[Snort-users] What's up with Snort's license?

Harry Hoffman hhoffman at ...10275...
Thu Jul 19 21:06:32 EDT 2007

This is the same argument that the Nessus people have had to deal with...

Ask Ron, how many companies simply take the nessus code and engine
re-brand it as their own and sell it. What have they contributed?

Usually it nothing, but they compete with the salaries that Tenable has to
pay their employees to keep nessus going.

Think that the signatures contributed do well? It make not be that
simple... even base Nessus and Snort sigs constantly provide false
positives. And that's quite a bit of them! It's not easy to do good
research, re-write rules as the product changes, and keep abreast of

I'd ask how much code has been contributed by people (who've been
eventually hired by Tenable/Sourcefire) then those who've contributed
signatures or rules. Maybe I'm wrong and it's quite a bit, but I'd guess
it more sigs then anything... and perhaps that where the licenses need to
be changed.

Most I{DP}Ss allow for writing custom rules. So, all of the OSS people
still have the option to write and contribute rules.

I'm all about free products and OSS but remember not everyone want to be a
consultant who promotes/supports OSS .

My $0.02 (and certainly not fully formed)

> I believe this has a lot less to do with GPL than is being lead to believe.
> Some thoughts on the Intellectual Property topic:
> Marty: "This is the most controversial provision of the
> clarifications that
> we put into the Snort 3.0 license."
> Oh you bet. This is most definitely the hottest topic.
> Marty: "By sending these changes to Sourcefire or one of the Sourcefire-
moderated mailing lists or forums, you are granting to Sourcefire, Inc.
> unlimited, perpetual, non-exclusive right to reuse, modify, and/or
> the code."
> You are between a rock and hard spot here. Your product is based on the
> works of dozens of contributors over the past several years while your
project was licensed
> as GPL.
> If you were not GPL, then you have the absolute right to make a
> license change at anytime,
> however you do not have the right to take ownership of user
> contributions which were made
> within the boundaries of the GPL license with that understanding.
> Marty: "we don't feel that contributing a 3-line patch to a 200k+ LOC
codebase means that the
> contributer has copyright claims over Snort "
> I don't think the community in general believes this at all either. What
they believe is they retain
> copyright over 'their' submitted contribution.
> Marty: " In the early years there were many people who contributed (in
any way) to Snort but over the
> years since Sourcefire was incorporated the total contribution by these
external contributers has
> decreased substantially. After that, Sourcefire developed more and more
of the code, especially
> the core functionality of the detection engine and preprocessors, not to
mention tons of the rules as well."
> Time has no relevance here. Copyright and ownership of intellectual
property does not disappear because
> a few years has passed. Even derivative works from copyrighted
> materials is a very gray area.
> Marty: "I have felt for a long time that we need to have a sense of
proportionality about this and we should
> also have the ability to be flexible with the code base in terms of
licensing without needing to approach
> every contributer individually to get sign-off on any changes that we
> Unfortunately, you chose a GPL license and it was understood at that
time by every contributing user that
> they were not just 'donating' their time, skill and efforts to your
pocket book, but to a project that was going
> to remain GPL to serve and support the industry in whole.
> Each contributor has a right to his source code, again unless is was
contributed under different conditions,
> however it wasn't, it was contributed under a GPL.
> Marty: "we need to be able to retain the right to offer it under our
commercial license."
> This is where the concerns come in, you now need this code for your
newly formulated business goals and
> are making modifications to your license to serve this purpose.
> However, you are going to be unable to
> simply take ownership of the source code without some very obvious legal
hurdles to overcome.
> Marry: "If you've got a problem with this, don't contribute the code to us"
> This was a rather harsh statement to make and really makes users of
snort take a step back and look at the
> over all situation.
> Great; from now on users should stop contributing any further source
code or signature content.
> Past contributors should take a full inventory of their contributions to
date, which were made under
> the GPL license, and if / when hi-jacked contributions or derivatives
from are discovered in future
> snort releases, users should seek after valid and compensating law suits.
> I don't believe contributing users should be expected to simply walk
away from their intellectual property
> to serve the business goals of a post-incident incorporated
> organization.
> Marty: " If all a vendor does is take and they don't give anything back
to anyone then let's call it what it is and
> say they're a vendor who's worried that they're going to actually have
to pay for something that you've been
> getting for free."
> I don't think the community has a problem here. It's the bait and switch
tactic that is causing concern.
> If you want it called how it is, then lets hear it. You (Sourcefire)
wants to break out of the GPL license once step
> at a time, by first taking copyright over all contributing
> intellectual property so future versions can be branded
> as commercially, fully owned by Sourcefire for the purpose of business.
> Marty: "It's Free as in 'Free Speech', not Free as in 'Free Money' people!"
> Here is where you are quite wrong.
> Lets compute this for a moment, and discuss the effects of linux under
the GPL. In this hypothetical scenario,
> Linus Torvalds decides that he is tired of the community making money
from his original project. Can he bait
> and switch now? Can he claim that it was 'Free Speech' and not 'Free
Money', and take complete ownership
> of all contributions?
> Marty: "true open source champions should be applauding us for our
> No comment.
> ---

More information about the Snort-users mailing list