Re: Feature request: isdataat ability in specific (preprocessor) buffers

[Joel Esler <jesler () sourcefire com>]

On Oct 23, 2013, at 1:07 PM, Bad Horse <b4dh0rs3 () gmail com> wrote:

> Hi Joe, sorry for the late response.  I appreciate you Sourcefire guys (or is it Cisco now?) looking at this.

Technically it’s “Sourcefire, now part of Cisco"

> I have to be honest here ... I have been following this list and/or contributing to the other Snort/I[DP]S mailing 
> lists for many years. It seems that almost everytime there is a valid bug or feature request, you respond with a 
> vague reference to, "the next big thing", or "coming soon", or "exciting new enhancements", etc. that will solve all 
> problems.  These replies are, for the most part, unpalatable.

Yes, I understand.  I do a good of saying things are coming, but don’t do a good job of telling you when those things 
actually get here.  We were working on an overhaul to certain pieces of the Snort engine, and decided to go back and 
re-engineer it even further.  Of course that pushes the date out somewhat, but yes, we have people working on this (and 
other large) issue(s).  

> I am not in any way disagreeing with what you say or arguing that such claims do not come true. What I am (more) 
> concerned about is the fact that the promise of future fixes highly stinks like pedestrian vendors trying to save 
> face and make a "buck" wherever they can ... I worry that now that Sourcefire is owned by Cisco, they will become 
> even more vendor-odorous (not to mention odious in terms of timely open source bug fixes/enhancements) and lose the 
> flexibility to properly respond to customer needs.

We have releases for Snort already planned for the next year and beyond, Cisco doesn’t want to get in the way of the 
Open Source community, the engine, or the releases.  I could regurgitate the marketing bullet I have about “Cisco being 
committed to Open Source”, but you guys don’t want to hear that.  But they truly are.  I understand there is a mindset 
out there that will think and say this, and I am sure our competitors are already creating marketing FUD around it, but 
I’m still here, Marty is still here, all the Snort developers are still here, and the entire VRT is still here.

I’m in almost constant meetings about what we are doing next.

--
Joel Esler
AEGIS Intelligence Lead
OpenSource Community Manager
Vulnerability Research Team, Sourcefire

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!