[Snort-sigs] [Emerging-Sigs] [Snort-users] VRT on Suricata

Jamie Riden jamie.riden at ...2420...
Wed Jul 21 17:41:17 EDT 2010

Please guys, this discussion does not belong on *-sigs - and probably not on
snort-users for that matter.

I suspect we all have our opinions that aren't going to be
significantly shifted by anything except published benchmarks and
real-world experience.


On 21 July 2010 22:15, evilghost at ...3397...
<evilghost at ...3397...> wrote:
> Hash: SHA1
>> Let's be clear, you initiated this discussion in public, we responded
>> when the press started calling us and asking us for our thoughts.
>> When these things happen we usually blog about it so that we can point
>> to our blog posts instead of having to rehash the same arguments over
>> and over and so that we have a central point of discussion.  If the
>> phone hadn't started ringing here there would be no blog posts and no
>> reactions in the press.  We didn't attack Suricata, we showed the data
>> that we had and responded to criticisms vis a vis multithreading,
>> performance, IPv6, etc.  The editorializing that I provided regarding
>> the necessity of reimplementing the Snort detection model at taxpayer
>> expense when they already get it for free was, I think, justified.
> Marty, these words are acidic on the VRT blog and clearly defy your statement about not attacking Suricata:
> "I'm just disappointed with where they've ended up and what they've delivered."
> "Suricata's developers harp on a lot of different issues, some of which are valid, and some are simply wrong."
> "Suricata's performance isn't just bad; it's hideously, unforgivably bad."
> "They've failed, utterly, to deliver on their promises.  This is forgivable on the performance front, that problem is non-trivial.  But in the end, what they've built is a poorly
> functioning Snort-clone, missing the most powerful detection capability that Snort has.  There isn't anything in the way of innovation; they are taking the same approach as
> everyone else from a detection standpoint.  Simply put, rehashing isn't innovation."
> "And we didn't even cost you a million dollars."
> I don't think anyone really had an issue with the response from a technical aspect.  Attacking and insulting the participants was heinous and pretty damning and seemed quite out of
> character for Matt Olney; was he a puppet for the response?
> Clearly the response on the VRT blog is filled with emotion and lashing out in anger.
> - -evilghost

Jamie Riden / jamie at ...3509... / jamie.riden at ...2420...

More information about the Snort-sigs mailing list