jceidem at ...2191...
Wed Nov 14 06:59:05 EST 2001
I guess this has more to do with the acceptance of OSS than with snort
in big picture. I'm arguing for 'Joe Smith' and don't necessarily feel
this way, but I can see his point.
Users of OSS have a long and arduous uphill battle to just get someone
to listen to them talk about software that "you can have for free" and
"right off the Internet." snort and its OSS compatriots are under
scrutiny here simply because, for the last X years, if you didn't buy
it, you couldn't use it. So now in steps snort. Or BSD, or Nessus or
Imagine one side of a phone call: "Yes, it REALLY is free. Yes, it
works on throwaway hardware. No, we don't have to pay for it, I said
it's free. Sure, here's the source code. Yes, it's FREE. I know that
it rated highly, that's why I showed you the article. Sure, I can have
it running this afternoon. I'll show you what it can do. OK, bye."
You get it put together and have it running and go up to show it off
(and, rightly, you're quite proud of it), when someone asks how it works
and you give 'em the spiel about signatures and how they set off alarms.
What do the signatures look like...
If that gets spotted, you'll need lotion to soothe yer aching hinder
after the PHBs get done with you.
Sure, that's paranoid. But aren't we in the paranoia business?
Here is a chance to shine. You know, lick your palms and smooth your
hair (well, not in my case, anyway), but on a brand new shirt and show
it off. Not just snort, but OSS. Because we're a Microsoft shop here
(yeeesh) and I'm running it on OpenBSD. Now I've two OSS platforms to
show off. Later, I'll add more, but I have got to get them to trust me
the first time.
I'm not offended. Hell, I showed my co-workers and we all laughed, so I
appreciate it and chances are no one will see the code, but man, if they
do, and they get mad you can kiss snort goodbye. I hate to say it, but
there are companies with PC (Politically Correct) police in the HR dept.
that will *really* get bent out of shape. Sad to say, but it's true.
I don't care what's in the classification.conf file. Nobody will see it
really. But if they do...
> I totally agree.....a professional look and feel "out of the
> box" would
> definitely help a product like this get more immediate
> acceptance in the
> corporate world. If management gets a first impression that
> Snort or any
> other open source software is being maintained by a bunch of
> people who
> aren't serious due to little remarks like this (which you
> would never see in
> the a commercial package), they will hesitate to bring it
> into a corporate
> environment. I would love to see the open source world really
> take off and
> overcome the Microsoft monster, and professionalism out of
> the box would be
> a good place to start if the developers are serious about
> competing with the
> commercial apps. Just my 2 cents.....
> -----Original Message-----
> From: Joe Smith [mailto:shadowm4n at ...131...]
> Sent: Tuesday, November 13, 2001 5:39 PM
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Professionalism
> Nothing quite like stirring the hornet's nest...
> Based on many of the responses I've received, I get
> the impression my point has been missed and/or I
> didn't state it clearly enough.
> My agenda is simple: make open-source more commonplace
> in the corporate environment. It's the same goal that
> many in the open source community share, because it's
> the only way to displace the current OS/Application
> monarch, Mr. Bill Gates. Many in the corporate world
> have a very negative opinion of open source precisely
> because of what I stated earlier regarding the
> unprofessional nature of open source. They will claim
> that the code is "untrustworthy". This doesn't mean
> it doesn't work (or can be configured to work). It
> doesn't mean that the programmers are untrustworthy.
> Once again, it isn't the impropriety that's the
> problem, it's the appearance of impropriety. The
> negative stigma will stay as long as this sort of
> thing crops up. Yes, I realize its idiotic for a VP
> to disqualify a product only because of lubrication
> references, but it does happen and it makes my job (ya
> know, intrusion detection and all that fun stuff) that
> much more difficult.
> Yes, its free. Yes, the classification.config file
> can be sed/grepped to do exactly what you want. And
> yes, its the best thing out there (its superior to
> every IDS I've tested, commercial or non). All I'm
> asking is for snort to make an effort to present a
> more professional appearance so that corporate
> acceptance is the default, not the exception.
More information about the Snort-users