Snort License Change
Results 1 to 5 of 5

Thread: Snort License Change

  1. #1
    Senior Member
    Join Date
    Jun 2003
    Posts
    236

    Snort License Change

    Marty Roesch the founder of snort wrote to the mailing list today. Apparently rules developed at sourcefire will no longer be GPL. I hope this does not include the snort-sigs mailing list. It s funny cuz I personally have developed a large number of rules and seen other people take my rules make revision and submit them, I have never cared since I always felt it was for the good of the community. But I guess Im not a business trying to make money. I wonder how many of my rules sourcefire will sell and if Ill get any $$$.

    Just a heads up for all the snort users. Now if you want 0-day protection I guess youll have to pay for it.I wonder if this is the beginning of the end for the open source project. Or if its gonna branch off the way linux did with all the linux vendors now.
    That which does not kill me makes me stronger -- Friedrich Nietzche

  2. #2
    Senior Member
    Join Date
    Jun 2003
    Posts
    236
    It looks like sourcefire is now trying to buy out Bleeding Snort
    (http://www.bleedingsnort.com/) . I guess the are trying to monopolize all the good rules out there.
    I cant really link the article since this is all comes from the snort-user mailing list.

    I dont get it bleeding snort has always been a community driven site. If sourcefire is gonna buy them out then charge you for the rules why would anyone even submit rules anymore.

    This just really seems like a way to close down an open source project.
    That which does not kill me makes me stronger -- Friedrich Nietzche

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Angel:

    What you are saying is not entirely true. Sourcefire is concerned about the companies that use Sourcefire's Snort rules in products that they then sell to their clients. Yes, the implication is that they will make us poor schleps wait 5 days for the "official" rulesets but then Bleeding Snort will fill that gap as it often does anyway. Matt, (Jonkman) is committed to the openness and community involvement of the Bleeding Snort and Sourcefire would be stupid to think that they would get any of the community involvement if they were "stealing" the rules. Besides, take away Bleeding Snort and another one will raise it's head..... I use Bleeding Snort a lot, report FP's and revision suggestions quite often.... I'd be all for a new "Really Bleeding Snort"...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Senior Member
    Join Date
    Jun 2003
    Posts
    236
    Well I guess what Im not getting is that the majority of rules currently in use came from the snort-sigs mailing list. Community supported and developed and revised rules. Also probably like many people did I submitted documentation for rules when I wanted my T-Shirt I remember when they asked the community to do this there was maybe 10% of the rules documented. And now they have lots of documentation thanks to the nsort community. Im not sure which rules were made by the VRT but rules not developed at the community usually start at whitehats.

    5 days just seems like a long time to get rules. I mean a 0-day comes out and 5 days later you can bet there could have been lots of attacks around your network and you will have never known. I think Symantec tried to do this a while back and have a group of people who paid more and got the updates faster. This got a lot of negative feedback and eventually sunk.

    Ah well I guess time will only tell. Maybe this will be a blessing and many 'Bleeding Sites' will pop up.
    Maybe Ill add snort rule development to my site and only release the rules I make there. and I can put a paypal donation. (hmm the I think the mouse is starting to run agian on the wheel in my head)
    That which does not kill me makes me stronger -- Friedrich Nietzche

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    The Bleeding Snort list is usually the list that gets the new rules quickest recently. They aren't as "polished" as the official Snort.org rules but they work as long as they don't cause too many FP's.

    I don't see this licensing thing as an issue really. It won't detrimentally affect the Bleeding Snort list to any great extent and if it were to then that functionaility would probably shift to the snort-sigs anyway.

    If it does all go to heel in a handbag it's a great excuse to polish up that rule writing skill and pcre that gets so forgotten because the other resources are usually right up to speed...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •