[Snort-sigs] CVE-2012-5076 and CVE-2012-1723 Rules

Joel Esler jesler at ...435...
Mon Nov 26 10:28:53 EST 2012


On Nov 26, 2012, at 10:21 AM, "lists at ...3397..." <lists at ...3397...> wrote:
> On 11/26/2012 09:14 AM, Joel Esler wrote:
>> As far as the community ruleset, the tl;dr is yes.
> 
> Excellent, thanks Joel, and thanks too for taking my E-Mail in the context it
> was intended -- Friendly open discussion around differences in both rule sets.
> 
> I am very much looking forward to this getting completed and working with you
> again.  Cooperation in the info sec community ensures the greater good will
> benefit.  Having a well structured and working feedback loop from community
> input (rules, URL structures, PCAPs, etc) will certainly strengthen the ruleset
> in the same way it has on the ET side.

So what we've been doing in the meantime is accepting any submissions that come in (some attributed via the blog, some don't want to be attributed which is fine) and putting them in after testing via our normal methods.

When the community ruleset is rolled out, a metadata tag will be added to those rules that have been submitted by the community, and all those will be placed into their own ruleset for free-to-everyone download.  Subscribers will not have to do anything.  

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20121126/6129ac1b/attachment.html>


More information about the Snort-sigs mailing list