Re: SourceFire buys ClamAV

["C Q" <kyle.c.quest () gmail com>]

They will find a way around this promise... Sure they might
leave the existing database "as is", but then they'll
slowly start introducing additional/enhanced signatures
under their license. And then the next thing you know
a significant number of signatures are "special" that
you no longer can use anyway you want, etc...

It's a bit easier with IDSes to have alternative signatures...
because there's just not as many new threats where
with viruses there's a constant flow of new ones
and if you start fragmenting the signature creation
effort the quality and the coverage will suffer.
And because their "special"/tested/quality/whatever
signatures have the commercial backing and
the necessary resources the users will be
slowly encouraged to use them :-)

And that's not all... the future holds even more
changes... just like what happened with Nessus 3.
As the top open source projects gain popularity
and especially commercial success their owner
will be financially motivated to lockdown their
data files (signatures, etc) and then the source
code to prevent other commercial entities
from capitalizing on the use of the same software.
The guys with the pockets full of money will
demand it to avoid dealing with competitors
that are using the same technology to make
bigger profits... Nessus 3 was the first big
open source project, now it's MySql with their
enterprise database server (RedHat doesn't
really count with their ES because they
don't own the kernel, so they couldn't
close it).


On 8/17/07, Jordan Wiens <numatrix () ufl edu> wrote:
> I actually asked that question on their investor call this morning.
>
> They said as a part of the acquisition they pledged to leave the
> malware database and signatures under the same license they're under
> now.
>
> Besides, I'm sure the bleeding threats guys or someone else would
> fill in the void for truely open source signatures.  In fact, who
> says you need VRT sigs now to be "properly" protected?  There's
> plenty of other sources of quality signatures.
>
> What is interesting is that part of the goal is to produce a "clean"
> codebase, I assume to be "untained" by pesky contributions so that
> they can dual-license the product.  The goal for that was about a
> year from now.
>
> At least they're not just arbitrarily changing the license without
> getting permission from contributers this time (sorry, Marty!).
>
> --
> Jordan Wiens, CISSP
> UF Network Security Engineer
> (352)392-2061
>
>
> On Aug 17, 2007, at 10:46 AM, C Q wrote:
>
> > Anybody feels like placing bets on how
> > long it's going to take SourceFire to pull
> > the same trick with ClamAV signatures
> > they pulled with Snort signatures where
> > you'll need to "conveniently" license
> > the signatures from SourceFire to have
> > the latest ones to be properly protected :-)
> >
> > The engine source code will be useless
> > if you don't have the very latest AV sigs...
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.