[Snort-users] Demarc Certified Open Signatures

Demarc Security snort_ml at ...2629...
Wed Mar 2 10:09:54 EST 2005

Since our inception in 2001, Demarc has been committed to promoting secure
Internet use by providing free versions of our products for users at home.  
We believe that because we use Open Source technology such as Linux and Snort,
that we should give back to the security community as a whole.  We have
continued to fulfill this commitment, most recently with the release of our
Sentarus HomeAdmin Edition, which allows people to deploy some of our latest
security technology in their home lab environments at no cost.

In addition to our Sentarus and PureSecure products, our customers have also
benefited from the expertise of our Threat Research Team which has, to date,
been tasked with verifying rule stream updates and educating customers on the
detailed workings of Snort technology. In light of some upcoming changes,
we're now expanding our research team and formally announcing our new
"Certified Open Signatures" program.  Our Certified Open Signatures program,
which will be universally available to the entire community, is founded on
these two principles:

    1)  Like the Snort program itself, the latest rule signatures should
        always be available for free because strong computer and network
        security are in everyone's best interests.

    2)  The best way for a company to serve a community project is to
        remain true to the original goals of that project and refrain
        from charging for vital components that have always been
        community-driven and free.

We make this announcement now, as we have recently received notice from
Sourcefire that, as of next week, early access to all future Snort signatures
they create will be based on a subscription model.

The Sourcefire license changes as they were presented to us are:

    - All rule updates will be a minimum of five days older than those
      Sourcefire sells to their customers, and you will be required to
      register to receive them or to wait for the next major Snort

   -  To receive the latest rules any sooner, you will have to pay
      Sourcefire a rule subscription fee.

We sincerely respect the efforts of the Sourcefire Snort development group
along with the numerous others who created the base technology and rulesets
that have made Snort a household name in the security community.  However, one
of the greatest benefits of using Snort is the community review process which
will now be subject to an imposed arbitrary delay.

At Demarc, our commitment to the security community is simple:

   -  Demarc will maintain http://snort.demarc.com/ as a community portal
      for Snort signatures and Snort-based technology.  (This site is
      meant to augment and not replace snort.org or the snort-sigs
      mailing list.)

   -  Demarc will produce and revise rules, as well as collaborate with
      active groups to bring together the best rules from all community
      sources.  User sites such as Bleeding Snort have been at the
      forefront of new signature development and we view these groups'
      contributions as invaluable.  Our goal is to work with these
      groups and to serve as the trusted source for certified,
      production level rulesets.

   -  Demarc's Threat Research Team will continue to provide the latest
      cutting-edge and Demarc Certified rules, making them immediately
      available for public download and contribution.

   -  Demarc will not charge for the download, use, or modification of
      rules hosted on this site.

Our community portal at http://snort.demarc.com/ will continually evolve over
the next several weeks to offer more features, including direct user
interaction. Our community portal will also become the new home for the SPADE
statistical packet anomaly detection project and SnortSnarf, two projects
originally managed by SiliconDefense and subsequently transferred to Demarc.

We welcome your support on these projects through signature review and
submissions, and, as with all community projects, your feedback is always
welcome to help make it better.


Ashlyn Reznik
Demarc Threat Research Team
Email: areznik at ...4451...

More information about the Snort-users mailing list