Snort mailing list archives
Re: Sourcefire VRT Certified Snort Rules Update2010-03-17
From: Joel Esler <joel.esler () me com>
Date: Wed, 24 Mar 2010 09:56:55 -0400
On Mar 24, 2010, at 9:05 AM, evilghost () packetmail net wrote:
Will Metcalf wrote:First off I know my opinion probably doesn't count for much, but I'm growing very tired of the anti-SF comments that tend to follow my posts, it doesn't add anything to the conversation and is quite annoying.Conversely, I grow very tired of the pro-Sourcefire comments, especially when legitimate concerns and issues are readily dismissed because it might just cause someone's fragile ego to crack. I grow tired of the necessity to approach glaring issues, miscommunication, and other nonsense with humility and subservience because evidently it's now protocol. I don't have the will for tact anymore when dealing with Sourcefire.
Evilghost, I'm sorry you feel that way. These are legitimate concerns, and frankly it's unfortunate that we have not had the opportunity to have this feature in Snort until now. We didn't have it, now we do, no excuses, that's just the way it is. Are we building new features as advanced as this into Snort all the time? Yes. Were there a ton of things that had to happen to Snort before gzip encoding could be done? Yes. We have a lot on the table and in the pipeline for Snort. Many more features planned in the future to be able to do some very advanced things with an IDS. I appreciate Will's comment that SF tries very hard to innovate. That's the truth, we spend a ton of time innovating with an IDS, let alone the many other pieces of software that we build. We didn't get to where we are at today by resting on our laurels, we know what our community expects of us, and we are working very hard to make that happen. You aren't going to bruise ego's around here. Spend one day in our office and you'll realize that ego's get bruised daily (hourly). If you've got something to say, say it, we need the feedback.
Agree with their decisions or not, things would be more pleasant if you would at least show some respect for a company that has invested millions of dollars into something that you are now using in your network and/or have built a business around that you have payed absolutely nothing for.Hmm. I thought this was an Open-Source product/solution? I do pay, a fair amount of money for a VRT subscription, which as of late I'm very much questioning it's value, but that's another post for another time in the future.
Open-Source does not mean that it's free. It means it's Open-Source. There is a multi-million dollar company behind Snort, paying developers to write all this code in order to make Snort do this. If Sourcefire wasn't doing this, gzip would have taken another 5-10 years. A ton of research, testing, and gear goes into making Snort do what it does well, and fast. That takes a ton of money as well. The code is free for people to download and use. There are thousands, heck, tens of thousands of users that use Snort without paying Sourcefire a dime. We appreciate each and every one of the VRT subscribers, that money goes to funding that kind of research, so we appreciate it. (Just saw that Olney responded -- I agree with his points as well, it's true, we take what you guys say when you ask for things or point things out that aren't right, and we slam them into bugzilla. This is how we get stuff fixed. And we appreciate it.) -- Joel Esler http://blog.joelesler.net ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17, (continued)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Mike Cox (Mar 23)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Joel Esler (Mar 23)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Seth Art (Mar 23)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Will Metcalf (Mar 23)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Seth Art (Mar 23)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Will Metcalf (Mar 24)
- Re: Sourcefire VRT Certified Snort Rules Update2010-03-17 evilghost () packetmail net (Mar 24)
- Re: Sourcefire VRT Certified Snort Rules Update2010-03-17 Matt Olney (Mar 24)
- Re: Sourcefire VRT Certified Snort Rules Update2010-03-17 evilghost () packetmail net (Mar 24)
- Re: Sourcefire VRT Certified Snort Rules Update2010-03-17 Alex Kirk (Mar 24)
- Re: Sourcefire VRT Certified Snort Rules Update2010-03-17 Joel Esler (Mar 24)
- Re: Sourcefire VRT Certified Snort Rules Update 2010-03-17 Frank Knobbe (Mar 24)