Snort mailing list archives

Previous By Date Next
Previous By Thread Next

License change clarification

From: Martin Roesch <roesch () sourcefire com>
Date: Wed, 2 Mar 2005 20:40:05 -0500
I feel it is important to clarify a few issues regarding an email that everyone received earlier today. In that note, there were certain misrepresentations about an upcoming change in the way Snort rules will be distributed that I would like to clarify.
First and foremost: Sourcefire has always been, and will always remain, fully committed to the open source development model of Snort. We remain true to the goals of the Snort project and have contributed numerous enhancements to the technology and we will continue to do so. For example, we just recently added a new portscan detector and a new IP defragmenter that is utterly cutting edge in terms of its capabilities to the project. In addition, the Sourcefire Vulnerability Research Team has dedicated the time and expertise to cleaning up the Snort ruleset, reducing false positives and providing enhanced documentation for all rules. This commitment is not changing.
The changes in the way that Snort rules will be distributed revolve around the licensing and distribution of new Sourcefire VRT rules. We dedicate literally millions of dollars a year to staffing the VRT and providing the necessary research feeds and testing equipment to ensure Sourcefire customers and Snort users have the best possible threat coverage. To give you some idea of the effort involved, every time a rule is added to the official Snort rule set we run the entire rule set through a regression test, over 6.8 *million* discrete tests are done across up to 15 test machines to verify the integrity and validity of the rule sets, a process that takes upwards of 4 hours. We also develop custom proof of concept exploits in house against sometimes sparse vulnerability announcements to be able to produce rules prior to exploits becoming generally available in the wild so that our users are prepared. Look at the rules that we developed to detect Sasser for one example of the benefits that that has brought to the user community. That's the level of dedication we have to the integrity and advancement of Snort's rule set to ensure that Snort operates properly and efficiently when new rules are released.
With these changes to Snort's rules licensing, Snort users will have the ability to receive these rules in the same timely fashion as Sourcefire customers ­ for a nominal fee to help defray the numerous expenses associated with this type of research and well within the reach of all but the most modest of commercial entities. Additionally, the rules language remains open and accessible to the user community, you are free to continue to contribute to the Snort project as a community member or use your own rules as you see fit.
Snort remains, and always will be, free. While we have tried to be upfront with Snort Integrators about these changes and provide them as much lead-time to prepare for the VRT Rules as possible, I'm am disappointed, however, that some people have resorted to sending out disinformation to this mailing list.
Finally, in light of the significant investment we make in research and development, Sourcefire intends to take whatever steps are necessary to enforce and protect our intellectual property. We have every reason to believe that the Snort community will continue to abide by the terms of the GPL and will continue to honor our copyrights on the rules. 

-Marty

--
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Discover.  Determine.  Defend.
roesch () sourcefire com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: