RE: Funny note here on a worm

[Ron Gula <rgula () tenablesecurity com>]

At 11:20 AM 5/1/2005, John Parker wrote:
> Ron Gula wrote:
>
> >I don't have any issues with Sourcefire charging for the
> >rules updates and if folks want to chat about it on this
> >list, I can save us all a lot of time by posting the for/against
> >threads from the various Nessus, Snort, vuln-watch mailing
> >lists.
>
> Ron, we know that new "OpenSource projects" haven't any issue charging
> for updates. Fortunately, people see differences between (for example)
> Apache and Snort ;)

That example has been discussed to death in lots of other places.
The Snort, Nessus and Apache daemons are essentially GPL. The snort
signatures, Nessus plugins and Apache HTML pages are covered under
completely different licenses. Just because Apache is GPL, doesn't
mean I can take the content of websites hosted by it.

> Problem are the free and non profit contributers. They are active
> members powering projects like nessus or snort with their nasl scripts
> or IDS signatures. Problem arises when they (non profit contributors)
> are charged if they want to keep update their signatures with Tenable
> packs

So someone who submits one, maybe two Nessus plugins which took 5-10
minutes to write is entitled to what? Lifetime updates? If folks submit
plugins to us, they go right into the GPL feed. If folks submit plugins
to us on MS Tuesday for new vulns, we don't accept them. It doesn't
mean they can't publish them someplace else though, or use them on
their own. I also really don't like the argument that somehow open
source security projects are responsible for providing free securing
solutions for non-profit organizations.

Ron Gula, CTO
Tenable Network Security






_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave