Snort mailing list archives

Re: My Experience with the new Sourcefire VRT rules..

From: Martin Roesch <roesch () sourcefire com>
Date: Wed, 9 Mar 2005 08:45:14 -0500

Understood, we're looking at it...

On Mar 9, 2005, at 2:58 AM, James Ashton wrote:

From both the users and AND sourcefires end I thin this clause is off.I have signed a lot of agreements an\bout software in the last 15years but I have never signed one that let ANYONE look over my booksand records. This include *icrosoft EULAs.

Form someone who might be willing to buy a subscription, This is anabsolute deal killer. I can see how you can justify it from a controlpoint of view, and I personally believe that sourcefire is NOT evendreaming about actually using this clause, but just having it there isa danger to any company that signs this.


James Ashton


-----Original Message-----

From: snort-users-admin () lists sourceforge net[mailto:snort-users-admin () lists sourceforge net] On Behalf Of MartinRoesch

Sent: Tuesday, March 08, 2005 5:35 PM
To: Arseneault, Thomas (HQP)
Cc: Jose Maria Lopez Hernandez; snort-users () lists sourceforge net

Subject: Re: [Snort-users] My Experience with the new Sourcefire VRTrules..


Just FYI, I talked to our lawyers about this and it's a standard
provision in software license agreements.  Basically if you're not
violating the use clause in the agreement, then you have absolutely
nothing to be concerned with.  Stormtroopers wearing Snort masks are
not
going to randomly show up at your door and demand to see your books.
In the unlikely event we suspect that someone is trying to distribute
the VRT rules for a profit, this provision merely provides us some
recourse to seek assurances that our suspicions are incorrect, or, as a
last
resort, perform an audit.  Audits are expensive and going around
performing them without cause will certainly do us more harm then good.
  And it goes without saying that we would comply and respect local law
before attempting to do anything.

      -Marty

On Mar 8, 2005, at 3:06 PM, Arseneault, Thomas (HQP) wrote:

They do have a blurb in there concerning if local laws prevent fully
complying with the license terms so they did think of that. I'll leave
it up to the lawyers to determine how good/bad the clause is, but it
is there.

Tom Arseneault
Security Engineer
Robert Half International

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jose
Maria Lopez Hernandez
Sent: Tuesday, March 08, 2005 12:00 PM
To: snort-users () lists sourceforge net
Subject: RE: [Snort-users] My Experience with the new Sourcefire VRT
rules..

El mar, 08-03-2005 a las 13:32 -0500, Scott Morris escribió:


    It is a new site so I'll give them slack there. However our
corporate counsel had  apoplexy when he saw the license terms.
Particularly the granting access to books, records and facilities.

You will, from time to time and as requested by Sourcefire, provide
assurances to Sourcefire that you are using the VRT Certified Rules
consistent with a Permitted Use, and you grant Sourcefire access, at
reasonable times and in a reasonable manner, to the VRT Certified
Rules in your possession or control, and to your books, records and
facilities to permit Sourcefire to verify appropriate use of the VRT
Certified Rules and compliance with this Agreement.


This is completely illegal. At least in my country, Spain. Sourcefire
should be aware that their license it's under the control of the
country laws they are selling their services to. I think this it's
going too fast. I agree with the new licensing terms, but this is an
error. I think Sourcefire should take a look at their licensing terms
or the license will not be legal in many countries.

Regards.

--

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac () bgsec com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com ESPAÑA

The only people for me are the mad ones -- the ones who are mad to
live, mad to talk, mad to be saved, desirous of everything at the same
time, the ones who never yawn or say a commonplace thing, but burn,
burn, burn like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide Read honest & candid
reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=ick
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real
users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Discover.  Determine.  Defend. - http://www.sourcefire.com
Snort: Open Source Intrusion Detection and Prevention -
http://www.snort.org



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide

Read honest & candid reviews on hundreds of IT Products from realusers.

Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=ick
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users

--
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Discover.  Determine.  Defend. - http://www.sourcefire.com

Snort: Open Source Intrusion Detection and Prevention -http://www.snort.org




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

My Experience with the new Sourcefire VRT rules.. Marc Hering (Mar 08)
- Re: My Experience with the new Sourcefire VRT rules.. Peter J Manis (Mar 08)
- Re: My Experience with the new Sourcefire VRT rules.. Martin Roesch (Mar 08)
- <Possible follow-ups>
- RE: My Experience with the new Sourcefire VRT rules.. Scott Morris (Mar 08)
  - RE: My Experience with the new Sourcefire VRT rules.. Jose Maria Lopez Hernandez (Mar 08)
  - Re: My Experience with the new Sourcefire VRT rules.. Michael Sierchio (Mar 09)
- RE: My Experience with the new Sourcefire VRT rules.. Arseneault, Thomas (HQP) (Mar 08)
  - Re: My Experience with the new Sourcefire VRT rules.. Martin Roesch (Mar 08)
    - Re: My Experience with the new Sourcefire VRT rules.. Jose Maria Lopez Hernandez (Mar 09)
- RE: My Experience with the new Sourcefire VRT rules.. James Ashton (Mar 08)
  - Re: My Experience with the new Sourcefire VRT rules.. Martin Roesch (Mar 09)
- RE: My Experience with the new Sourcefire VRT rules.. Keith Pachulski (Mar 09)