Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: News, dumbug, prediction rebuttals.

From: "David J. Bianco" <bianco () jlab org>
Date: Wed, 21 Dec 2005 19:52:41 -0500


Anton Chuvakin wrote:

3. My prediction: No credible open source SIM (aka, log aggregator).
Boring work gets done by corporations, and that's that. Not to mention
the impossibly high barrier to market of having to purchase and
maintain all the random devices that generate logs.



100% true. These two reasons will likely kill any future for the open
source SIM at least until all the logs are in  standard format (like
in XXVIII century, givne some luck :-))



Not to be contrarian, but with Open Source, no one organization need
buy all the devices.  Given proper documentation and a convenient
interface, new log parsing routines could be added by those who already
have the devices, and contributed to the pool for future user.

I find this prediction credible; in fact it's already true.
OSSIM already exists (www.ossim.net) and this could be its year.
After all, if correlation engines are $50k - $100k per company,
the economics of developing or contributing to a free solution make
it a very attractive proposition.

        David
Previous By Date Next
Previous By Thread Next

Current thread: