IDS mailing list archives
Re: How to choose an IDS/FW MSS provider
From: Dave Aitel <dave () immunitysec com>
Date: Wed, 16 Mar 2005 16:48:59 -0500
Marty said:
3) Snort has had 2 remote exploits (buffer overflow and integer overflow leading to heap overflow on certain platforms) and a 2-3 DoSes due to protocol handler mistakes in 6.5 years. ISS has had at least that many over the years and a resultant worm to boot. Did being closed really help them all that much? I think that developing in the open forces us to be a little more careful than we might otherwise be, but I think that over time being open leads to a more secure codebase due to the exposure to the "elements" that it entails.
Not to mention Snort can be installed on a Linux system with GRSecurity protecting it, offering a much higher level of confidence than a appliance, at the cost of having someone who knows how to install a kernel patch. I've always wondered why IDS vendors don't do this. I'm sure there's a really good reason.
-dave -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Current thread:
- RE: How to choose an IDS/FW MSS provider, (continued)
- RE: How to choose an IDS/FW MSS provider Chris Harrington (Mar 16)
- Has ISS a SOC in Europe? Stephane (Mar 11)
- RE: Has ISS a SOC in Europe? Gregory Bell (Mar 14)
- RE: How to choose an IDS/FW MSS provider Jeff Boggie (Mar 11)
- Re: How to choose an IDS/FW MSS provider David W. Goodrum (Mar 14)
- Re: How to choose an IDS/FW MSS provider Martin Roesch (Mar 16)
- Re: How to choose an IDS/FW MSS provider David W. Goodrum (Mar 19)
- Re: How to choose an IDS/FW MSS provider Martin Roesch (Mar 19)
- Re: How to choose an IDS/FW MSS provider Thomas H . Ptacek (Mar 23)
- Re: How to choose an IDS/FW MSS provider David W. Goodrum (Mar 23)
- Re: How to choose an IDS/FW MSS provider Dave Aitel (Mar 19)
- RE: How to choose an IDS/FW MSS provider Randy Golly (Mar 10)
- Re: How to choose an IDS/FW MSS provider Stephane (Mar 16)
- Re: How to choose an IDS/FW MSS provider Kevin (Mar 14)
- Re: How to choose an IDS/FW MSS provider Will Metcalf (Mar 16)