[Snort-users] RE: Installing SNORT 1.8.3 on win2k server

Martin Roesch roesch at ...1935...
Wed Mar 13 14:21:12 EST 2002

On 3/13/02 2:36 AM, "Stuart Staniford" <stuart at ...155...> wrote:

> On Tuesday, March 12, 2002, at 03:28 PM, Martin Roesch wrote:
>> Should we discuss the cost of producing Snort in the first
>> place in man hours donated to the project versus your contribution?
>> Nah,
>> it'd make that contribution look pretty paltry and profit motivated in
>> comparison.  Foregoing the development costs in favor of a
>> renewable-revenue
>> services model isn't exactly a new idea.
> and
>> As you know, I run a company that is directly competitive with yours
>> and
>> yet I seem to be able to refrain from constantly engaging in crass
>> marketing
>> tactics.
> Marty:
> Firstly, I'd like to say that I appreciate tremendously the years of
> volunteer effort you have put into Snort in the past.  No-one would
> question the massive contribution you have made in starting and
> sustaining Snort, and the Snort community.  You were public spirited in
> the extreme.  We at Silicon Defense are deeply grateful for what you
> pioneered.

And continue to develop.  Please don't try to marginalize my on-going
contributions to the project, I continue to be the primary developer and
project coordinator for this very large open source project and talking
about my position with regards to the project in the past tense does a
disservice to me and to the long time members of this list.  This post reeks
of politicking and I find it offensive.

> For a number of years now, we have been glad to help and support you and
> other members of the community by releasing free software to help use
> Snort, producing components for Snort, working on algorithmic
> improvements to make it faster, and helping users with their queries on
> the list.  Our company has been built around Snort from when it was
> tiny, and it continues to be so today.  In working with an Open Source
> product, we recognize our obligation to try to be of benefit to the
> community, and to contribute to it as best we can given the
> circumstances we find ourselves in.  We intend to continue to offer help
> to the community in the same ways we have done in the past.

And it has been appreciated where it has been appropriate.  Unfortunately as
you have migrated into the commercial realm you seem to have lost touch with
what people who use Snort for free want, unfettered and non-commercial
access to information and code.  I was under the impression that your
company was built around DARPA contracts and has recently migrated to
commercial Snort support, probably due to the non-fixed profit margins
involved with such an enterprise.

> If members of the community think that our communications have seemed
> self-serving, as opposed to simply helping people, or explaining the
> free resources that we offer to the community, I apologize.  I am
> distressed at the tone of this thread, and if we have contributed to
> that, I'm sorry also.

One of your employees *initiated* it, "contributing" is a gross
understatement.  If you'll read the thread that kicked this whole episode
off, you'll see that one of your "Snort Support Technicians" answered a
question by redirecting a person to use the Silicon Defense version of Snort
(which, incidentally shouldn't differ from any other version of Snort) and
roll back the version of winpcap he was using without even bothering to look
at the error that was being generated by Snort.  Who does this help other
than Silicon Defense getting one more pair of eyeballs on your site who will
hopefully sign up for your for-pay services?

> I share your sense that the snort-users list, snort.org, the snort CVS
> itself, etc should exist for the benefit of the Snort community as a
> whole, and not for the benefit of any particular company that might try
> to use them to gain "crass" business advantage.  Since you, and we, and
> others, all now run for-profit companies that are trying to make a
> successful business out of the expertise we have each developed in
> Snort, this presents something of a challenge.  While we compete in some
> ways, we need to co-operate for the benefit of the community in others
> and we need to remain civil with each other in the various public forums
> for the Snort community.

I'd love to, but circumstances and the treatment I and my company has been
receiving at the hands of companies like yours prevents it.  If anyone can
remember a way in which the community has been a disservice by either myself
or by anyone at Sourcefire, I'd like to hear about it.

> If indeed the snort community determines that snort-users needs
> moderation, can I suggest that we find someone impartial to do it?  That
> would protect you from any suggestion that you might use the position of
> moderator to advance your own commercial agenda.  People who don't know
> you well might wonder whether there was a  conflict of interest between
> your role as President of Sourcefire (a private company seeking to make
> a lot of money from Snort) and as the moderator of snort-users (trying
> to prevent misuse of the list for commercial purposes).  I suggest some
> kind of impartial person or advisory board might be the best solution to
> avoiding any such perception.

This is a ridiculous suggestion.  We're going to moderate the Snort-users
list by committee?  We're going to find an impartial 3rd party who knows
enough about Snort to moderate the list effectively?  I sincerely doubt it.
If anyone is going to moderate the list, it'll be the people who have been
here all along helping users get the most out of the system, I can think of
several people immediately who could be very helpful in this effort:

Chris Green
Erek Adams
Phil Wood
Brian Caswell
Andrew Baker
Ralf Hildebrant
Dragos Ruiu
Roman Danyliw
Ryan Russel
Joe McAlerney

I doubt you'd be able to find more effective moderators, especially
impartial 3rd parties.

>> The snort-users list is for discussing the use of snort.  It is not
>> intended
>> to be used as a marketing platform nor to push personal or corporate
>> agendas.
> Agreed.  It's reassuring to hear you say that.
> Perhaps Sourcefire and Silicon Defense should try to agree on a code of
> ethics that we would both adhere to to ensure that neither company was
> abusing the list etc for its own commercial advantage?  Other companies
> in the Snort space that chose to do so could be involved also.

I'm unwilling to enter into any sort of agreement with Silicon Defense at
this time.  

My company's stance on open source versus commercial questions is a matter
of open record, we enforce a strict separation of "church and state" here
with regards to how Snort is developed and used within our products.  Snort
has clearly benefited from my company's involvement with the program.
Stream4, frag2, spo_unified and barnyard were written by me (barnyard was
taken over by Andrew Baker) for my company to make Snort an enterprise class
NIDS solution and these modules were freely put into the open source code
base of the system.  Our position on the proprietary nature of our appliance
software and how that fits together with the open source Snort code base are
public knowledge too, I have repeated time after time that Snort will always
be open and free to its users and that the interests of my company are
directly aligned with building the best Snort sensor technology possible and
keeping that code open source.

Your attempt to muddy the waters by stating that my intensions are anything
less than honorable or straightforward with regards to providing Snort as an
open source system and separate from my company's interests is also not


Martin Roesch - Founder/CEO, Sourcefire Inc. - (410)290-1616
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org

More information about the Snort-users mailing list