back to article Tenable's response to folks upset at AWOL features: A 150-emails-a-minute spam storm

Tenable Security has given itself two problems, by releasing a product its users don't like, and then adding them all to a support email group that's sending uncomfortable volumes of messages. The new product is Nessus Professional v7, which Tenable has declared is just fabulous thanks to new licensing, improved reports, and …

  1. Doctor Syntax Silver badge

    You know somebody had to: it sounds untenable to me.

    1. Mike Moyle Silver badge

      Damn! You beat me to it! Have a virtual pint!

  2. Anonymous Coward
    Anonymous Coward

    Another example of Agile at its best...

    I expect.

  3. Pompous Git Silver badge

    releasing a product its users don't like

    If it works for Microsoft...

  4. Jonbays

    Tenable have got big arrogant and dumb, but then what could you expect from the united states they voted for Trump as their president?

    1. Anonymous Coward
      Anonymous Coward

      And what country _were_ you from before today?

      (Good grief, another oxygen breather. What can you expect? Frazgt, probably imbibes water too.)

    2. Anonymous Coward
      Anonymous Coward

      At JonBays, re: "dumb Americans".

      Not ALL of us voted for that man, but thank you for lumping us all into the same pot.

      In that same fashion, thanks for being an uppity, know it all, fekking smeghead Brit.

      To all the folks that are intelligent enough not to lump an entire group of people into the same boat just because a vociferous minority did something stupid, I thank you & offer a pint.

      To everyone whom insists on labeling us "'Muricans" & other such idiocy, may you choke on said pint.

      Have a nice day...

      *Leaves a twenty on the bar to pay for all the drinks*

      1. Anonymous Coward
        Anonymous Coward

        Re: At JonBays, re: "dumb Americans".

        Even worse, some of you voted for Clinton.

      2. w0rkRB

        Re: At JonBays, re: "dumb Americans".

        Thanks for the pint, sadly with the costs going up as they are in Brexit Britain twenty quid will get you at most 4 pints in some of the backwaters of Somerset, in London fewer than that.

        Speaking of voting and crap governments.............

  5. Anonymous Coward
    Anonymous Coward

    I worked at Tenable for over four years and left the company due to its toxic culture. They really don't care about customers or their employees and will take any and all shortcuts to make a profit. This company is going to fall soon.

  6. This post has been deleted by its author

  7. This post has been deleted by its author

    1. xewill

      Recommendations for other products please.

      1. ninjaturtle

        openvas was forked from Nessus when it was still open source, and does not require paid subscriptions

        1. Anonymous Coward
          Anonymous Coward

          OpenVAS is nice but it's hard to get it going and to keep it going though

          1. Tom Paine

            It was an absolute bear for the first few years after the fork at least; eventually I gave up on it. The test database wasn't scratching the surface of new vulnerabilities either. I'm also in the market for an alternative now - desperate to get off Qualys but sadly out of touch with the current alternatives. (I guess Retina isn't a thing any more? Has it finally died and had a decent burial?)

      2. This post has been deleted by its author

      3. Tom Paine

        Yes, please. Perhaps El Reg could get a few cynical red- and blue-teamers down the pub, provide beer, and get some genuine customer testimonials?

  8. TrumpSlurp the Troll Silver badge


    There should be a kickback or devil take the Hindmost joke in there somewhere.

    1. diver_dave

      Re: Nessus?

      There should be a kickback or devil take the Hindmost joke in there somewhere.


      Missed it the first time..

      Have a pint!


  9. Tanglewood73

    Well done Tenable for taking a program we pay for and making it completely useless to us.

    The only way we use Nessus is via custom software and the API to extract the resulting scan information into a database which makes is useful to us to automate vulnerability fixes and quickly find which devices need the most work.

  10. xewill

    So, here's the thing.

    I won't be buying software from Tenable again.

    Yes, I'm annoyed they've removed features I paid for, but who is to say that if I upgrade, they won't remove the features I rely on from that edition too.

    I cannot buy from them, if I do not trust them.

    A shortsighted move.

  11. 2StrokeRider

    Used Nessus forever....forever is over. I rely on automation, Nessus without an API is as useless as someone that voted for Clinton.

  12. EJ

    I'll be totally upfront: this is because of us. Every product my company purchases immediately turns to crap and the support implodes. Sorry about that.

  13. ThatOne Silver badge

    O brave new world, that has such people in't.

    Once upon a time, companies were proud to make as good a product and have as good a customer support as possible. Their joy and pride was to exceed customer expectations.

    Unfortunately marketing took over: Nowadays it's about scamming customers out of as much money as possible, while spending as little effort and money as possible. Unfortunately these aggressive "new style" companies make much more profit than the quaint old ones, so the writing is on the wall: Everyone will eventually abandon the pretenses of caring about customers and just go directly for the money. Keep in mind that the most profitable business plan is one which offers nothing at all for the customers' money, an age-old principle also known as "robbery"...

  14. julian_n

    Someone has shot themselves in the foot

    We have just cancelled our Tenable order - only for three copies but that is still over $7k - placed last week but will arrive too late for the API cutoff. A pain as we had written a load of Python scripts to manage the scan output. The silly thing is that had we got the Nessus scanners in there was a possibility we would have then moved to something like Security Centre. Now - no chance at all.

    I am now looking at OpenVAS - there seem to be a couple of useful APIs in there that can be leveraged - and I suspect if a load of other people move like us and make a few donations the feature set will rapidly increase.

    Tenable remind me of Sun Microsystems - some may recall Solaris x86 being canned to help Sun's Cobalt Linux. It did help Linux - RedHat Linux, Suse Linux - but not Cobalt! By the time Sun realised and restarted the Solaris x86 line it was too late - Linux had the market share. Tenable seem to hope killing the API will make everyone rush out and buy their io cloud based product. When they realise it hasn't happened and restart the API it will be too late for them as well - others will have the market share.

    Finally, Tenable really have screwed up - not only with the update and the spam but also their brand new support community - currently giving a 404 error and spewing a load of diagnostics. That makes three problems!

    Gun - foot - aim - fire!

    1. RobinCM

      Re: Someone has shot themselves in the foot

      So what else is out there? Aside from OpenVAS, which I've heard of but not used.

      Somebody commented by saying that there are loads of alternatives, but conveniently mentioned precisely none of them.

      Don't care if it's paid or free, but it needs to be good and to "just work".

      Thank you!

      1. whitehatlion

        There are many options

        Either you work for Tenable or you don't know about vulnerability scanners. Qualys is a lot bigger than Tenable and it sells an excellent vulnerability scanner (with more features than Nessus and with less false positives than Nessus), Rapid7 also sells an excellent vulnerability scanner, Outpost24 also. Just Google it or maybe you won't even try it because you already knew and are here on "damage control". At least, try to know the industry before you open your mouth.

        1. Tom Paine

          Re: There are many options

          As he made a polite request for suggestions for alternatives, "don't know about vulnerability scanners", obvious. Dial down the paranoia and maybe try to grasp that not everyone in the world is an expert on the tiny corner of the world you rule as a god-emperor of knowledge, maybe?

  15. Anonymous Coward
    Anonymous Coward

    Not knowing your customer

    When a CEO comes on the company website with a video on how excited they are, it's either a feature cut or a cloud move. I have no confidence in the engineers managing their cloud systems given their lax attention on their email bomb fiasco. Tenable need to reverse their decision in order to remain credible as a security tool. Not only have they pushed their customers to seek alternatives, they've given their competition the features needed to win their customers over!

  16. whitehatlion

    We are done for good with Tenable

    We were planing to buy new licenses and renew several licenses, thanks to these news we won't do it. Simply put, Tenable cannot be trusted even if they reverse the decision to remove the API and multi-user support. On top of that, we were tired of chasing false-positives with Tenable but we still used it because of the API and multi-user, now that we won't have those features we are done for good with Tenable. To add insult to the injury, Renee's post only makes thing worst because or they don't know how to mask their intentions of they are simply treating the customers as if the customers are naive. Good riddance, Tenable only made the competition a lot stronger and more reliable. An advice to Tenable: Don't even try to reverse your decision, it will make things only worse and you know it.

    1. julian_n

      Re: We are done for good with Tenable

      I have to disagree about the false positives - Nessus is no better and no worse than Qualys. Personally I preferred the Nessus interface - Qualys tries to do everything and ends up as a jack of all trades master of none - leaving users having to hop around between different parts in an inconsistent manner.

      Furthermore, Nessus here picked up an error Qualys missed caused by our desktop team having the wrong CAB file in SCCM.

      BUT all this is no use if the tool is unmanageable or the vendor cannot be trusted - which is where we now are with Nessus.

      Finally, taking the fingers-in-ears approach and shutting down the community server to avoid adverse discussion shows a company that seriously just does not get it.

      Very sad. Good product. Crap company.

  17. Tom Paine

    One more lost sale here

    Employer merged with an equivalently sized peer. I went to kick the tyres of the Nessus install on the other side, as I was looknig forward to ditching the bloated, "quirky", wildly over-complicated Qualys system we have on "our" side.

    and couldn't for the life of me figure out why there was no "add new user" button. When support told me I couldn't really believe it, I assumed I was talking to clueless first-line - but no. Srsly?

    Maybe they don't realise that accountability for actions via individual named accounts associated with a single natural person has been a mandatory enterprise security requirement for, what,.. 25 years? 30?

    Anyway, they've walked away from a deal for 5000 users / 30,000 devices. We'd probably need a couple of dozen scanners, maybe more (it's a sprawling multi-national with dozens of obscure business units and branch offices.)

    Walk away, Rene...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020