[Snort-users] [Snort-sigs] Cisco acquires Sourcefire ... should we be worried?

Gregory W. MacPherson greg at ...15873...
Tue Jul 23 14:19:04 EDT 2013

Yahoo says that there was a conference call this morning:


with instructions on how to replay the call. Perhaps the open source
issues are/were addressed on that?


On or about 2013.07.23 13:56:41 -0400, Bad Horse (b4dh0rs3 at ...11827...) said:

> What a crazy random happenstance! Today I see the news that Cisco is
> acquiring Sourcefire (
> http://www.cisco.com/web/about/ac49/ac0/ac1/ac259/sourcefire.html).  I know
> this will make the Sourcefire people a lot of money but honestly it makes
> me concerned.
> My primary worries center around the the traditional open source position
> of Snort and Sourcefire (although some have questioned the open source
> attitude of Sourcefire at times and I don't necessarily agree with them nor
> do I wish to bring up that argument here).  But what will happen to Snort?
> Cisco is extremely adroit at acquiring companies and leveraging them to
> push their company forward.  Progress via acquisition? Yes. But Cisco
> doesn't let the companies they buy just die, they use them to enhance their
> position in the marketplace.  So I say again, what will happen to Snort and
> the open source roots it grew from?
> Obviously, Cisco will use Snort IDS in their products; Cisco currently has
> an IDS offering which is weak and thus you have the Sourcefire buy.  So now
> we can expect to see Snort as an integrated module in Cisco firewalls,
> routers, and other networking equipment.
> But will Snort remain open source?  What will happen to the rulesets?  The
> mailing lists? Will the "community" that Joel has been trying to build be
> put out to pasture?
> I have to be honest ... today I just approved a purchase order for some
> major hardware that the team will be using to evaluate Suricata (
> http://suricata-ids.org/) and some other open source IDS/IPS solutions such
> as Bro (http://www.bro.org/).  I am also investigating ET Pro (
> http://www.emergingthreats.net/) as a source for high quality rulesets and
> scheduling some PoCs with high ranking managed security services (MSS)
> providers.  With the news about Cisco, the future of Snort is uncertain and
> I need to be prepared (or be prepared to pay Cisco prices in a year or two
> when they implement Snort which I'd rather not do if there are viable open
> source alternatives).
> I worry that Snort may become closed source in the near future and that
> progress on the IDS engine will stall during the acquisition period.
> Additionally, I fear that the vibrant Snort community will quickly dry up
> if everything becomes closed source and you have to "pay to play".
> Are my fears unfounded?  Or is Snort just going to get better?  I'd love to
> see a press release saying that Cisco is committed to keeping Snort open
> source although with a purchase price of $2.7B USD I'm not sure how much
> Sourcefire cares right now since they are lounging on all that cash :)
> -B4d H0rs3
>  The Thoroughbred of SYN

> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk

> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
> Please visit http://blog.snort.org for the latest news about Snort!

Gregory W. MacPherson, CISSP, Security+, ITIL, Etc.
Founder, IT Security Expert, Global Network Security Exploitation Specialist
"The role of a statesmen is to define clearly for a people the alternatives before them."

More information about the Snort-users mailing list