[Snort-sigs] [Emerging-Sigs] [Snort-users] VRT on Suricata
jamie.riden at ...2420...
Wed Jul 21 17:41:17 EDT 2010
Please guys, this discussion does not belong on *-sigs - and probably not on
snort-users for that matter.
I suspect we all have our opinions that aren't going to be
significantly shifted by anything except published benchmarks and
On 21 July 2010 22:15, evilghost at ...3397...
<evilghost at ...3397...> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>> Let's be clear, you initiated this discussion in public, we responded
>> when the press started calling us and asking us for our thoughts.
>> When these things happen we usually blog about it so that we can point
>> to our blog posts instead of having to rehash the same arguments over
>> and over and so that we have a central point of discussion. If the
>> phone hadn't started ringing here there would be no blog posts and no
>> reactions in the press. We didn't attack Suricata, we showed the data
>> that we had and responded to criticisms vis a vis multithreading,
>> performance, IPv6, etc. The editorializing that I provided regarding
>> the necessity of reimplementing the Snort detection model at taxpayer
>> expense when they already get it for free was, I think, justified.
> Marty, these words are acidic on the VRT blog and clearly defy your statement about not attacking Suricata:
> "I'm just disappointed with where they've ended up and what they've delivered."
> "Suricata's developers harp on a lot of different issues, some of which are valid, and some are simply wrong."
> "Suricata's performance isn't just bad; it's hideously, unforgivably bad."
> "They've failed, utterly, to deliver on their promises. This is forgivable on the performance front, that problem is non-trivial. But in the end, what they've built is a poorly
> functioning Snort-clone, missing the most powerful detection capability that Snort has. There isn't anything in the way of innovation; they are taking the same approach as
> everyone else from a detection standpoint. Simply put, rehashing isn't innovation."
> "And we didn't even cost you a million dollars."
> I don't think anyone really had an issue with the response from a technical aspect. Attacking and insulting the participants was heinous and pretty damning and seemed quite out of
> character for Matt Olney; was he a puppet for the response?
> Clearly the response on the VRT blog is filled with emotion and lashing out in anger.
> - -evilghost
Jamie Riden / jamie at ...3509... / jamie.riden at ...2420...
More information about the Snort-sigs