RE: [Snort-users] Demarc Certified Open Signatures
This is a discussion on RE: [Snort-users] Demarc Certified Open Signatures within the Snort forums, part of the System Security and Security Related category; Michael, I Agree. This is only the beginning. Three or so years ago a = good friend, Jed Pickel posted to ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-03-2005
|
|||
|
|||
RE: [Snort-users] Demarc Certified Open Signatures
Michael, I Agree. This is only the beginning. Three or so years ago a =
good friend, Jed Pickel posted to this list when Martin announced the = creation of Sourcefire. He called it and said stuff like this would happen and was flamed for it. I think he deserves accolades for standing up and saying something because he ended up being right after all. This is only the beginning, indeed. I think its na=EFve to think that = Roesche has any more control over there at Sourcefire as to what happens with = the Snort project, which is under the control of copyrights and trademarks = by Sourcefire, Inc. He has brought in so much VC money that I'd be = surprised if he is a majority shareholder anymore at that company -- its near = impossible. The fate of the Snort project is in the hands and control of the Board = of Directors at Sourcefire and it's VC's -- not snort.org. Hell, its even hosted by Sourcefire. [snort.org] NS1.SOURCEFIRE.COM 12.4.213.2 =20 NS2.SOURCEFIRE.COM 199.107.65.180 IMHO this is a very poor move by Sourcefire. I've spoken to a lot of organizations about this over the past week (as we received a letter = from Sourcefire announcing this way before this announcement) who laughed at = the very thought of paying for Signatures simply so they can get it when = they are immediately released. Wait 5 days and you get those signatures. If = they actually get ANY organizations who are willing to pay for this = subscription, the number of companies willing to pay for it will be far exceeded by = the number of people they've upset. Do the math Sourcefire. They've done nothing except give themselves a black eye. My look in to the future: Projects like the Bleeding Edge will pop up = all over the place offering a safe haven for Snort rule creation and distribution. The beautiful thing about Snort signatures is anyone can = make them. When a new 0day exploit or worm comes out, their will be a race between all these projects as to who can get the best signature out and = who can do it the fastest. If you get enough people together, more rules can = be developed and can be developed much faster than Sourcefire. I also see other open source IDS projects starting, IDS' like Firestorm, Prelude, etc. that use the Snort signature syntax we're already all = familiar with.=20 Best Regards, Eric Hines, GCIA, CISSP CEO, President, Chairman Applied Watch Technologies, LLC 1134 N. Main St. Algonquin, IL 60102 Tel: (877) 262-7593 x327 Fax: (877) 262-7593 Web: http://www.appliedwatch.com =20 -----Original Message----- From: snort-users-admin@lists.sourceforge.net [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Michael = Steele Sent: Wednesday, March 02, 2005 6:05 PM To: 'Snort Users Postings' Subject: RE: [Snort-users] Demarc Certified Open Signatures Remember this one thing; If not for the dedication of pre-Sourcefire contributions from others, Snort would not be where it is today, and = this goes for Sourcefire. This is only the beginning. Does it seem inconceivable that in the = future Snort builds might be treated the same as the rules are. If it's OK to = do this with the rules, then where does it stop... Kindest regards, Michael... WINSNORT.com Management Team Member --=20 Pick up your FREE Windows or UNIX Snort installation guides =20 mailto:support@winsnort.com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org > -----Original Message----- > From: snort-users-admin@lists.sourceforge.net [mailto:snort-users-=20 > admin@lists.sourceforge.net] On Behalf Of Bob Konigsberg > Sent: Wednesday, March 02, 2005 2:31 PM > To: 'Bamm Visscher'; 'Demarc Security' > Cc: snort-users@lists.sourceforge.net > Subject: RE: [Snort-users] Demarc Certified Open Signatures >=20 > I don't think that's the key point here. This has already happened=20 > with Nessus and Snort - that is, people are making money off of their=20 > open source work, and not giving credit OR cash back to the=20 > developers. >=20 > It's kind of sad where a few folks spoil it, but both organizations=20 > are trying hard to stick to their roots - while getting what's due = them. >=20 > Bob >=20 > -----Original Message----- > From: snort-users-admin@lists.sourceforge.net > [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Bamm=20 > Visscher > Sent: Wednesday, March 02, 2005 2:19 PM > To: Demarc Security > Cc: snort-users@lists.sourceforge.net > Subject: Re: [Snort-users] Demarc Certified Open Signatures >=20 > Shouldn't a reputable company, who is supposedly committed to the=20 > opensource community ensure that the copyright notices for the rules=20 > files stay intact? >=20 > Bammkkkk >=20 > On Wed, 2 Mar 2005 10:09:11 -0800 (PST), Demarc Security=20 > <snort_ml@demarc.org> wrote: > > > > > > Since our inception in 2001, Demarc has been committed to promoting=20 > > secure Internet use by providing free versions of our products for=20 > > users > at home. > > We believe that because we use Open Source technology such as Linux=20 > > and Snort, that we should give back to the security community as a=20 > > whole. We have continued to fulfill this commitment, most recently=20 > > with the release of our Sentarus HomeAdmin Edition, which allows=20 > > people to deploy some of our latest security technology in their=20 > > home > lab > environments at no cost. > > > > In addition to our Sentarus and PureSecure products, our customers=20 > > have also benefited from the expertise of our Threat Research Team=20 > > which has, to date, been tasked with verifying rule stream updates=20 > > and educating customers on the detailed workings of Snort=20 > > technology. In light of some upcoming changes, we're now expanding=20 > > our research team and formally announcing our new "Certified Open Signatures" program. > > Our Certified Open Signatures program, which will be universally=20 > > available to the entire community, is founded on these two = principles: > > > > 1) Like the Snort program itself, the latest rule signatures = should > > always be available for free because strong computer and = network > > security are in everyone's best interests. > > > > 2) The best way for a company to serve a community project is = to > > remain true to the original goals of that project and = refrain > > from charging for vital components that have always been > > community-driven and free. > > > > We make this announcement now, as we have recently received notice=20 > > from Sourcefire that, as of next week, early access to all future=20 > > Snort signatures they create will be based on a subscription model. > > > > The Sourcefire license changes as they were presented to us are: > > > > - All rule updates will be a minimum of five days older than = those > > Sourcefire sells to their customers, and you will be required = to > > register to receive them or to wait for the next major Snort > > release. > > > > - To receive the latest rules any sooner, you will have to pay > > Sourcefire a rule subscription fee. > > > > We sincerely respect the efforts of the Sourcefire Snort development = > > group along with the numerous others who created the base technology = > > and rulesets that have made Snort a household name in the security=20 > > community. However, one of the greatest benefits of using Snort is=20 > > the community review process which will now be subject to an imposed > arbitrary delay. > > > > At Demarc, our commitment to the security community is simple: > > > > - Demarc will maintain http://snort.demarc.com/ as a community > portal > > for Snort signatures and Snort-based technology. (This site = is > > meant to augment and not replace snort.org or the snort-sigs > > mailing list.) > > > > - Demarc will produce and revise rules, as well as collaborate = with > > active groups to bring together the best rules from all = community > > sources. User sites such as Bleeding Snort have been at the > > forefront of new signature development and we view these = groups' > > contributions as invaluable. Our goal is to work with these > > groups and to serve as the trusted source for certified, > > production level rulesets. > > > > - Demarc's Threat Research Team will continue to provide the = latest > > cutting-edge and Demarc Certified rules, making them = immediately > > available for public download and contribution. > > > > - Demarc will not charge for the download, use, or modification = of > > rules hosted on this site. > > > > Our community portal at http://snort.demarc.com/ will continually=20 > > evolve over the next several weeks to offer more features, including = > > direct user interaction. Our community portal will also become the=20 > > new home for the SPADE statistical packet anomaly detection project=20 > > and SnortSnarf, two projects originally managed by SiliconDefense=20 > > and > subsequently transferred to Demarc. > > > > We welcome your support on these projects through signature review=20 > > and submissions, and, as with all community projects, your feedback=20 > > is always welcome to help make it better. > > > > Sincerely, > > > > Ashlyn Reznik > > Demarc Threat Research Team > > Email: areznik@demarc.com > > http://www.demarc.com/products/ > > >=20 >=20 > -- > sguil - The Analyst Console for NSM > http://sguil.sf.net >=20 >=20 > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide Read honest & candid=20 > reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=3D6595&al...396&op=3Dclick > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...=3Dsnort-users >=20 >=20 >=20 >=20 >=20 > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide Read honest & candid=20 > reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=3D6595&al...396&op=3Dclick > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...=3Dsnort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid = reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=3D6595&al...396&op=3Dclick _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...=3Dsnort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
