[Snort-users] Sourcefire Tactics - New Licensing
roesch at ...1935...
Fri Mar 4 10:56:37 EST 2005
First off, Sourcefire won't be forking a codebase that it owns. We
continue to support the community and devote resources to the project
far beyond what any other commercial entity has done.
From Snort's beginnings in 1998 and then from when I founded Sourcefire
in 2001 until the spring of 2002, I was the primary developer of Snort
(at Sourcefire too). I wrote stream4, frag2, spo_unified,
spp_telnet_negotiation, spp_http_decode, spp_minfrag and spp_bo. I
also wrote the fast, full, syslog, null, and tcpdump output mechanisms.
I also wrote the main decoders in Snort (ethernet, arp, vlan, ip, tcp,
udp, icmp). I also wrote most of the detection plugins that form the
rules language keywords in Snort originally (20 out of 29 of them in
2.3), although some of them have seen extensive work by Sourcefire. I
wrote Snort's detection engine. I wrote the output interfaces. I
wrote the parsing and config subsystem. More recently I have written
frag3 as well as some other significant pieces of code that are in the
pipeline right now.
I also spent night after night after night writing docs, fixing bugs,
evaluating patches and answering email, on the order of 3000 emails
from me in the archives if you'll take a look over the course of
1999-2002. I had no funding and pretty weak computers. I had a day
job and I was spending all my free time working on it (just ask my
wife). I find that I really resent your assertion that this project
would have gone nowhere without a massive influx of code from outside
contributers, I think I managed to do a lot of good work and that the
code that's still in there today has stood the test of time. Fyodor
Yarochkin was a big contributer in those days, if he's still around
here maybe he could comment on my level of effort.
People at Sourcefire like Marc Norton, Dan Roelker, Steve Sturgis, Andy
Mullican, Jeremy Hewlett, Andrew Baker, Chris Green and Brian Caswell
(to mention a few) have done a tremendous amount of work and modified
and improved a lot of this code as well as extended Snort so that we
can do cool stuff like make it hit gigabit+ per second performance
marks and have stateful rules.
Sourcefire isn't a nameless, faceless corporate entity that's out there
working hard to screw people, Sourcefire is *my* company. Contrary to
the beliefs of some, the investors don't run this place, guys like
Wayne and I do. We made the decision to go down this route as a
management team, I was fully on board with it and we spent a great deal
of time figuring out a licensing scheme that was fair to us and the
community as well as the commercial entities that were profiting from
our R&D (like your company, for example).
Generating FUD about a licensing change for which you have very little
information at this point isn't helping anyone. Corporate entities who
want to profit from Sourcefire's research team should not be surprised
when Sourcefire as a company decides that there should be some fairness
in the relationship. The Snort.org VRT subscription dollars and money
from commercial redistribution license will go back into the VRT so
that we can improve the service, the more successful this program is
the more everyone participating in it will gain from it.
Sourcefire isn't asking you to pay for code, it's not even asking you
to pay for rules, what we're saying is that if you are a company that's
profiting directly from the quality and timliness of the rules that are
generated by the VRT that you contribute back to that from which you
benefit. The rules that are under the GPL today will remain under the
GPL, so you're not being constrained there. The community rules from
the users will remain under the GPL or alternative licenses that the
individual authors may propose. The rules that Sourcefire develops at
a cost of millions of dollars per year will be available to end users
*for free* if they so desire, but for corporations that are taking and
giving nothing in return, we ask that they be willing to pay for
ongoing access to Sourcefire's brains and resources.
On Mar 4, 2005, at 2:53 AM, Michael Steele wrote:
> Ok, remember this when Sourcefire forks the source code for Snort. I
> that will ever happen, but who is to say what might happen down the
> Sourcefire is where they are at this point because of the development
> was produced pre-Sourcefire. There was a LOT of development on Snort
> of Marty, and Sourcefire has built on that development. It would have
> years longer for Snort to be developed to where it was when Sourcefire
> Sourcefire has placed a LOT of money into developing Snort, and that's
> given, but they are the biggest reapers of profit from Snort. I just
> there is a 90k IDS solution that Sourcefire is or will be selling.
> This is NO big deal. It's just one small step. If people don't really
> and voice their opinions it will leave the door open for further
> restrictions. Remember, baby steps first.
> Kindest regards,
> WINSNORT.com Management Team Member
> Pick up your FREE Windows or UNIX Snort installation guides
> mailto:support at ...9077...
> Website: http://www.winsnort.com
> Snort: Open Source Network IDS - http://www.snort.org
>> -----Original Message-----
>> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
>> admin at lists.sourceforge.net] On Behalf Of James Riden
>> Sent: Thursday, March 03, 2005 11:44 AM
>> To: 'Snort Users Postings'
>> Subject: Re: [Snort-users] Sourcefire Tactics - New Licensing
>> "Peter J Manis" <pmanis at ...5068...> writes:
>>> I agree. This is sad. Essentially, what is happening here is
>>> taking the open out of the opensource. First the rules from
>>> Sourcefire, and now they are trying to take Bleeding Snort. I
>>> understand if Sourcefire is upset about a few individuals using
>>> their rules, but what business do they have attempting to take
>>> Bleeding Snort under their control? This is clearly a coorporation
>>> hoax to monopolize the development of Snort rules, first by
>>> licensing the Sourcefire rules, and now trying to get Bleeding Snort
>>> to abide by their licenses! Next will be Snort itself!
>> I suggest you ask for your money back.
>> This is not the end of the world; it's precisely what the GPL was
>> designed for. Anyone who wants to fork the current sourcecode and
>> rulebase may do so, and do their own development.
>> James Riden / j.riden at ...11179... / Systems Security Engineer
>> Information Technology Services, Massey University, NZ.
>> GPG public key available at: http://www.massey.ac.nz/~jriden/
>> SF email is sponsored by - The IT Product Guide
>> Read honest & candid reviews on hundreds of IT Products from real
>> Discover which products truly live up to the hype. Start reading now.
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> Snort-users list archive:
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real
> Discover which products truly live up to the hype. Start reading now.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Discover. Determine. Defend.
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
More information about the Snort-users