GUI (GTK) are full of security holes and should not be run as root.
GUI can be run from a Windows PC
Communication is encrypted with TLS; strong authentication may be enforced.
Currently nessusd is monolythic.
Plugins are executed twice: 1st to get the “description”, ID, etc., 2nd to perform the test.
Report is generated by plugin code (aka print(“blah”))