[Snort-sigs] [Emerging-Sigs] VRT on Suricata

Matt Jonkman jonkman at ...829...
Wed Jul 21 12:09:51 EDT 2010

We're not really here to challenge SourceFire. We've hoped to have a
cooperative relationship all along, since we're both open-source projects.

Marty's comments are concerning. We haven't attacked Snort, we give
great credence to Snort as our collective roots. But we do have to
continue to push forward. The press brought out the snort is dead thread
as they always do, I only said we're not seeing major innovation in it,
or any ids of late. That's why we were funded to make it happen. We may
fail completely, but we're going to push things to the next step.

An open source project attacking another isn't unusual, but I certainly
never expected it here. And I never expected a sane person to say that
multi-threading isn't a viable tactic to scale. Cisco commented in one
of the articles that they're multi-threading and it's good for them, and
that they think suricata is promising. I'm going to go with Cisco as
having a more effective technical pedigree as they've got it working
commercially. SF is trying in Snort 3, but hasn't called it stable. That
doesn't mean it's not viable, just means their attempt didn't work.

As we've been doing form the beginning, we offer the olive branch of
cooperation to Sourcefire. We aren't looking to infringe on their sales
of big boxes to big companies. We want to continue to push the art.

If they prefer to just mud-sling then go for it, but we'll not be
returning the crap. You can't throw it without getting it all over


On 7/21/10 11:54 AM, Paul Halliday wrote:
> On Wed, Jul 21, 2010 at 10:16 AM, evilghost at ...3397...
> <evilghost at ...3397...> wrote:
>> Hash: SHA1
>> Hi, not sure if anyone has had a chance to read the latest horseshit on the VRT blog but it seems SourceFire has elected to use the VRT blog as a way to sway those who might use
>> Suricata.  It's nice to see SourceFire attacking OISF, kind of reminds me when the snake-oil AV vendors spend time attacking each-other instead of actually doing something.
>> The only thing that surprised me was this latest round of worthless horseshit came from Matt Olney; I had more respect for that guy.  I never saw this coming, I thought Olney to be
>> more of a realist and less of a SoureFire apologist.  I guess everyone at some point has to defend the guy who signs their paycheck.
>> Give it a read http://vrt-sourcefire.blogspot.com/2010/07/innovation-you-keep-using-that-word.html
>> I may start a blog too, it looks like it could be really exciting.  I'd have some great content to share too.  Remember folks, the best way to have a good security community is to
>> attack each-other's efforts.  Things like "And we didn't even cost you a million dollars" is the best way to spur collaborative efforts.
>> Today I've made it a point to write "VRT" on each piece of toilet paper before I use it.  I had quite a bit to drink last night, I suspect I'm going to be writing "VRT" a lot today.
>> - -evilghost
> Perhaps the blog entry should be challenged with numbers instead of
> words? If someone is on the fence this does very little to sway them.
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs at ...3335...
> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
> http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html


Matthew Jonkman
Emerging Threats
Open Information Security Foundation (OISF)
Phone 765-429-0398
Fax 312-264-0205

PGP: http://www.jonkmans.com/mattjonkman.asc

More information about the Snort-sigs mailing list