[Snort-users] Demarc Certified Open Signatures

Wayne Jackson wayne.jackson at ...1935...
Thu Mar 3 09:41:55 EST 2005


I haven't yet weighed in, as of yet, but see your observations as the
perfect opportunity to do so.

First, as an investor, board member, and proud part of the management team
here at Sourcefire I can absolutely assure you that Marty has always been,
and will remain, the heart and soul of this company. Trust me, Marty still
has the reigns when it comes to all things relating to Snort.

Second, our decision to modify the license for new, Sourcefire-created Snort
rules was based on principles of fundamental fairness. It is a simple fact
that there are dozens of companies that use the intellectual property that
we contribute to the Snort community while contributing little, if anything,
back to us or the community in return. Further, some of these companies
routinely abuse our copyrights, remove banners from source code, withhold
derivative works, hide trademark notices, etc., all of which is completely
outside the letter and spirit of the GPL and should not be tolerated by

Don't like venture capital? Remember that Snort wasn't even a stateful
inspection technology before Marty started Sourcefire. And to your comment
regarding Sourcefire's hosting and maintaining Snort.org, we simply say
"you're welcome".

And finally, as Marty observed in an earlier post, Sourcefire will continue
to innovate and deliver meaningful improvements to those who value Snort -
even you. You will also notice huge improvements to Snort.org, most of which
are oriented specifically to the kind of community building and open
idea-sharing that you seem to think we would find threatening.

We have gone WAY above and beyond, in my humble opinion, protecting the
Snort user community and that should be even more evident as the new site
goes live Monday. This will also be reinforced with every continuing
contribution that Sourcefire makes in the years to come.

Good luck with your endeavors.


     Wayne Jackson, CEO

> From: "Eric Hines" <eric.hines at ...8860...>
> Date: March 3, 2005 10:48:07 AM EST
> To: <spamtrap at ...9077...>, "'Snort Users Postings'"
> <snort-users at lists.sourceforge.net>
> Subject: RE: [Snort-users] Demarc Certified Open Signatures
> Michael, I Agree. This is only the beginning. Three or so years ago a
> good
> friend, Jed Pickel posted to this list when Martin announced the
> creation of
> Sourcefire. He called it and said stuff like this would happen and was
> flamed for it. I think he deserves accolades for standing up and saying
> something because he ended up being right after all.
> This is only the beginning, indeed. I think its naïve to think that
> Roesche
> has any more control over there at Sourcefire as to what happens with
> the
> Snort project, which is under the control of copyrights and trademarks
> by
> Sourcefire, Inc. He has brought in so much VC money that I'd be
> surprised if
> he is a majority shareholder anymore at that company -- its near
> impossible.
> The fate of the Snort project is in the hands and control of the Board
> of
> Directors at Sourcefire and it's VC's -- not snort.org. Hell, its even
> hosted by Sourcefire.
> [snort.org]
>       NS1.SOURCEFIRE.COM    
> IMHO this is a very poor move by Sourcefire. I've spoken to a lot of
> organizations about this over the past week (as we received a letter
> from
> Sourcefire announcing this way before this announcement) who laughed
> at the
> very thought of paying for Signatures simply so they can get it when
> they
> are immediately released. Wait 5 days and you get those signatures. If
> they
> actually get ANY organizations who are willing to pay for this
> subscription,
> the number of companies willing to pay for it will be far exceeded by
> the
> number of people they've upset. Do the math Sourcefire.
> They've done nothing except give themselves a black eye.
> My look in to the future: Projects like the Bleeding Edge will pop up
> all
> over the place offering a safe haven for Snort rule creation and
> distribution. The beautiful thing about Snort signatures is anyone can
> make
> them. When a new 0day exploit or worm comes out, their will be a race
> between all these projects as to who can get the best signature out
> and who
> can do it the fastest. If you get enough people together, more rules
> can be
> developed and can be developed much faster than Sourcefire.
> I also see other open source IDS projects starting, IDS' like
> Firestorm,
> Prelude, etc. that use the Snort signature syntax we're already all
> familiar
> with.
> Best Regards,
> Eric Hines, GCIA, CISSP
> CEO, President, Chairman
> Applied Watch Technologies, LLC
> 1134 N. Main St.
> Algonquin, IL 60102
> Tel: (877) 262-7593 x327
> Fax: (877) 262-7593
> Web: http://www.appliedwatch.com

More information about the Snort-users mailing list