英語で読むNessus

Nessusは脆弱性のチェックをするソフトウェア。2018年で20歳ということで、去年のうちに書こうかと思ってたが、年を越してしまった。

Nessus Turns 20!

On April 4, 1998, I sent an email to the bugtraq mailing list to let a little group of security geeks (and I use that term with respect) know about a project I had been working on during the previous 12 months – a Linux app with a graphical interface that would check networks for more than 50 vulnerabilities. Yes, you read that correctly – 50 vulns! I vividly remember thinking that I’d release the software, incorporate the little feedback I’d get and move on to something else.
Instead, the feedback I received was so encouraging that I ended up dropping out of college (my parents were NOT happy, but that’s a story for another day) and creating Tenable.

セキュリティのgeekのメーリングリストで50の脆弱性をグラフィカルにチェックするツールを紹介したのが1998年の頃。その時のフィードバックを元にTenableを創業した。

* First, identify an unmet need (in the early days of Nessus, that was the graphical interface) and then deliver against it.
* Second, understand the power of industry context – or put another way, no engineering in a vacuum.
* Third, know your user and the community you serve.
* Fourth, work harder than your competitors.

Nessusが成功した理由を振り返りながら、４つの原則を導き出している。ひとつはunmet need、つまり満たされていないニーズを見つけること。そしてindustory contextを理解して、違う道を進むこと。no engineering in a vacuumは、競合している領域で頑張っても真空にエンジニアリングが吸い込まれるだけというニュアンスかな。

https://www.tenable.com/integrations/aws

Recognized as a Security Competency partner in the AWS Partner Network (APN), Tenable works with AWS in a variety of ways. Tenable solutions run in AWS; can scan AWS instances to detect vulnerabilities, malware and compliance issues (pre-authorized); can audit AWS infrastructure for adherence to AWS and security best practices; and can connect directly to AWS for CloudTrail event monitoring.

そのNessusを提供しているTenableはtenable.ioというAWS向けの脆弱性をチェックするサービスを提供している。