English | Deutsch
Home »

Project News

See our News Archive for a complete list of OpenVAS project news.

March 8th, 2017 - OpenVAS-9 released: Upgraded web GUI with dashboards and asset management

The new generation of OpenVAS [1] is the result of 24 months of intensive work. Version 9 of the open framework for vulnerability scanning and management introduces a new web GUI with dashboards and extensive comfort functionality for the user. The asset management opens a door for new ways to analyse scanning results and control the vulnerability management.

The immediately visible highlight of this new release is the upgraded user interface. This ranges from an advanced dashboard feature over a full-size browser window up to intelligent dialogs to name just a few of the web interface changes. Most notable new functionality is the explicit asset management which adds a new view on scan results for hosts and operating systems. It also forms the foundation for new and fast vulnerability management workflows. Apart from this, slaves become scanners which is one more step towards a full multi-scanner architecture.

The increasing pace of conceptual progress and the continuous improvements is primarily contributed by Greenbone Networks [2]. Greenbone develops OpenVAS as a basis of their professional appliance product family "Greenbone Security Manager".

In the past Greenbone did not push the branding of the commercial options and many OpenVAS users are not aware of it. We start to change this step by step for mutual benefit. The first step is the GSM Community Edition (GCE) which is a freely downloadable turn-key virtual machine [3]. It replaces the OpenVAS DEMO VM which required too many manual steps for a quick trial. GCE is a derivative of the GSM product family which essentially means effortless publication of updated virtual images on a regular basis.

Users building from source code, please refer to the documentation of each module (INSTALL/CHANGES) about compatibility changes and other relevant setup aspects. A careful installation will migrate the OpenVAS-8 database automatically and seamless. However, prior backups are your duty.

The new release is available as Free Software under the terms of the GNU General Public license (GPL).

[1] OpenVAS: http://www.openvas.org/
[2] Greenbone: http://www.greenbone.net/
[3] GCE: http://www.openvas.org/vm.html

April 2nd, 2015 - OpenVAS-8 released: Charts, Quality of Detection and PostgreSQL-Support

Following the annual release cycle, the new generation of OpenVAS [1] has been released. The new version of the open framework for vulnerability scanning and management, OpenVAS-8, introduces a comprehensively extended and improved feature set. Advances and improvements were achieved in virtually all areas.

Highlights of this new release are the chart module for a variety of graphical representation, the Quality of Detection (QoD) concept and the optional support of PostgreSQL as database backend. Major advances were also achieved for the access control management: more roles, group admins and super-admin to name just a few. Notable as well is the introduction of the optional multi-scanner support via the new protocol OSP (OpenVAS Scanner Protocol) for which a growing number of servers is expected for the future. Last but not least, the OpenVAS Scanner now requires less resources and uses redis[2] for the inter-process communication.

All in all OpenVAS-8 ships 28 new and improved features, accompanied with countless smaller changes. The systematic improvements and reliable release of one major update every twelve months once again underlines the position of OpenVAS as the most advanced Open Source solution for vulnerability management. The new version can be downloaded free and is available as Free Software under the GNU GPL license.

The company Greenbone Networks [3] develops and uses OpenVAS as a base for its appliance product family for vulnerability scanning and management. Together with the company SecPod [4] and the growing community, new vulnerability tests and feature improvements are developed on a daily basis. The German Federal Office for Information Security (BSI) [5] supports and utilizes OpenVAS, together with many other federal agencies, as part of their IT security framework.

Read the full announcement

April 25th, 2014 - OpenVAS-7 released: Unified Severity Concept and Access Control Management

Following the annual release cycle, the new generation of OpenVAS [1] has been released. The new version of the open framework for vulnerability scanning and management, OpenVAS-7, introduces a comprehensively extended and improved feature set. Main advances/improvements were undertaken in three domains: improvements to the user interface for power users as well as for beginners, access control and module architecture improvements.

Highlights of this new release are the object tagging, replacement of threat view by severity view and a new report browser. Another major change is the introduction of access control with groups, roles and permissions. On the architectural side two modules were dropped, the Administrator has been merged into Manager and the desktop client GSD has been dropped in favor of focussing web client advances.

All in all OpenVAS-7 ships 37 new and improved features, accompanied with countless smaller changes. The systematic improvements and reliable release of one major update every twelve months once again underlines the position of OpenVAS as the most advanced Open Source solution for vulnerability management. The new version can be downloaded free and is available as Free Software under the GNU GPL license.

The company Greenbone Networks [2] develops and uses OpenVAS as a base for its appliance product family for vulnerability scanning and management. Together with the company SecPod [3] and the growing community, new vulnerability tests and feature improvements are developed on a daily basis. The German Federal Office for Information Security (BSI) [4] supports and utilizes OpenVAS, together with many other federal agencies, as part of their IT security framework.

OpenVAS-7 can be experienced live at the Linuxtag Conference and Exhibition in Berlin (Germany) [5] from 8th to 10th of May 2014 at the BSI booth.

Read the full announcement

April 17th, 2013 - OpenVAS-6 released: Integrated security information and integration with security tool chain

In keeping with the annual release cycle, the new generation of OpenVAS [1] has been released. The open framework for vulnerability scanning and management, OpenVAS-6 introduces a comprehensively extended and improved feature set. Main advances/improvements were under taken in three domains: 1. improvements to the user interface for power users as well as for beginners, 2. comprehensive integration of international and regional security information and 3. integration with the security tool chain.

Highlights of this new release are the power filter concept and security information management. The latter integrates not only official cross reference of SCAP data right into scan results; with integrating security data of a major German computer emergency response team, DFN-CERT [2], it also adds analysis and reporting capabilities considering regional language and a regional security focus. Improved scan capabilities, password policies, a scan wizard and various other elements round up the new additions into this new generation of OpenVAS. Special attention was given to the integration with the security tool chain via a plugin for the system monitoring family around Nagios [3] and a connector for integrating with the information security management system (ISMS) verinice.PRO [4].

All in all 15 new features were added, accompanied with countless improvements. The systematic improvements and reliable release of one major update every twelve months once again underline the position of OpenVAS as the most advanced Open Source solution for vulnerability management. The new version can be downloaded free and is available as Free Software under the GNU GPL license.

The company Greenbone Networks [5] develops and uses OpenVAS as a basis for its appliance product family for vulnerability scanning and management. Together with the companies SecPod [6], SecuritySpace [7] and the wider community, new vulnerability tests and feature improvements are developed on a daily basis. The German Federal Office for Information Security (BSI) [8] supports and utilizes OpenVAS, together with many other federal agencies, as part of their IT security framework. The company Greenbone Networks [5] develops and uses OpenVAS as a basis for its appliance product family for vulnerability scanning and management. Together with the companies SecPod [6], SecuritySpace [7] and the wider community, new vulnerability tests and feature improvements are developed on a daily basis. The German Federal Office for Information Security (BSI) [8] supports OpenVAS and uses it, together with many other federal agencies, for their IT security framework.

OpenVAS-6 can be experienced live at the Linuxtag Conference and Exhibition in Berlin (Germany) [9] from 22nd to 25th of May 2013 at the BSI booth.

Read the full announcement