Brad- good points here, one of the things unique to the Nessus situation is that it was so widely used both by other commercial products as well as by tens if not hundreds of thousands of people. I think many companies today are using open source components in their products and we will continue to see companies capitlizing on this model. This is exactly why the FSF (Free Software Foundation) is reworking the GPL with version 3.0 hopefully to tackle these types of issues. A draft of 3.0 is due out soon (I have a post on it in my blog).

I just wrote a long article about the fact that packaged application vendors have been doing open source for 10 years. If you look at the results of that model, you can hypothesize a lot about the challenging future of the "classic" open source model. I swear i'm not copying Brad's topics. :)

Check out "Plato's Children" for more.

It's important to point out that you can't "closed source" something that has already been released under the GPL. What they're doing is issuing NEW versions under a commercial license. The old versions remain available under the GPL and as Alan points out, there is a fork of the GPL code that other people have taken on to maintain as open source.

Most companies that use open source in a significant way have a two-part licensing scheme. For example, MySQL has a commercial version and an open source version. Ping Identity has an open source license for small companies and a closed source license for large companies. Jabber's product is completely different code than the open source project, it just uses the same standard. So what Nessus is doing isn't even unusual -- it just appears that they've done it in a very non-PR-friendly way.

Why doesn't Alan request that they remove his contributions from Nessus? They can't close his code, that's what the GPL is for.

Most large projects can't go through that process because there are too many contributors to get consensus.

Whoa! Let me address some of these comments here.

First of all to Dave Jilk's point, though the older versions still remain available, somewhat unique to security applications, is the fact that without updates for the latest vulnerabilities the open source version quickly becomes obsolete. Tenable has said they will try to make the scripts for latest vulnerabilities backwards compatible, but I don't know who beleives them. What the other companies you cite do different than in this case, is they have a "basic" version available (usually under a GPL, open license) and then the "deluxe" version for pay. What the keepers of Nessus have done does not fit that model at all.
Secondly, on the anonymous post, an excellent point. Except on this there was a bit duplicity around the argument. You can't say on one hand that no one contributes anything to a open project and then on the other hand refuse any help that is offered. Some of that may have gone on here with this project. We have done literally thousands of scripts for Nessus under a GPL license and they are available.

In conclusion (sorry for the long comment), hey the nessus people have put a lot of work in and I don't begrudge them their opportunity to cash in. I think you also have to look at this in context of other open source events taking place. Many companies building on open source components, open source based companies selling for hundreds of millions, etc. The whole open source community is in a state of flux and will be a very different place in a year. People are going to get tired of contributing free work for other people to cash in on. Hey maybe Google will be next!

For more on this subject there was a good article that I am featured in that has a few points of view on this. http://www.technewsworld.com/story/N0UXldKvaLkdX5/Nessus-30-The-End-of-the-Age-of-Open-Source-Innocence.xhtml