit could be engineered.
Renaud Deraison, leader of the Nessus project, Corsaire are well-regarded in the security industry and I was delighted when they approached me with the idea of forming this alliance. Our alliance is utterly unique; it signals a fresh approach from the industry – an information security supplier willing to provide vulnerability detection signatures consistently, freely and en masse under an open source arrangement.
Corsaire are a leading information security consultancy, founded in 1997 in Guildford, Surrey, UK. Through our commitment to excellence we help organisations protect their information assets to ensure that corporate risk is reduced and tangible value is achieved from their investments. We have spent over eight years perfecting the unique combination of industry knowledge, commercial experience and technology skills we come to our clients with a wealth of fresh knowledge and experience in leading industries around the globe. Corsaire bring innovation, integrity and analytical rigour to every job, which means fast and dramatic security performance improvements. Our services centre on the delivery of information security planning, assessment, implementation, management and vulnerability research. For more information visit www.corsaire.com
Jane Frankland Tel: + 44 (0) 1483 226 000 Fax: +44 (0) 1483 226 001 Email: [email protected]