[Snort-users] rules downloads and

Matt Kettler mkettler at ...4108...
Tue Sep 19 13:47:58 EDT 2006

SN ORT wrote:

> Oh well, since you know Marty so well, you're like
> close friends now, maybe you can explain why people
> now have to pay for the latest sigs?

Erm, you only have to pay to get the latest signatures that SourceFire developed
internally. All the community-developed rules are not delayed, nor for pay.

Also previously these SourceFire signatures were not available on a early basis
to normal snort users at all, only users of the commercial sourcefire boxes
could get them early. Snort users had to wait. This is the way been. SF made no
secrets about it, and I do recall it being mentioned several times on the list
that they updated their commercial subscribers first, then made their releases
to the snort userbase later. This is all long before the for-pay option existed.

So while this looks like SF is taking something away to gain a profit, they're
really offering something they never offered before. It's a way for the free
product users to step up to the same level of rule updates as the commercial
product, but with reduced cost (and none of the other commercial product
features like RNA).

Personally, I like it, and think it's a good way for SF to get money to continue
to feed their rule research team.

> I'm not faulting people for
> trying to make a buck, I'm just saying it's a bit
> foolish to rely soley on a free product to protect
> your network and expect it to remain free and last
> forever.
> Open source is a Godsend, but let's be realistic:
> another reason to make a great open-source product is
> to build confidence, reputation, and then start making
> the big $$$$$! This is a natural progression of
> things, and sooner or later programmers have to make
> money.

While there's some truth in what you say, there's also a lot of fallacy in it.
Many free products do have a lot of potential to last forever. These are mostly
tools where the developer needs the tool help them in their normal for-pay job.

Tools like tcpdump/Ethreal will probably always have developers contributing to
it for free, because many developers working on other network technologies rely
on it, and often find/fix bugs in it as a side-effect of doing other for-pay work.

Now I'd agree, snort may not fall into this, but it's a pure fallacy to think
this can't ever happen to any software tool. It can, and does.

More information about the Snort-users mailing list