[Snort-sigs] Upcoming changes for Bleeding Snort
matt at ...2436...
Fri Mar 11 18:00:18 EST 2005
Bleeding Snort and Sourcefire have been working together over the last
week with input from other Snort research community members. We're
excited to announce that Sourcefire and Bleeding Snort will be forming a
consortium called OSSRC Open Source Snort Rules Consortium.
The OSSRC will be a group that any company or organization will be
welcome to join. The members will share research on new threats and
rules to handle those threats, with the goal of creating a unified
community-based ruleset. Each member may post these rules wherever they
choose, distribute them to their clients or customers, or use them in
their own subscription services according to the provisions in the GPL.
The goals of the group are still forming, but initially will be to:
1. Maintain a fast moving and GPL-licensed Snort ruleset
2. Avoid rule duplication amongst community rulesets, both in terms of
content and SIDs
3. Improve and enforce quality standards for rules (documentation, etc.)
4. Possibly move to a Stable and Unstable rule 'vetting' process
More details will come shortly, but the gist is that all of the
companies and organizations that want to contribute resources and
efforts to the open source community may do so in a single framework,
but still bring that information back to their own projects. We will
avoid duplication, SID conflicts, and gaps in rulesets.
All of the contributing members of the OSSRC will have an equal say in
direction and operation. Sourcefire is finalizing the draft of a formal
charter, which will be available to all for review soon. This will
outline a board of directors and officers that will be modeled after
other open source projects. No one company or organization will have any
controlling interest in the OSSRC, nor will there be any chance of the
content channeled through the OSSRC becoming anything but free under the
As for Bleeding Snort's future, we intend to stay as we are, continue
the work we're doing, same bat time, same bat channel. We will
coordinate our research and projects and new rules through the OSSRC
once it's functional. At that point, we will get a SID from the OSSRC
before posting a rule, while taking efforts to ensure we aren't
duplicating something coming out from another source.
Bleeding Snort will stay in the same place, we will maintain the same
projects (and anything new that needs a home), and we will continue to
work as we have since our inception. We will continue to be independent
as we have always been. We will continue to be a place you can get your
rules and answers to your questions.
Thanks to everyone for your patience while we've all been responding to
the licensing and other changes in the Snort world. We asked that you
reserve judgment until all the facts had shaken out, and you've done
that. We thank you for trusting us.
This is going to be a very positive organization for the open source
security community. I think it will provide some needed formal guidance,
and a structure that larger entities can sink resources into, knowing
that those resources will be used in the most efficient manner possible
in support of the public good. I hope that eventually we can expand the
OSSRC framework to include other security-related projects, so that an
even larger community can benefit from pooling the expertise and support
of all of its members.
We welcome every interested organization to join the OSSRC. Please email
myself or either Jennifer Steffens (jennifer.steffens at ...435...) at
Sourcefire if you're interested in being an initial member. There are no
financial obligations: you are only being asked to contribute to the
work of the group and share in the information being collected.
Matthew Jonkman, CISSP
Senior Security Engineer
765-429-0398 Direct Anytime
866-679-5177 24x7 NOC
NOTICE: The information contained in this email is confidential
and intended solely for the intended recipient. Any use,
distribution, transmittal or retransmittal of information
contained in this email by persons who are not intended
recipients may be a violation of law and is strictly prohibited.
If you are not the intended recipient, please contact the sender
and delete all copies.
More information about the Snort-sigs