Re: SourceFire buys ClamAV

["C Q" <kyle.c.quest () gmail com>]

This reminds of the wedding vows and the "till death do us part"
part :-) But then for many people comes the time when
they kinda decide to change their mind :-) In this case,
it's all about money... and money talks. And when lawyers
are involved there can be no guarantees...

Nmap's license is horrible... Even using nmap output
implies a derived work (I might be thinking of something
else, so please correct me if I'm mistaken)... But because
Fyodor is not trying to commercially benefit from it there
isn't as much fuss about it where in case of Nessus,
Snort, and MySQL it looks bad. It looks like they
used open source to become known and commercially
successful and now they don't want the open source
nature of products to be used against them in
the commercial space, so they are getting rid of it.
It reminds me of our former governor Mitt Romney.
He got elected in MA partially because he was
running as a pro-choice candidate, but now that
he's running for president he says it was his
biggest mistake (to take that pro-choice position).
The funny thing is that... if he wasn't running as a
pro-choice candidate for governor he probably
wouldn't be our governor and then, as a result,
wouldn't have an opportunity to run for president.
In both cases, it looks like people went with
the popular "thing" to climb where they wanted
to be and once they got there they kinda
said, "see ya' :-)".



On 8/17/07, Jordan Wiens <numatrix () ufl edu> wrote:
> I realized my summary of the question and response wasn't quite as
> clear as it could have been.  I asked:
>
> "The licensing for signatures -- are there plans to take the clamav
> signatures a similar route you've taken the snort signatures in terms
> of seperate feeds, one from sourcefire, one from the community"
>
> The answer:
>
> "We do not intend to do that, as a matter of fact fact we've
> committed to the team [ClamAV team, presumably?]  to leave the
> licensing model for the malware database exactly as it is today."
>
> I heard that as they're not planning on having any future split
> licensing model (since that's explicitly what my question asked), but
> you're right, they could of course always change their mind.
>
> Marty has explicitly said time after time that he's no desire to go
> the Nessus3 route with Snort.  It is interesting to see the new
> clarifications to the preamble and the dual-licensing in the future,
> but Fyodor's been doing that for years with NMap and there hasn't
> been nearly the same reaction.  That appears to be their mechanism to
> still write and use GPL software and not totally change the license
> like Tenable did, but still prevent the situation where they're
> competing against their own code as other companies integrate it
> (unless those companies products were entirely GPL!).
>
> --
> Jordan Wiens, CISSP
> UF Network Security Engineer
> (352)392-2061
> On Aug 17, 2007, at 1:24 PM, C Q wrote:
>
> > They will find a way around this promise... Sure they might
> > leave the existing database "as is", but then they'll
> > slowly start introducing additional/enhanced signatures
> > under their license. And then the next thing you know
> > a significant number of signatures are "special" that
> > you no longer can use anyway you want, etc...
> >
> > It's a bit easier with IDSes to have alternative signatures...
> > because there's just not as many new threats where
> > with viruses there's a constant flow of new ones
> > and if you start fragmenting the signature creation
> > effort the quality and the coverage will suffer.
> > And because their "special"/tested/quality/whatever
> > signatures have the commercial backing and
> > the necessary resources the users will be
> > slowly encouraged to use them :-)
> >
> > And that's not all... the future holds even more
> > changes... just like what happened with Nessus 3.
> > As the top open source projects gain popularity
> > and especially commercial success their owner
> > will be financially motivated to lockdown their
> > data files (signatures, etc) and then the source
> > code to prevent other commercial entities
> > from capitalizing on the use of the same software.
> > The guys with the pockets full of money will
> > demand it to avoid dealing with competitors
> > that are using the same technology to make
> > bigger profits... Nessus 3 was the first big
> > open source project, now it's MySql with their
> > enterprise database server (RedHat doesn't
> > really count with their ES because they
> > don't own the kernel, so they couldn't
> > close it).
> >
> >
> > On 8/17/07, Jordan Wiens <numatrix () ufl edu> wrote: I actually asked
> > that question on their investor call this morning.
> >
> > They said as a part of the acquisition they pledged to leave the
> > malware database and signatures under the same license they're under
> > now.
> >
> > Besides, I'm sure the bleeding threats guys or someone else would
> > fill in the void for truely open source signatures.  In fact, who
> > says you need VRT sigs now to be "properly" protected?  There's
> > plenty of other sources of quality signatures.
> >
> > What is interesting is that part of the goal is to produce a "clean"
> > codebase, I assume to be "untained" by pesky contributions so that
> > they can dual-license the product.  The goal for that was about a
> > year from now.
> >
> > At least they're not just arbitrarily changing the license without
> > getting permission from contributers this time (sorry, Marty!).
> >
> > --
> > Jordan Wiens, CISSP
> > UF Network Security Engineer
> > (352)392-2061
> >
> >
> > On Aug 17, 2007, at 10:46 AM, C Q wrote:
> >
> > > Anybody feels like placing bets on how
> > > long it's going to take SourceFire to pull
> > > the same trick with ClamAV signatures
> > > they pulled with Snort signatures where
> > > you'll need to "conveniently" license
> > > the signatures from SourceFire to have
> > > the latest ones to be properly protected :-)
> > >
> > > The engine source code will be useless
> > > if you don't have the very latest AV sigs...
> >
> >
> > _______________________________________________
> > Fun and Misc security discussion for OT posts.
> > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> > Note: funsec is a public and open mailing list.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.