[Snort-users] Demarc Certified Open Signatures

Esler, Joel CNTR/Sytex joel.esler at ...9426...
Thu Mar 3 10:25:44 EST 2005


Eric, for as much as us GCIA's have to stick together, I have to
disagree with you.  

While I am an open source advocate, I have to agree with Sourcefire's
business model.  It only makes sense from a business point of view...

People (Other companies) are selling Sourcefire's work as the their own.
This is an effort to preserve that for 5 days.  It's only 5 days!  You
won't know the difference anyway!

J

On Thu, 2005-03-03 at 09:48 -0600, Eric Hines wrote: 

> Michael, I Agree. This is only the beginning. Three or so years ago a good
> friend, Jed Pickel posted to this list when Martin announced the creation of
> Sourcefire. He called it and said stuff like this would happen and was
> flamed for it. I think he deserves accolades for standing up and saying
> something because he ended up being right after all.
> 
> This is only the beginning, indeed. I think its naïve to think that Roesche
> has any more control over there at Sourcefire as to what happens with the
> Snort project, which is under the control of copyrights and trademarks by
> Sourcefire, Inc. He has brought in so much VC money that I'd be surprised if
> he is a majority shareholder anymore at that company -- its near impossible.
> The fate of the Snort project is in the hands and control of the Board of
> Directors at Sourcefire and it's VC's -- not snort.org. Hell, its even
> hosted by Sourcefire.
> 
> [snort.org]
> 
>       NS1.SOURCEFIRE.COM      12.4.213.2   	 
>    	NS2.SOURCEFIRE.COM 	199.107.65.180
> 
> 
> IMHO this is a very poor move by Sourcefire. I've spoken to a lot of
> organizations about this over the past week (as we received a letter from
> Sourcefire announcing this way before this announcement) who laughed at the
> very thought of paying for Signatures simply so they can get it when they
> are immediately released. Wait 5 days and you get those signatures. If they
> actually get ANY organizations who are willing to pay for this subscription,
> the number of companies willing to pay for it will be far exceeded by the
> number of people they've upset. Do the math Sourcefire.
> 
> They've done nothing except give themselves a black eye.
> 
> My look in to the future: Projects like the Bleeding Edge will pop up all
> over the place offering a safe haven for Snort rule creation and
> distribution. The beautiful thing about Snort signatures is anyone can make
> them. When a new 0day exploit or worm comes out, their will be a race
> between all these projects as to who can get the best signature out and who
> can do it the fastest. If you get enough people together, more rules can be
> developed and can be developed much faster than Sourcefire.
> 
> I also see other open source IDS projects starting, IDS' like Firestorm,
> Prelude, etc. that use the Snort signature syntax we're already all familiar
> with. 
> 
> 
> 
> Best Regards,
> 
> 
> Eric Hines, GCIA, CISSP
> CEO, President, Chairman
> Applied Watch Technologies, LLC
> 1134 N. Main St.
> Algonquin, IL 60102
> Tel: (877) 262-7593 x327
> Fax: (877) 262-7593
> Web: http://www.appliedwatch.com
>  
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net
> [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Michael Steele
> Sent: Wednesday, March 02, 2005 6:05 PM
> To: 'Snort Users Postings'
> Subject: RE: [Snort-users] Demarc Certified Open Signatures
> 
> Remember this one thing; If not for the dedication of pre-Sourcefire
> contributions from others, Snort would not be where it is today, and this
> goes for Sourcefire.
> 
> This is only the beginning. Does it seem inconceivable that in the future
> Snort builds might be treated the same as the rules are. If it's OK to do
> this with the rules, then where does it stop...
> 
> Kindest regards,
> Michael...
> 
> WINSNORT.com Management Team Member
> -- 
> Pick up your FREE Windows or UNIX Snort installation guides       
> mailto:support at ...9077...
> Website: http://www.winsnort.com
> Snort: Open Source Network IDS - http://www.snort.org
> 
> 
> > -----Original Message-----
> > From: snort-users-admin at lists.sourceforge.net [mailto:snort-users- 
> > admin at lists.sourceforge.net] On Behalf Of Bob Konigsberg
> > Sent: Wednesday, March 02, 2005 2:31 PM
> > To: 'Bamm Visscher'; 'Demarc Security'
> > Cc: snort-users at lists.sourceforge.net
> > Subject: RE: [Snort-users] Demarc Certified Open Signatures
> > 
> > I don't think that's the key point here.  This has already happened 
> > with Nessus and Snort - that is, people are making money off of their 
> > open source work, and not giving credit OR cash back to the 
> > developers.
> > 
> > It's kind of sad where a few folks spoil it, but both organizations 
> > are trying hard to stick to their roots - while getting what's due them.
> > 
> > Bob
> > 
> > -----Original Message-----
> > From: snort-users-admin at lists.sourceforge.net
> > [mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Bamm 
> > Visscher
> > Sent: Wednesday, March 02, 2005 2:19 PM
> > To: Demarc Security
> > Cc: snort-users at lists.sourceforge.net
> > Subject: Re: [Snort-users] Demarc Certified Open Signatures
> > 
> > Shouldn't a reputable company, who is supposedly committed to the 
> > opensource community ensure that the copyright notices for the rules 
> > files stay intact?
> > 
> > Bammkkkk
> > 
> > On Wed, 2 Mar 2005 10:09:11 -0800 (PST), Demarc Security 
> > <snort_ml at ...2629...> wrote:
> > >
> > >
> > > Since our inception in 2001, Demarc has been committed to promoting 
> > > secure Internet use by providing free versions of our products for 
> > > users
> > at home.
> > > We believe that because we use Open Source technology such as Linux 
> > > and Snort, that we should give back to the security community as a 
> > > whole.  We have continued to fulfill this commitment, most recently 
> > > with the release of our Sentarus HomeAdmin Edition, which allows 
> > > people to deploy some of our latest security technology in their 
> > > home
> > lab
> > environments at no cost.
> > >
> > > In addition to our Sentarus and PureSecure products, our customers 
> > > have also benefited from the expertise of our Threat Research Team 
> > > which has, to date, been tasked with verifying rule stream updates 
> > > and educating customers on the detailed workings of Snort 
> > > technology. In light of some upcoming changes, we're now expanding 
> > > our research team and formally announcing our new "Certified Open
> Signatures" program.
> > > Our Certified Open Signatures program, which will be universally 
> > > available to the entire community, is founded on these two principles:
> > >
> > >     1)  Like the Snort program itself, the latest rule signatures should
> > >         always be available for free because strong computer and network
> > >         security are in everyone's best interests.
> > >
> > >     2)  The best way for a company to serve a community project is to
> > >         remain true to the original goals of that project and refrain
> > >         from charging for vital components that have always been
> > >         community-driven and free.
> > >
> > > We make this announcement now, as we have recently received notice 
> > > from Sourcefire that, as of next week, early access to all future 
> > > Snort signatures they create will be based on a subscription model.
> > >
> > > The Sourcefire license changes as they were presented to us are:
> > >
> > >     - All rule updates will be a minimum of five days older than those
> > >       Sourcefire sells to their customers, and you will be required to
> > >       register to receive them or to wait for the next major Snort
> > >       release.
> > >
> > >    -  To receive the latest rules any sooner, you will have to pay
> > >       Sourcefire a rule subscription fee.
> > >
> > > We sincerely respect the efforts of the Sourcefire Snort development 
> > > group along with the numerous others who created the base technology 
> > > and rulesets that have made Snort a household name in the security 
> > > community.  However, one of the greatest benefits of using Snort is 
> > > the community review process which will now be subject to an imposed
> > arbitrary delay.
> > >
> > > At Demarc, our commitment to the security community is simple:
> > >
> > >    -  Demarc will maintain http://snort.demarc.com/ as a community
> > portal
> > >       for Snort signatures and Snort-based technology.  (This site is
> > >       meant to augment and not replace snort.org or the snort-sigs
> > >       mailing list.)
> > >
> > >    -  Demarc will produce and revise rules, as well as collaborate with
> > >       active groups to bring together the best rules from all community
> > >       sources.  User sites such as Bleeding Snort have been at the
> > >       forefront of new signature development and we view these groups'
> > >       contributions as invaluable.  Our goal is to work with these
> > >       groups and to serve as the trusted source for certified,
> > >       production level rulesets.
> > >
> > >    -  Demarc's Threat Research Team will continue to provide the latest
> > >       cutting-edge and Demarc Certified rules, making them immediately
> > >       available for public download and contribution.
> > >
> > >    -  Demarc will not charge for the download, use, or modification of
> > >       rules hosted on this site.
> > >
> > > Our community portal at http://snort.demarc.com/ will continually 
> > > evolve over the next several weeks to offer more features, including 
> > > direct user interaction. Our community portal will also become the 
> > > new home for the SPADE statistical packet anomaly detection project 
> > > and SnortSnarf, two projects originally managed by SiliconDefense 
> > > and
> > subsequently transferred to Demarc.
> > >
> > > We welcome your support on these projects through signature review 
> > > and submissions, and, as with all community projects, your feedback 
> > > is always welcome to help make it better.
> > >
> > > Sincerely,
> > >
> > > Ashlyn Reznik
> > > Demarc Threat Research Team
> > > Email: areznik at ...4451...
> > > http://www.demarc.com/products/
> > >
> > 
> > 
> > --
> > sguil - The Analyst Console for NSM
> > http://sguil.sf.net
> > 
> > 
> > -------------------------------------------------------
> > SF email is sponsored by - The IT Product Guide Read honest & candid 
> > reviews on hundreds of IT Products from real users.
> > Discover which products truly live up to the hype. Start reading now.
> > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > 
> > 
> > 
> > 
> > 
> > -------------------------------------------------------
> > SF email is sponsored by - The IT Product Guide Read honest & candid 
> > reviews on hundreds of IT Products from real users.
> > Discover which products truly live up to the hype. Start reading now.
> > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
> 
> 
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide Read honest & candid reviews
> on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Esler, Joel CNTR/Sytex <joel.esler at ...9426...>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050303/c4c1e1ec/attachment.html>


More information about the Snort-users mailing list