Re: Funny note here on a worm

[Jason <security () brvenik com>]

Kyle Quest wrote:
> The idea to release this advisory obviously came
> from the marketing guys from Sourcefire.

* They are marketing gals actually.

I fail to see how you can come to that conclusion. What do you know 
about the situation? It may very well be a marketing driven decision or 
it could be that there is information you do not have access to driving 
the decision. How can you state your position without a clue either way?

Here are some of the questions I asked myself when I saw it.

If there is reliable information that a worm is being developed, do you 
sit on that and wait for the world to have to deal with it?

Do you publish that there is reliable information so people can at least 
ensure they have things in place?

Do you take that information and distribute it to the proper people in 
an attempt to prevent the release of the worm?

Did you receive that information from the proper people that are 
attempting to prevent the spread of a worm?

Was the release of that worm prevented?

There is a metric ton of information you cannot begin to consider in 
making your assertion. Thanks for being a sheeple.

Do you think they would have released a rule that required a lot of 
tuning to use effectively if there was not good cause?

> The snort.org
> website became a marketing and a sales tool for Sourcefire.

Sourcefire has always supported snort.org in _every way_ and since they 
are the origin of Snort I think you are totally out of line. To label it 
a sales and marketing tool is an injustice and shows that you really 
have no clue what it is or what goes into deciding how to balance open 
source and commercial. I think Sourcefire has done a great job to date 
and I expect that to continue.

Snort.org was given a face-lift and is being actively developed to 
better support the community. How is that bad?

> Snort itself is changing too. Look at what's going on
> with the rules... This is just sad.

Snort is the same as it has always been. Snort is released under the 
GPL. When you go to work for free and spend millions of dollars and 
man-hours developing a technology that others think they own you might 
understand the rules licensing change. End users are not affected, only 
commercial entities reselling Sourcefire's Snort technology as their own.

I can tell you that I do not know how I would handle information 
relating to the active development of a worm. I would likely keep it to 
myself and wait for the rest of the world to find out. *That* is a sales 
and marketing tool in my mind.

I am employed by Sourcefire however I speak for myself and not my 
employer. I was not involved in the release so I know nothing more about 
the advisory than you do. It is likely that I may not be given the 
answers either depending on the origin of the information and the nature 
of the disclosure.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave