[Snort-users] Vendor Disclosure and plugging

Joel Esler jesler at ...1935...
Wed Mar 6 16:45:03 EST 2013


I've received several complaints of late about various vendors plugging their wares on list.  As many of you know, this is generally frowned upon, and I receive complaints as soon as you do it in my inbox.

I have to write this email every couple of years, and it looks to be about that time.  

We have had issues with another vendor doing this a couple years ago, and everyone piled into them rather harshly, and I'd rather nip this in the butt now.

As a reminder.  If you are talking about a product that you make, that is commercial, you need to fully disclose that you work on it, work for the company that makes it, etc.  This is a list for Snort discussion and any of the tools that surround it.   Tools that are free are always up for discussion, that's completely fine.  The line is crossed when you start talking about "for pay" stuff.   You wanna talk about Snort inside of Security Onion, totally fine.  Doug dedicates his time to providing a free tool which is awesome.  You wanna talk about Snorby (the free version) on list, (as an example, I'm not picking on Dustin).  This is an Open Source list about an Open Source tool and an Open Source ecosystem.

The list etiquette needs to be something along the lines of:

User - "I have problem blah"
Vendor - <thinks to himself> My product can solve that problem, I should write them on list!:

"Hey User!  Snort's feature set can solve that problem in "x" way.  This is how you'd do it in Snort, <reference section of the manual>  If you aren't interested in manually maintaining X, I'm employed at blah and we make "yaddayadda".  If you are interested, please contact me off list.

That discusses the problem, how Snort solves it, or could solve it (so you've contributed back to the community), and that leaves it up to the User to discuss with you off list, it also fully discloses who you work for, and everyone is fully aware of the feature now.  

This is as close to crossing the line as we can get.  I literally could answer every email with "Sourcefire blahblahblah"  But all Sourcefire employees that belong to these Snort lists are made aware they are not allowed to do that.  If there is any question about the response they are going to give, they ask me off list before they do it.  We are very careful about not plugging on-list because we don't want to be that guy.  We've had to kick that guy off the list before.  

Don't be that guy.

Please do not hesitate to contact me on or off list.  (In the spirit of openness, please feel free to write me on-list publicly so everyone can see the response), but as anyone of you knows that have emailed me off list, I'll answer you :)

Like I said, I'm not coming down on anyone, I just see where this is going, and I'd rather nip it now.  If we need to create a mailing list just for products surrounding Snort and people can subscribe to it, opt-ing in, as it were, we can do that.

Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130306/e16d15d9/attachment.html>

More information about the Snort-users mailing list