[Snort-users] Sourcefire Tactics - New Licensing

Martin Roesch roesch at ...1935...
Fri Mar 4 10:56:37 EST 2005


Michael,

First off, Sourcefire won't be forking a codebase that it owns.  We 
continue to support the community and devote resources to the project 
far beyond what any other commercial entity has done.

 From Snort's beginnings in 1998 and then from when I founded Sourcefire 
in 2001 until the spring of 2002, I was the primary developer of Snort 
(at Sourcefire too).  I wrote stream4, frag2,  spo_unified,  
spp_telnet_negotiation,  spp_http_decode, spp_minfrag and spp_bo.  I 
also wrote the fast, full, syslog, null, and tcpdump output mechanisms. 
  I also wrote the main decoders in Snort (ethernet, arp, vlan, ip, tcp, 
udp, icmp).  I also wrote most of the detection plugins that form the 
rules language keywords in Snort originally (20 out of 29 of them in 
2.3), although some of them have seen extensive work by Sourcefire.  I 
wrote Snort's detection engine.  I wrote the output interfaces.  I 
wrote the parsing and config subsystem.  More recently I have written 
frag3 as well as some other significant pieces of code that are in the 
pipeline right now.

I also spent night after night after night writing docs, fixing bugs, 
evaluating patches and answering email, on the order of 3000 emails 
from me in the archives if you'll take a look over the course of 
1999-2002.  I had no funding and pretty weak computers.  I had a day 
job and I was spending all my free time working on it (just ask my 
wife).  I find that I really resent your assertion that this project 
would have gone nowhere without a massive influx of code from outside 
contributers, I think I managed to do a lot of good work and that the 
code that's still in there today has stood the test of time.  Fyodor 
Yarochkin was a big contributer in those days, if he's still around 
here maybe he could comment on my level of effort.

People at Sourcefire like Marc Norton, Dan Roelker, Steve Sturgis, Andy 
Mullican,  Jeremy Hewlett, Andrew Baker, Chris Green and Brian Caswell 
(to mention a few) have done a tremendous amount of work and modified 
and improved a lot of this code as well as extended Snort so that we 
can do cool stuff like make it hit gigabit+ per second performance 
marks and have stateful rules.

Sourcefire isn't a nameless, faceless corporate entity that's out there 
working hard to screw people, Sourcefire is *my* company.  Contrary to 
the beliefs of some, the investors don't run this place, guys like 
Wayne and I do.  We made the decision to go down this route as a 
management team, I was fully on board with it and we spent a great deal 
of time figuring out a licensing scheme that was fair to us and the 
community as well as the commercial entities that were profiting from 
our R&D (like your company, for example).

Generating FUD about a licensing change for which you have very little 
information at this point isn't helping anyone.  Corporate entities who 
want to profit from Sourcefire's research team should not be surprised 
when Sourcefire as a company decides that there should be some fairness 
in the relationship.  The Snort.org VRT subscription dollars and money 
from commercial redistribution license will go back into the VRT so 
that we can improve the service, the more successful this program is 
the more everyone participating in it will gain from it.

Sourcefire isn't asking you to pay for code, it's not even asking you 
to pay for rules, what we're saying is that if you are a company that's 
profiting directly from the quality and timliness of the rules that are 
generated by the VRT that you contribute back to that from which you 
benefit.  The rules that are under the GPL today will remain under the 
GPL, so you're not being constrained there.  The community rules from 
the users will remain under the GPL or alternative licenses that the 
individual authors may propose.  The rules that Sourcefire develops at 
a cost of millions of dollars per year will be available to end users 
*for free* if they so desire, but for corporations that are taking and 
giving nothing in return, we ask that they be willing to pay for 
ongoing access to Sourcefire's brains and resources.

      -Marty


On Mar 4, 2005, at 2:53 AM, Michael Steele wrote:

> Peter,
> Ok, remember this when Sourcefire forks the source code for Snort. I 
> doubt
> that will ever happen, but who is to say what might happen down the 
> road.
>
> Sourcefire is where they are at this point because of the development 
> that
> was produced pre-Sourcefire. There was a LOT of development on Snort 
> outside
> of Marty, and Sourcefire has built on that development. It would have 
> taken
> years longer for Snort to be developed to where it was when Sourcefire 
> was
> created.
>
> Sourcefire has placed a LOT of money into developing Snort, and that's 
> a
> given, but they are the biggest reapers of profit from Snort. I just 
> heard
> there is a 90k IDS solution that Sourcefire is or will be selling.
>
> This is NO big deal. It's just one small step. If people don't really 
> care
> and voice their opinions it will leave the door open for further
> restrictions. Remember, baby steps first.
>
> Kindest regards,
> Michael...
>
> WINSNORT.com Management Team Member
> -- 
> Pick up your FREE Windows or UNIX Snort installation guides
> mailto:support at ...9077...
> Website: http://www.winsnort.com
> Snort: Open Source Network IDS - http://www.snort.org
>
>
>
>> -----Original Message-----
>> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
>> admin at lists.sourceforge.net] On Behalf Of James Riden
>> Sent: Thursday, March 03, 2005 11:44 AM
>> To: 'Snort Users Postings'
>> Subject: Re: [Snort-users] Sourcefire Tactics - New Licensing
>>
>> "Peter J Manis" <pmanis at ...5068...> writes:
>>
>>> I agree.  This is sad.  Essentially, what is happening here is
>>> taking the open out of the opensource.  First the rules from
>>> Sourcefire, and now they are trying to take Bleeding Snort.  I
>>> understand if Sourcefire is upset about a few individuals using
>>> their rules, but what business do they have attempting to take
>>> Bleeding Snort under their control?  This is clearly a coorporation
>>> hoax to monopolize the development of Snort rules, first by
>>> licensing the Sourcefire rules, and now trying to get Bleeding Snort
>>> to abide by their licenses!  Next will be Snort itself!
>>
>> I suggest you ask for your money back.
>>
>> This is not the end of the world; it's precisely what the GPL was
>> designed for. Anyone who wants to fork the current sourcecode and
>> rulebase may do so, and do their own development.
>>
>> --
>> James Riden / j.riden at ...11179... / Systems Security Engineer
>> Information Technology Services, Massey University, NZ.
>> GPG public key available at: http://www.massey.ac.nz/~jriden/
>>
>>
>>
>>
>> -------------------------------------------------------
>> SF email is sponsored by - The IT Product Guide
>> Read honest & candid reviews on hundreds of IT Products from real 
>> users.
>> Discover which products truly live up to the hype. Start reading now.
>> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
>
>
>
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real 
> users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Discover.  Determine.  Defend.
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-users mailing list