[Snort-users] What's up with Snort's license?

Tom Le dottom at ...11827...
Fri Jul 20 01:29:03 EDT 2007

On 7/19/07, Harry Hoffman <hhoffman at ...10275...> wrote:
> This is the same argument that the Nessus people have had to deal with...
> Ask Ron, how many companies simply take the nessus code and engine
> re-brand it as their own and sell it. What have they contributed?

What about the other side of the coin?  One could argue that the
proliferation of open source products like Nessus and Snort grows the user
base, product popularity, and is a causal factor in the growth of these

Distribution and adoption *is* contribution.  That's part of the benefit of
open-source in general, and GPL specifically.

> Usually it nothing, but they compete with the salaries that Tenable has to
> pay their employees to keep nessus going.

Does the open source community receive any of the IPO or acquisition money?
Of course not, nor should they.  Did the distribution and adoption of Nessus
help Tenable's marketplace position?  Most definitely.  The open source
model is a symbiotic relationship.  What others are saying is respect the

> Think that the signatures contributed do well? It make not be that
> simple... even base Nessus and Snort sigs constantly provide false
> positives. And that's quite a bit of them! It's not easy to do good
> research, re-write rules as the product changes, and keep abreast of
> things.

The same can be said of SourceFire developed signatures (or any other
commercial IDS).  I can show you dozens of false positives that have never
been fixed or deprecated.  A key contribution of the community here is not
just creation of signatures, but usage, adoption and in effect virtual QA.
Research would be much more expensive if the feedback loop with the
community to improve signatures and functionality did not exist.  The irony
here is because false positives by definition will always exist (because the
completed universe of all states is impossible to know in the lab for the
vast majority of sigs), this in turn creates opportunity for commercial
vendors and consultants to add value.  This creates a need that the
community fills very well even if they never contributed a single
signature.  The feedback loop *is* contribution.
> I'd ask how much code has been contributed by people (who've been
> eventually hired by Tenable/Sourcefire) then those who've contributed
> signatures or rules. Maybe I'm wrong and it's quite a bit, but I'd guess
> it more sigs then anything... and perhaps that where the licenses need to
> be changed.

As mentioned above, source code contribution is just one consideration.  To
simplify the discussion, let's not talk about "fairness" or what constitutes
"contribution" because some of that is subjective.

Let's discuss only source code, licensing and the GPL.  A few folks have
argued about the proportionality of source code contribution.
Unfortunately, proportionality is not an exemption to the GPL.  The GPL
explicitly stipulates that any use of the GPL code mandates "fair" exchange
of source code.  Many developers never use the GPL specifically because of
this stipulation.  Note that we're not just talking about trivial
contributions to Snort, but some significant (even if "proportionally
small") contributions.

 One could argue that without the umbrella of the GPL, these products may
never have never been as rapidly developed nor as widely adopted.  Remember
that the benefits of GPL includes access to the entire GPL codebase.  At
project inception, you have a choice on whether to leverage this codebase
and adhere to its stipulation or not.  You have to assess whether leveraging
GPL will give you a greater benefit than not.  Serendipity and fairness have
nothing to do with this decision.  No one forces you to chose GPL
vs. another license and that is the point here.

> Most I{DP}Ss allow for writing custom rules. So, all of the OSS people
> still have the option to write and contribute rules.

Testing & discussion of rules will be much more difficult in a closed source
environment.  Imagine the difficulty in interpreting preprocessor rules and
other inspection components without open source.  The user community for
collaborative rules development will evaporate very quickly and end-users
will need to interact with commercial support or service providers.  Just
look at any widely used other commercial IDS to see this phenomena.

> I'm all about free products and OSS but remember not everyone want to be a
> consultant who promotes/supports OSS .

I would add that "free" is not the only consideration by many on this list.
Source code transparency, security, ease of integration, and control of your
own destiny are also key considerations.  Perhaps many of these "vilified"
(sic) commercial vendors who use open source products with zero contribution
would have chosen a different product if Snort was not under GPL.  Multiply
that decision times a thousand and who knows where the IDS market would
stand today?  In other words, I think "free" mis-characterizes the
symbiosis between the open source community and the commercial owner.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20070719/108a7915/attachment.html>

More information about the Snort-users mailing list