[Snort-users] v2.8.4 incorrect logging to MySQL

Martin Roesch roesch at ...1935...
Tue Apr 14 17:01:29 EDT 2009


You're certainly entitled to your perspective.  I'm going to keep
writing code and distributing it under open source licenses.

Marty


On Tue, Apr 14, 2009 at 4:36 PM, Loyal A Moses <loyalmoses at ...3027...> wrote:
>
> As I just said in an earlier mailing list response, it is open source
> until version 3.
>
> This is my original line of comments on the NEW direction Sourcefire
> was taking.
>
> http://archives.neohapsis.com/archives/snort/2007-07/0047.html
>
> The product itself is not at all the debate. Snort as a product is
> great, and I believe that Marty has done an excellent job developing
> the majority of what is quite obviously the worlds most widely used
> intrusion detection system.
>
> The argument on direction is one of open source vs. commercially
> owned. We've seen this a dozen or more times over.
>
> A little story...
>
> Jack is an open source buff who believes in free software for the
> world, so he builds and releases it GPL or equivalent. Then one day,
> he needs to feed his family from his open source fame, but doesn't
> have the rights to the software as he wants, because it was released
> open source and there are hundreds of contributors to the success of
> the application. So a simple little plan is hatched to slowly and ever
> so slightly change the licensing and take ownership of contributions
> and limit the use of these components, then create an all new version
> X that apparently is 100% written from the ground up with absolutely
> zero contributed code. Hmmmm...
>
> If you don't quite understand the little story, do read some of the
> older snort mailing list entries to get a feel for how every signature
> contributed or otherwise is now licensed by Sourcefire.
>
> As I said, they are going to do what they are going to do.
>
> On Apr 14, 2009, at 1:16 PM, Paul Schmehl wrote:
>
>> Sourcefire develops and provides snort, to the community, for free.
>> They do *not* develop ancilliary apps for free.  If you want a
>> coordinated, polished interface, you buy Sourcefire (as we have.)
>> If you want an open source build-your-own IDS, you install snort
>> *plus* whatever additional pieces you want.  It isn't Sourcefire's
>> responsibility to develop ancilliary tools for snort, although they
>> do some work in that area and encourage others to do it as well.
>>
>> As to your "we've seen it before" comment, I think you have to look
>> at the performance of Sourcefire since the company was established.
>> You would have to admit, then, that Marty has managed to sustain his
>> goal of continuous development of the open source product alongside
>> the proprietary one with a minimum of disruptions.  The only change
>> has been in the timing of rules releases, and that is a small price
>> to pay for such an accomplished product. Those rules are written by
>> Sourcefire engineers to serve their customers and provided to the
>> community free of charge, with a slight delay.
>>
>> I think that is commendable, and I thank Marty for his contributions
>> to the open source community and his sterling example of how to
>> maintain open source products while creating a commercially viable
>> company.
>>
>> Besides, you can always write your own rules or use emerging threats
>> and other sources for rules.
>>
>> As to whether it's smart to discuss development on a public list,
>> their source code is freely available.  It's kind of hard to hide
>> the direction of their development.
>>
>> --On Tuesday, April 14, 2009 14:35:33 -0500 Loyal A Moses <loyalmoses at ...846....3027...
>> > wrote:
>>
>>>
>>>
>>> Is Sourcefire limited on development skill or man power?
>>>
>>> It makes no sense at all to remove one of the most common facilities
>>> in use by snort users because it is "too complex".
>>>
>>> In the end, you'll do what you are going to do regardless of the
>>> community -- we've seen it before. But don't use "complexity" and
>>> "bugs" as the excuse.
>>>
>>> Sourcefire is a publicly traded company -- Is it smart to be taking
>>> votes on product development from a mailing list? I wouldn't think
>>> so.
>>>
>>> Loyal.
>>>
>>> On Apr 14, 2009, at 11:52 AM, Jason Brvenik wrote:
>>>
>>>> I have an ulterior motive and it is simple.
>>>>
>>>> Many of the bugs and issues over time with snort have been in output
>>>> plugins. Make one well supported, tested, unified method designed
>>>> for
>>>> best performance and while doing so it improves the supportability
>>>> and
>>>> maintainability of the code base.
>>>>
>>>> On Tue, Apr 14, 2009 at 2:39 PM, Loyal A Moses <loyalmoses at ...3027...>
>>>> wrote:
>>>>> My vote is to provide as many output options as possible, to help
>>>>> keep
>>>>> snort used as a tool.
>>>>>
>>>>> The argument of code complexity being a good reason to remove
>>>>> output
>>>>> facilities is only valid if the code is written poorly and not
>>>>> modular. This wheel doesn't need re-invented and this
>>>>> conversation is
>>>>> kind of silly, unless there is ulterior motives for actually
>>>>> wanting
>>>>> to remove this support.
>>>>>
>>>>> Loyal.
>>>>>
>>>>> ---------------------------------------------------------------------------
>>>>> --- This SF.net email is sponsored by:
>>>>> High Quality Requirements in a Collaborative Environment.
>>>>> Download a free trial of Rational Requirements Composer Now!
>>>>> http://p.sf.net/sfu/www-ibm-com
>>>>> _______________________________________________
>>>>> Snort-users mailing list
>>>>> Snort-users at lists.sourceforge.net
>>>>> Go to this URL to change user options or unsubscribe:
>>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>>> Snort-users list archive:
>>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> This SF.net email is sponsored by:
>>> High Quality Requirements in a Collaborative Environment.
>>> Download a free trial of Rational Requirements Composer Now!
>>> http://p.sf.net/sfu/www-ibm-com
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>>
>>
>> --
>> Paul Schmehl, Senior Infosec Analyst
>> As if it wasn't already obvious, my opinions
>> are my own and not those of my employer.
>> *******************************************
>> Check the headers before clicking on Reply.
>>
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> High Quality Requirements in a Collaborative Environment.
> Download a free trial of Rational Requirements Composer Now!
> http://p.sf.net/sfu/www-ibm-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source IDP - http://www.snort.org




More information about the Snort-users mailing list