Re: Sourcefire VRT Certified Snort Rules Update2010-03-17

[Joel Esler <joel.esler () me com>]

On Mar 24, 2010, at 9:05 AM, evilghost () packetmail net wrote:
> Will Metcalf wrote:
> > First off I know my opinion probably doesn't count for much, but I'm
> > growing very tired of the anti-SF comments that tend to follow my
> > posts, it doesn't add anything to the conversation and is quite
> > annoying.  
>
> Conversely, I grow very tired of the pro-Sourcefire comments, especially 
> when legitimate concerns and issues are readily dismissed because it 
> might just cause someone's fragile ego to crack.  I grow tired of the 
> necessity to approach glaring issues, miscommunication, and other 
> nonsense with humility and subservience because evidently it's now 
> protocol.  I don't have the will for tact anymore when dealing with 
> Sourcefire.

Evilghost, I'm sorry you feel that way.  These are legitimate concerns, and frankly it's unfortunate that we have not 
had the opportunity to have this feature in Snort until now.  We didn't have it, now we do, no excuses, that's just the 
way it is.  Are we building new features as advanced as this into Snort all the time?  Yes.  Were there a ton of things 
that had to happen to Snort before gzip encoding could be done?  Yes.

We have a lot on the table and in the pipeline for Snort.  Many more features planned in the future to be able to do 
some very advanced things with an IDS.  I appreciate Will's comment that SF tries very hard to innovate.  That's the 
truth, we spend a ton of time innovating with an IDS, let alone the many other pieces of software that we build.  We 
didn't get to where we are at today by resting on our laurels, we know what our community expects of us, and we are 
working very hard to make that happen.

You aren't going to bruise ego's around here.  Spend one day in our office and you'll realize that ego's get bruised 
daily (hourly).  If you've got something to say, say it, we need the feedback.


> > Agree with their decisions or not, things
> > would be more pleasant if you would at least show some respect for a
> > company that has invested millions of dollars into something that you
> > are now using in your network and/or have built a business around that
> > you have payed absolutely nothing for.
> Hmm.  I thought this was an Open-Source product/solution?  I do pay, a 
> fair amount of money for a VRT subscription, which as of late I'm very 
> much questioning it's value, but that's another post for another time in 
> the future.

Open-Source does not mean that it's free.  It means it's Open-Source.  There is a multi-million dollar company behind 
Snort, paying developers to write all this code in order to make Snort do this.  If Sourcefire wasn't doing this, gzip 
would have taken another 5-10 years.  A ton of research, testing, and gear goes into making Snort do what it does well, 
and fast.  That takes a ton of money as well.  The code is free for people to download and use.  There are thousands, 
heck, tens of thousands of users that use Snort without paying Sourcefire a dime.

We appreciate each and every one of the VRT subscribers, that money goes to funding that kind of research, so we 
appreciate it.

(Just saw that Olney responded -- I agree with his points as well, it's true, we take what you guys say when you ask 
for things or point things out that aren't right, and we slam them into bugzilla. This is how we get stuff fixed.  And 
we appreciate it.)


--
Joel Esler
http://blog.joelesler.net



------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs