[Snort-sigs] Upcoming changes for Bleeding Snort

Matt Jonkman matt at ...2436...
Fri Mar 11 18:00:18 EST 2005

Bleeding Snort and Sourcefire have been working together over the last 
week with input from other Snort research community members. We're 
excited to announce that Sourcefire and Bleeding Snort will be forming a 
consortium called OSSRC Open Source Snort Rules Consortium.

The OSSRC will be a group that any company or organization will be 
welcome to join. The members will share research on new threats and 
rules to handle those threats, with the goal of creating a unified 
community-based ruleset. Each member may post these rules wherever they 
choose, distribute them to their clients or customers, or use them in 
their own subscription services according to the provisions in the GPL. 
The goals of the group are still forming, but initially will be to:

1. Maintain a fast moving and GPL-licensed Snort ruleset
2. Avoid rule duplication amongst community rulesets, both in terms of 
content and SIDs
3. Improve and enforce quality standards for rules (documentation, etc.)
4. Possibly move to a Stable and Unstable rule 'vetting' process

More details will come shortly, but the gist is that all of the 
companies and organizations that want to contribute resources and 
efforts to the open source community may do so in a single framework, 
but still bring that information back to their own projects. We will 
avoid duplication, SID conflicts, and gaps in rulesets.

All of the contributing members of the OSSRC will have an equal say in 
direction and operation. Sourcefire is finalizing the draft of a formal 
charter, which will be available to all for review soon. This will 
outline a board of directors and officers that will be modeled after 
other open source projects. No one company or organization will have any 
controlling interest in the OSSRC, nor will there be any chance of the 
content channeled through the OSSRC becoming anything but free under the 

As for Bleeding Snort's future, we intend to stay as we are, continue 
the work we're doing, same bat time, same bat channel. We will 
coordinate our research and projects and new rules through the OSSRC 
once it's functional. At that point, we will get a SID from the OSSRC 
before posting a rule, while taking efforts to ensure we aren't 
duplicating something coming out from another source.

Bleeding Snort will stay in the same place, we will maintain the same 
projects (and anything new that needs a home), and we will continue to 
work as we have since our inception. We will continue to be independent 
as we have always been. We will continue to be a place you can get your 
rules and answers to your questions.

Thanks to everyone for your patience while we've all been responding to 
the licensing and other changes in the Snort world. We asked that you 
reserve judgment until all the facts had shaken out, and you've done 
that. We thank you for trusting us.

This is going to be a very positive organization for the open source 
security community. I think it will provide some needed formal guidance, 
and a structure that larger entities can sink resources into, knowing 
that those resources will be used in the most efficient manner possible 
in support of the public good. I hope that eventually we can expand the 
OSSRC framework to include other security-related projects, so that an 
even larger community can benefit from pooling the expertise and support 
of all of its members.

We welcome every interested organization to join the OSSRC. Please email 
myself or either Jennifer Steffens (jennifer.steffens at ...435...) at 
Sourcefire if you're interested in being an initial member. There are no 
financial obligations: you are only being asked to contribute to the 
work of the group and share in the information being collected.

Matthew Jonkman, CISSP
Senior Security Engineer
765-429-0398 Direct Anytime
765-448-6847 Office
866-679-5177 24x7 NOC

NOTICE: The information contained in this email is confidential
and intended solely for the intended recipient. Any use,
distribution, transmittal or retransmittal of information
contained in this email by persons who are not intended
recipients may be a violation of law and is strictly prohibited.
If you are not the intended recipient, please contact the sender
and delete all copies.

More information about the Snort-sigs mailing list