[Snort-users] Demarc Certified Open Signatures

Bamm Visscher bamm.visscher at ...11827...
Wed Mar 2 14:19:55 EST 2005

Shouldn't a reputable company, who is supposedly committed to the
opensource community ensure that the copyright notices for the rules
files stay intact?


On Wed, 2 Mar 2005 10:09:11 -0800 (PST), Demarc Security
<snort_ml at ...2629...> wrote:
> Since our inception in 2001, Demarc has been committed to promoting secure
> Internet use by providing free versions of our products for users at home.
> We believe that because we use Open Source technology such as Linux and Snort,
> that we should give back to the security community as a whole.  We have
> continued to fulfill this commitment, most recently with the release of our
> Sentarus HomeAdmin Edition, which allows people to deploy some of our latest
> security technology in their home lab environments at no cost.
> In addition to our Sentarus and PureSecure products, our customers have also
> benefited from the expertise of our Threat Research Team which has, to date,
> been tasked with verifying rule stream updates and educating customers on the
> detailed workings of Snort technology. In light of some upcoming changes,
> we're now expanding our research team and formally announcing our new
> "Certified Open Signatures" program.  Our Certified Open Signatures program,
> which will be universally available to the entire community, is founded on
> these two principles:
>     1)  Like the Snort program itself, the latest rule signatures should
>         always be available for free because strong computer and network
>         security are in everyone's best interests.
>     2)  The best way for a company to serve a community project is to
>         remain true to the original goals of that project and refrain
>         from charging for vital components that have always been
>         community-driven and free.
> We make this announcement now, as we have recently received notice from
> Sourcefire that, as of next week, early access to all future Snort signatures
> they create will be based on a subscription model.
> The Sourcefire license changes as they were presented to us are:
>     - All rule updates will be a minimum of five days older than those
>       Sourcefire sells to their customers, and you will be required to
>       register to receive them or to wait for the next major Snort
>       release.
>    -  To receive the latest rules any sooner, you will have to pay
>       Sourcefire a rule subscription fee.
> We sincerely respect the efforts of the Sourcefire Snort development group
> along with the numerous others who created the base technology and rulesets
> that have made Snort a household name in the security community.  However, one
> of the greatest benefits of using Snort is the community review process which
> will now be subject to an imposed arbitrary delay.
> At Demarc, our commitment to the security community is simple:
>    -  Demarc will maintain http://snort.demarc.com/ as a community portal
>       for Snort signatures and Snort-based technology.  (This site is
>       meant to augment and not replace snort.org or the snort-sigs
>       mailing list.)
>    -  Demarc will produce and revise rules, as well as collaborate with
>       active groups to bring together the best rules from all community
>       sources.  User sites such as Bleeding Snort have been at the
>       forefront of new signature development and we view these groups'
>       contributions as invaluable.  Our goal is to work with these
>       groups and to serve as the trusted source for certified,
>       production level rulesets.
>    -  Demarc's Threat Research Team will continue to provide the latest
>       cutting-edge and Demarc Certified rules, making them immediately
>       available for public download and contribution.
>    -  Demarc will not charge for the download, use, or modification of
>       rules hosted on this site.
> Our community portal at http://snort.demarc.com/ will continually evolve over
> the next several weeks to offer more features, including direct user
> interaction. Our community portal will also become the new home for the SPADE
> statistical packet anomaly detection project and SnortSnarf, two projects
> originally managed by SiliconDefense and subsequently transferred to Demarc.
> We welcome your support on these projects through signature review and
> submissions, and, as with all community projects, your feedback is always
> welcome to help make it better.
> Sincerely,
> Ashlyn Reznik
> Demarc Threat Research Team
> Email: areznik at ...4451...
> http://www.demarc.com/products/

sguil - The Analyst Console for NSM

More information about the Snort-users mailing list