bwalder at ...1926...
Tue Mar 8 00:04:15 EST 2005
Matt makes some excellent points.
Sourcefire has put a lot of resource behind cleaning up the Snort rules and,
in all honesty, I doubt that ANY other commercial organisation would be
prepared to give those rules away for free at all - go on, ask the other
major IDS/IPS vendors if you can have access to their signature libraries,
even 5 days after they have released them to their paying customers. They
would laugh in your face.
The community rules continue to be free and freely available. That is all
you can realistically expect for what you are "paying" for Snort. As someone
else said in this forum recently, if you are upset about this latest
announcement, you should ask for your money back....
It would not surprise or upset me if Sourcefire eventually decided to keep
its VRT rule set to itself - that is what other vendors do right now. Why
SHOULD they give their work away for free? Before you flame me for that,
please note that I am ONLY talking about their own rules here, developed in
house, NOT the open source elements of Snort.
For the moment, Marty and Sourcefire continue to be overly generous IMHO
The NSS Group
On 8/3/05 2:03 am, "Matt Kettler" <mkettler at ...4108...> wrote:
> At 06:07 PM 3/7/2005, Rowland, Krisa W ERDC-ITL-MS Contractor wrote:
>> Ok. I know I haven¹t read all the hoopla and complaining about this new
>> licensing but this means that if we want the VRT rules we have to
>> pay? Sorry for being slow
> Only if you want them as fast as the normal Sourcefire customers get them,
> or if you want to rebundle them in a commercial product.
> See Marty's post with Message ID:
> 45cfecfcfb7c474d58e180f5d9344bcd at ...1935...
> AFAIK the VRT rules have always been available to SF customers before the
> OSS side gets them. Fresher updates from VRT has been a selling point of SF
> boxes for years. Now you can opt to subscribe to the faster updates for a
> fee without having to buy a SF box.. Sounds good to me.
> As for the rebundlers, well, I'd hate to compete with someone who's simply
> sponging all my resources for free... They're also still free to use all
> the snort code, even SF's contributions to the snort code, and the
> community/bleeding rules in their commercial products.
> I think they're being quite reasonable, as the changes only apply to the
> VRT rules. I'm pleased they're willing to give us their VRT rules for free
> at all.
> Of course, if they ever did anything as unlikely as to try to subvert the
> code, I'd show up on their doorstep to deliver a letter berating them for
> the act, but I doubt Marty and co. will ever do such a thing. SF may not be
> perfect people, but they seem to be Good People, and their continued
> contributions to a free Snort are solid evidence of that.
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users