[Snort-sigs] Sourcefire VRT Certified Snort Rules Update 2015-01-27

Joel Esler (jesler) jesler at ...3865...
Thu Feb 5 13:08:38 EST 2015


On Jan 28, 2015, at 11:45 PM, lists at ...3397...<mailto:lists at ...3397...> wrote:

On 01/28/2015 06:36 PM, Joel Esler (jesler) wrote:
What do I need to throw in there?

Again -- not hostile:

All of it?  Otherwise it's a false economy of information exchange?  IMHO if I
were your customer I'd rather pay you for what you can tell me tomorrow not
for what you withhold today unless I pay.  Transparency forges trusts,
increases FOV, polarizes peer review, and fosters community benefit.  Closed
signature-based models, while they have their market value, create a false
valuation around response to known threats and delude management and Info Sec
Ops into believing they're actually addressing security threats when they're
actually doing nothing more than validation of true-positive over
false-positive.  Positively polarize the community for good and you've
increased your FOV significantly.  I mean, seriously, this is Upatre -- who
hasn't seen a Dyre/Dridex campaign this week dropped by Upatre?

Upatre is similar to someone trying to break your door down using bottle
rockets and whistling petes.


Understood Nathan, and that’s what the community ruleset was formed for.  This exact scenario.  The Community ruleset was forged, largely out of conversations between you and me about these exact issues.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20150205/2ad3666b/attachment.html>


More information about the Snort-sigs mailing list