[Snort-users] Rules licensing changes

Martin Roesch roesch at ...1935...
Wed Mar 2 11:24:36 EST 2005

Hi everyone,

Over the past four years, Sourcefire has contributed increasing 
resources to advancing the Snort technology. That commitment has 
resulted in advances such as gigabit performance capability, the 
integration of the snort_inline technology the current and future 
generations of IP defragmentation and TCP stream reassembly 
functionality, protocol anomaly detectors and normalization, portscan 
detection, the unified output subsystem, reams of documentation and two 
complete code audits. In addition, we have built the Sourcefire 
Vulnerability Research Team and dedicated significant resources to 
improving the quality, accuracy and timeliness of Snort rules.

Recently, we have become increasing aware of companies who are 
commercially redistributing rules written by the Sourcefire VRT without 
contributing to the considerable resources required to develop high 
quality rules in such a timely fashion.

In order to enable us to continue supporting the open source model and 
dedicate these various resources to ensuring users have access to the 
best possible detection capabilities, we will begin distributing new 
“Sourcefire VRT Certified Rules” under a new license that restricts 
commercial redistribution. For developers building open source 
applications using Snort rules or Snort end users in general, the 
change in the licensing policy has no effect. The changes in the 
license apply specifically to organizations that are commercially 
redistributing the rules for either a product or a service offering.

Moving forward we are also pleased to announce that we will be 
increasing our involvement in not only the Snort technology but the 
community as well. We will continue to dedicate our research, 
development and QA resources to ensuring that Snort remains the de 
facto standard in intrusion detection and prevention technology. To 
start, beginning March 7th we will be offering a subscription for our 
VRT Certified Rules that allows end users to receive new VRT Certified 
Rule updates 5 days faster – the same time as our customers receive 
them. In addition, we will be launching a new web site with features 
such as users forums and community rule management. Over the next few 
months we will be continuing to update the snort.org web site to 
include new features and enhanced functionality such as updated 
documentation, increased support for user groups, tutorials and easier 
communication from the Sourcefire team.

If you have any questions or suggestions for how Sourcefire can better 
support the Snort community please contact us at 
snort-feedback at ...1935... or by emailing me directly.


Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Discover.  Determine.  Defend.
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org

More information about the Snort-users mailing list