I, too, was very disappointed to learn that ISS went commercial. It's their right, though, and I don't hold it against them. I hope they are successful. I really believe that ISS is such a great tool for admins to use, though, and a move to the commercial sector leaves a definate hole in the free security software picture. I started thinking about what could be done to fill it. My thought is that if there was ever a group of people qualified to write a good security scanner, it'd be the readership of the bugtraq mailing list. Would anyone be interested in collaborating on such a project? I have in mind a framework which would allow people to contribute scripts to check for specific holes, so once the framework is in place anyone could contribute new checks very easily. Well, just a random thought. If you are interested in discussing this idea in more detail, drop me a line. If enough people respond, maybe we can pull something together... David