[Snort-users] Demarc Certified Open Signatures

Bob Konigsberg bobkberg at ...12746...
Wed Mar 2 14:33:59 EST 2005

I don't think that's the key point here.  This has already happened with
Nessus and Snort - that is, people are making money off of their open source
work, and not giving credit OR cash back to the developers.

It's kind of sad where a few folks spoil it, but both organizations are
trying hard to stick to their roots - while getting what's due them.


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Bamm Visscher
Sent: Wednesday, March 02, 2005 2:19 PM
To: Demarc Security
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Demarc Certified Open Signatures

Shouldn't a reputable company, who is supposedly committed to the opensource
community ensure that the copyright notices for the rules files stay intact?


On Wed, 2 Mar 2005 10:09:11 -0800 (PST), Demarc Security
<snort_ml at ...2629...> wrote:
> Since our inception in 2001, Demarc has been committed to promoting 
> secure Internet use by providing free versions of our products for users
at home.
> We believe that because we use Open Source technology such as Linux 
> and Snort, that we should give back to the security community as a 
> whole.  We have continued to fulfill this commitment, most recently 
> with the release of our Sentarus HomeAdmin Edition, which allows 
> people to deploy some of our latest security technology in their home lab
environments at no cost.
> In addition to our Sentarus and PureSecure products, our customers 
> have also benefited from the expertise of our Threat Research Team 
> which has, to date, been tasked with verifying rule stream updates and 
> educating customers on the detailed workings of Snort technology. In 
> light of some upcoming changes, we're now expanding our research team 
> and formally announcing our new "Certified Open Signatures" program.  
> Our Certified Open Signatures program, which will be universally 
> available to the entire community, is founded on these two principles:
>     1)  Like the Snort program itself, the latest rule signatures should
>         always be available for free because strong computer and network
>         security are in everyone's best interests.
>     2)  The best way for a company to serve a community project is to
>         remain true to the original goals of that project and refrain
>         from charging for vital components that have always been
>         community-driven and free.
> We make this announcement now, as we have recently received notice 
> from Sourcefire that, as of next week, early access to all future 
> Snort signatures they create will be based on a subscription model.
> The Sourcefire license changes as they were presented to us are:
>     - All rule updates will be a minimum of five days older than those
>       Sourcefire sells to their customers, and you will be required to
>       register to receive them or to wait for the next major Snort
>       release.
>    -  To receive the latest rules any sooner, you will have to pay
>       Sourcefire a rule subscription fee.
> We sincerely respect the efforts of the Sourcefire Snort development 
> group along with the numerous others who created the base technology 
> and rulesets that have made Snort a household name in the security 
> community.  However, one of the greatest benefits of using Snort is 
> the community review process which will now be subject to an imposed
arbitrary delay.
> At Demarc, our commitment to the security community is simple:
>    -  Demarc will maintain http://snort.demarc.com/ as a community portal
>       for Snort signatures and Snort-based technology.  (This site is
>       meant to augment and not replace snort.org or the snort-sigs
>       mailing list.)
>    -  Demarc will produce and revise rules, as well as collaborate with
>       active groups to bring together the best rules from all community
>       sources.  User sites such as Bleeding Snort have been at the
>       forefront of new signature development and we view these groups'
>       contributions as invaluable.  Our goal is to work with these
>       groups and to serve as the trusted source for certified,
>       production level rulesets.
>    -  Demarc's Threat Research Team will continue to provide the latest
>       cutting-edge and Demarc Certified rules, making them immediately
>       available for public download and contribution.
>    -  Demarc will not charge for the download, use, or modification of
>       rules hosted on this site.
> Our community portal at http://snort.demarc.com/ will continually 
> evolve over the next several weeks to offer more features, including 
> direct user interaction. Our community portal will also become the new 
> home for the SPADE statistical packet anomaly detection project and 
> SnortSnarf, two projects originally managed by SiliconDefense and
subsequently transferred to Demarc.
> We welcome your support on these projects through signature review and 
> submissions, and, as with all community projects, your feedback is 
> always welcome to help make it better.
> Sincerely,
> Ashlyn Reznik
> Demarc Threat Research Team
> Email: areznik at ...4451...
> http://www.demarc.com/products/

sguil - The Analyst Console for NSM

SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list