Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Demarc Certified Open Signatures

From: "Eric Hines" <eric.hines () appliedwatch com>
Date: Thu, 3 Mar 2005 09:48:07 -0600
Michael, I Agree. This is only the beginning. Three or so years ago a good
friend, Jed Pickel posted to this list when Martin announced the creation of
Sourcefire. He called it and said stuff like this would happen and was
flamed for it. I think he deserves accolades for standing up and saying
something because he ended up being right after all.

This is only the beginning, indeed. I think its naïve to think that Roesche
has any more control over there at Sourcefire as to what happens with the
Snort project, which is under the control of copyrights and trademarks by
Sourcefire, Inc. He has brought in so much VC money that I'd be surprised if
he is a majority shareholder anymore at that company -- its near impossible.
The fate of the Snort project is in the hands and control of the Board of
Directors at Sourcefire and it's VC's -- not snort.org. Hell, its even
hosted by Sourcefire.

[snort.org]

      NS1.SOURCEFIRE.COM      12.4.213.2         
        NS2.SOURCEFIRE.COM      199.107.65.180


IMHO this is a very poor move by Sourcefire. I've spoken to a lot of
organizations about this over the past week (as we received a letter from
Sourcefire announcing this way before this announcement) who laughed at the
very thought of paying for Signatures simply so they can get it when they
are immediately released. Wait 5 days and you get those signatures. If they
actually get ANY organizations who are willing to pay for this subscription,
the number of companies willing to pay for it will be far exceeded by the
number of people they've upset. Do the math Sourcefire.

They've done nothing except give themselves a black eye.

My look in to the future: Projects like the Bleeding Edge will pop up all
over the place offering a safe haven for Snort rule creation and
distribution. The beautiful thing about Snort signatures is anyone can make
them. When a new 0day exploit or worm comes out, their will be a race
between all these projects as to who can get the best signature out and who
can do it the fastest. If you get enough people together, more rules can be
developed and can be developed much faster than Sourcefire.

I also see other open source IDS projects starting, IDS' like Firestorm,
Prelude, etc. that use the Snort signature syntax we're already all familiar
with. 



Best Regards,


Eric Hines, GCIA, CISSP
CEO, President, Chairman
Applied Watch Technologies, LLC
1134 N. Main St.
Algonquin, IL 60102
Tel: (877) 262-7593 x327
Fax: (877) 262-7593
Web: http://www.appliedwatch.com
 
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Michael Steele
Sent: Wednesday, March 02, 2005 6:05 PM
To: 'Snort Users Postings'
Subject: RE: [Snort-users] Demarc Certified Open Signatures

Remember this one thing; If not for the dedication of pre-Sourcefire
contributions from others, Snort would not be where it is today, and this
goes for Sourcefire.

This is only the beginning. Does it seem inconceivable that in the future
Snort builds might be treated the same as the rules are. If it's OK to do
this with the rules, then where does it stop...

Kindest regards,
Michael...

WINSNORT.com Management Team Member
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support () winsnort com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org



-----Original Message-----
From: snort-users-admin () lists sourceforge net [mailto:snort-users- 
admin () lists sourceforge net] On Behalf Of Bob Konigsberg
Sent: Wednesday, March 02, 2005 2:31 PM
To: 'Bamm Visscher'; 'Demarc Security'
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Demarc Certified Open Signatures

I don't think that's the key point here.  This has already happened 
with Nessus and Snort - that is, people are making money off of their 
open source work, and not giving credit OR cash back to the 
developers.

It's kind of sad where a few folks spoil it, but both organizations 
are trying hard to stick to their roots - while getting what's due them.

Bob

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Bamm 
Visscher
Sent: Wednesday, March 02, 2005 2:19 PM
To: Demarc Security
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Demarc Certified Open Signatures

Shouldn't a reputable company, who is supposedly committed to the 
opensource community ensure that the copyright notices for the rules 
files stay intact?

Bammkkkk

On Wed, 2 Mar 2005 10:09:11 -0800 (PST), Demarc Security 
<snort_ml () demarc org> wrote:



Since our inception in 2001, Demarc has been committed to promoting 
secure Internet use by providing free versions of our products for 
users

at home.

We believe that because we use Open Source technology such as Linux 
and Snort, that we should give back to the security community as a 
whole.  We have continued to fulfill this commitment, most recently 
with the release of our Sentarus HomeAdmin Edition, which allows 
people to deploy some of our latest security technology in their 
home

lab
environments at no cost.


In addition to our Sentarus and PureSecure products, our customers 
have also benefited from the expertise of our Threat Research Team 
which has, to date, been tasked with verifying rule stream updates 
and educating customers on the detailed workings of Snort 
technology. In light of some upcoming changes, we're now expanding 
our research team and formally announcing our new "Certified Open

Signatures" program.

Our Certified Open Signatures program, which will be universally 
available to the entire community, is founded on these two principles:

    1)  Like the Snort program itself, the latest rule signatures should
        always be available for free because strong computer and network
        security are in everyone's best interests.

    2)  The best way for a company to serve a community project is to
        remain true to the original goals of that project and refrain
        from charging for vital components that have always been
        community-driven and free.

We make this announcement now, as we have recently received notice 
from Sourcefire that, as of next week, early access to all future 
Snort signatures they create will be based on a subscription model.

The Sourcefire license changes as they were presented to us are:

    - All rule updates will be a minimum of five days older than those
      Sourcefire sells to their customers, and you will be required to
      register to receive them or to wait for the next major Snort
      release.

   -  To receive the latest rules any sooner, you will have to pay
      Sourcefire a rule subscription fee.

We sincerely respect the efforts of the Sourcefire Snort development 
group along with the numerous others who created the base technology 
and rulesets that have made Snort a household name in the security 
community.  However, one of the greatest benefits of using Snort is 
the community review process which will now be subject to an imposed

arbitrary delay.


At Demarc, our commitment to the security community is simple:

   -  Demarc will maintain http://snort.demarc.com/ as a community

portal

      for Snort signatures and Snort-based technology.  (This site is
      meant to augment and not replace snort.org or the snort-sigs
      mailing list.)

   -  Demarc will produce and revise rules, as well as collaborate with
      active groups to bring together the best rules from all community
      sources.  User sites such as Bleeding Snort have been at the
      forefront of new signature development and we view these groups'
      contributions as invaluable.  Our goal is to work with these
      groups and to serve as the trusted source for certified,
      production level rulesets.

   -  Demarc's Threat Research Team will continue to provide the latest
      cutting-edge and Demarc Certified rules, making them immediately
      available for public download and contribution.

   -  Demarc will not charge for the download, use, or modification of
      rules hosted on this site.

Our community portal at http://snort.demarc.com/ will continually 
evolve over the next several weeks to offer more features, including 
direct user interaction. Our community portal will also become the 
new home for the SPADE statistical packet anomaly detection project 
and SnortSnarf, two projects originally managed by SiliconDefense 
and

subsequently transferred to Demarc.


We welcome your support on these projects through signature review 
and submissions, and, as with all community projects, your feedback 
is always welcome to help make it better.

Sincerely,

Ashlyn Reznik
Demarc Threat Research Team
Email: areznik () demarc com
http://www.demarc.com/products/




--
sguil - The Analyst Console for NSM
http://sguil.sf.net


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide Read honest & candid 
reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide Read honest & candid 
reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users








-------------------------------------------------------
SF email is sponsored by - The IT Product Guide Read honest & candid reviews
on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: