[Snort-users] re: Professionalism

ICPPhila_Email_Review at ...2321... ICPPhila_Email_Review at ...2321...
Tue Nov 20 07:34:04 EST 2001

Well, I guess it's time for me to put in my TWO cents

Marty, I am one of those who believes very much in this product. I also
believe in "Open Source" software. I also want to say that I appreciate your
work and efforts getting this to fruition. The credibility of this product
must be noted as I have read reviews that have stated this and the fact that
the CERT people write code o support this products reporting. Gee!! I don't
know but maybe they might be a good source of reference.

I believe that people who spend time worrying about where a piece of code
has a little language in it needs to "GET A LIFE" cause they obviously have
way to much time on their hands that they have to worry about such trivial

The real key focus here needs to be on the development, "constructive"
comments and assistance so that this product can support the ISS needs of a
couple million people and the ability to mitigate risk from people who have
way to much time on their hands and write viruses and make dumb ass comments
on subjects that they obviously have no clue about.  I have been doing ISS
for over 18 yrs and in that time I have NEVER felt the need to comment on an
issue like this but this is the first.

Marty keep up the great job and take care.

Wayne T Work

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Martin
Sent: Saturday, November 17, 2001 7:55 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] re: Professionalism

It's always nice to go on the road for a few days because I can almost
always be sure that the [expletive deleted] will hit the fan in one way
or another when I'm travelling and can't respond in an effective manner.

I'll start off by posing a question: MS Excel has a functioning *flight
simulator* embedded into it as an easter egg, does anyone take it less
seriously as a business application because of that?

The vast majority of Snort was written by me between the hours of 10PM
and 3AM over the course of the past three years.  Up until recently,
I've done this in my spare time exlusively.  The contributers to the
project are almost exclusively volunteers, also giving their best in
their spare time.  Given all that, it's pretty amazing that this
software works at all without even mentioning that Snort is widely
considered to be one of the top intrusion detection technologies
available.  What's even more amazing is that when compared with the top
10 commercial NIDS available, Snort was bested only by 2 products from
companies with market caps in excess of $1B, beating all the dedicated
security companies in the review (I'm talking about the Network
Computing review here, it's been linked in some of the other replies).

If you'll take a second and grep for the "top 7 words you can't say on
TV" in the source, you will see there are a number of not entirely
professional comments and messages contained within.  It's widely been
said that "the one language that all programmers know is profanity", and
there's no exception in Snort.  When I'm coding some up some tricky
concept or piece of code and it's not going well (or for whatever other
reason) I have been known to slip colorful language into comments or
error messages.  These things happen at 2AM, they're inevitable.

This code/system is free (and Free).  People who don't like the way the
code is written have a number of other NIDS options both free (Prelude,
Firestorm, Pakemon, Shoki, etc) and commercial, and also have the option
of running sed(1) to search and replace all the "crap"s and "fuck"s to
"doody"s and "darn"s.  Ditto with the classification system.  The entire
rule, classification and configuration default set that comes with Snort
is merely an example of suggested configurations and signatures so that
you can have something to work with when you *customize* Snort for your
site, especially in "professional" grade installations.

I'll make no excuses for the people who maintain Snort along side with
me, we thought that the classification was funny and we put it in.  The
development and maintenance team for Snort gives away some of their best
ideas *for free* as a matter of principle, and in the words of Jack
Nicholson "I have neither the time nor the inclination to explain myself
to a man who rises and sleeps under the blanket of the very freedom that
I provide and then questions the manner in which I provide it."  That's
a little overheated, but you get the gist.

Some people may think that it's unprofessional, but I've had no
complaints from the US Government or military, major e-commerce sites,
gigantic banks, semiconductor manufacturers, telecommunications
carriers, network security companies and managed security services
providers (among others) that use and support Snort for their operations
or as services, and if it's good enough for them then I'm ok with it.
Snort's acceptance doesn't suffer one iota as far as I'm concerned (and
if it actually reduces the support load from blue blood companies that
are more worried about appearances than substance, so much the better).

The legitemacy and professionalism of Snort and the open source
development model is borne out by it's user base.  'Nuff said.


Martin Roesch - President, Sourcefire Inc. - (410)552-6999
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list