Re: [Snort-users] What's up with Snort's license?
This is a discussion on Re: [Snort-users] What's up with Snort's license? within the Snort forums, part of the System Security and Security Related category; --===============0616732981== Content-Type: multipart/alternative; boundary="----=_Part_143179_14044725.1184909343970" ------=_Part_143179_14044725.1184909343970 Content-Type: text/plain; charset=ISO-8859-1; ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-20-2007
|
|||
|
|||
Re: [Snort-users] What's up with Snort's license?
--===============0616732981==
Content-Type: multipart/alternative; boundary="----=_Part_143179_14044725.1184909343970" ------=_Part_143179_14044725.1184909343970 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline On 7/19/07, Harry Hoffman <hhoffman@ip-solutions.net> wrote: > This is the same argument that the Nessus people have had to deal with... > > Ask Ron, how many companies simply take the nessus code and engine > re-brand it as their own and sell it. What have they contributed? What about the other side of the coin? One could argue that the proliferation of open source products like Nessus and Snort grows the user base, product popularity, and is a causal factor in the growth of these companies. Distribution and adoption *is* contribution. That's part of the benefit of open-source in general, and GPL specifically. > Usually it nothing, but they compete with the salaries that Tenable has to > pay their employees to keep nessus going. Does the open source community receive any of the IPO or acquisition money? Of course not, nor should they. Did the distribution and adoption of Nessus help Tenable's marketplace position? Most definitely. The open source model is a symbiotic relationship. What others are saying is respect the reciprocity. > Think that the signatures contributed do well? It make not be that > simple... even base Nessus and Snort sigs constantly provide false > positives. And that's quite a bit of them! It's not easy to do good > research, re-write rules as the product changes, and keep abreast of > things. The same can be said of SourceFire developed signatures (or any other commercial IDS). I can show you dozens of false positives that have never been fixed or deprecated. A key contribution of the community here is not just creation of signatures, but usage, adoption and in effect virtual QA. Research would be much more expensive if the feedback loop with the community to improve signatures and functionality did not exist. The irony here is because false positives by definition will always exist (because the completed universe of all states is impossible to know in the lab for the vast majority of sigs), this in turn creates opportunity for commercial vendors and consultants to add value. This creates a need that the community fills very well even if they never contributed a single signature. The feedback loop *is* contribution. > I'd ask how much code has been contributed by people (who've been > eventually hired by Tenable/Sourcefire) then those who've contributed > signatures or rules. Maybe I'm wrong and it's quite a bit, but I'd guess > it more sigs then anything... and perhaps that where the licenses need to > be changed. As mentioned above, source code contribution is just one consideration. To simplify the discussion, let's not talk about "fairness" or what constitutes "contribution" because some of that is subjective. Let's discuss only source code, licensing and the GPL. A few folks have argued about the proportionality of source code contribution. Unfortunately, proportionality is not an exemption to the GPL. The GPL explicitly stipulates that any use of the GPL code mandates "fair" exchange of source code. Many developers never use the GPL specifically because of this stipulation. Note that we're not just talking about trivial contributions to Snort, but some significant (even if "proportionally small") contributions. One could argue that without the umbrella of the GPL, these products may never have never been as rapidly developed nor as widely adopted. Remember that the benefits of GPL includes access to the entire GPL codebase. At project inception, you have a choice on whether to leverage this codebase and adhere to its stipulation or not. You have to assess whether leveraging GPL will give you a greater benefit than not. Serendipity and fairness have nothing to do with this decision. No one forces you to chose GPL vs. another license and that is the point here. > Most I{DP}Ss allow for writing custom rules. So, all of the OSS people > still have the option to write and contribute rules. Testing & discussion of rules will be much more difficult in a closed source environment. Imagine the difficulty in interpreting preprocessor rules and other inspection components without open source. The user community for collaborative rules development will evaporate very quickly and end-users will need to interact with commercial support or service providers. Just look at any widely used other commercial IDS to see this phenomena. > I'm all about free products and OSS but remember not everyone want to be a > consultant who promotes/supports OSS . I would add that "free" is not the only consideration by many on this list. Source code transparency, security, ease of integration, and control of your own destiny are also key considerations. Perhaps many of these "vilified" (sic) commercial vendors who use open source products with zero contribution would have chosen a different product if Snort was not under GPL. Multiply that decision times a thousand and who knows where the IDS market would stand today? In other words, I think "free" mis-characterizes the symbiosis between the open source community and the commercial owner. Tom ------=_Part_143179_14044725.1184909343970 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline <div><span class="gmail_quote">On 7/19/07, <b class="gmail_sendername">Harry Hoffman</b> <<a href="mailto:hhoffman@ip-solutions.net">hhoffman@ip-solutions.net</a>> wrote:</span></div> <div><span class="gmail_quote">> This is the same argument that the Nessus people have had to deal with...<br>> <br>> Ask Ron, how many companies simply take the nessus code and engine<br>> re-brand it as their own and sell it. What have they contributed? <br> <br>What about the other side of the coin? One could argue that the proliferation of open source products like Nessus and Snort grows the user base, product popularity, and is a causal factor in the growth of these companies. </span></div> <div> <p>Distribution and adoption *is* contribution. That's part of the benefit of open-source in general, and GPL specifically.</p> <p>> Usually it nothing, but they compete with the salaries that Tenable has to<br>> pay their employees to keep nessus going.</p> <p>Does the open source community receive any of the IPO or acquisition money? Of course not, nor should they. Did the distribution and adoption of Nessus help Tenable's marketplace position? Most definitely. The open source model is a symbiotic relationship. What others are saying is respect the reciprocity. </p> <p>> Think that the signatures contributed do well? It make not be that<br>> simple... even base Nessus and Snort sigs constantly provide false<br>> positives. And that's quite a bit of them! It's not easy to do good <br>> research, re-write rules as the product changes, and keep abreast of<br>> things.</p> <p>The same can be said of SourceFire developed signatures (or any other commercial IDS). I can show you dozens of false positives that have never been fixed or deprecated. A key contribution of the community here is not just creation of signatures, but usage, adoption and in effect virtual QA. Research would be much more expensive if the feedback loop with the community to improve signatures and functionality did not exist. The irony here is because false positives by definition will always exist (because the completed universe of all states is impossible to know in the lab for the vast majority of sigs), this in turn creates opportunity for commercial vendors and consultants to add value. This creates a need that the community fills very well even if they never contributed a single signature. The feedback loop *is* contribution. </p> <div>> I'd ask how much code has been contributed by people (who've been<br>> eventually hired by Tenable/Sourcefire) then those who've contributed<br>> signatures or rules. Maybe I'm wrong and it's quite a bit, but I'd guess <br>> it more sigs then anything... and perhaps that where the licenses need to<br>> be changed.</div> <div><br>As mentioned above, source code contribution is just one consideration. To simplify the discussion, let's not talk about "fairness" or what constitutes "contribution" because some of that is subjective. </div> <div> </div> <div>Let's discuss only source code, licensing and the GPL. A few folks have argued about the proportionality of source code contribution. Unfortunately, proportionality is not an exemption to the GPL. The GPL explicitly stipulates that any use of the GPL code mandates "fair" exchange of source code. Many developers never use the GPL specifically because of this stipulation. Note that we're not just talking about trivial contributions to Snort, but some significant (even if "proportionally small") contributions. </div> <div> </div> <div> <div>One could argue that without the umbrella of the GPL, these products may never have never been as rapidly developed nor as widely adopted. Remember that the benefits of GPL includes access to the entire GPL codebase. At project inception, you have a choice on whether to leverage this codebase and adhere to its stipulation or not. You have to assess whether leveraging GPL will give you a greater benefit than not. Serendipity and fairness have nothing to do with this decision. No one forces you to chose GPL vs. another license and that is the point here. </div></div> <div> </div> <div>> Most I{DP}Ss allow for writing custom rules. So, all of the OSS people<br>> still have the option to write and contribute rules.<br> </div> <div>Testing & discussion of rules will be much more difficult in a closed source environment. Imagine the difficulty in interpreting preprocessor rules and other inspection components without open source. The user community for collaborative rules development will evaporate very quickly and end-users will need to interact with commercial support or service providers. Just look at any widely used other commercial IDS to see this phenomena. </div> <div> <br>> I'm all about free products and OSS but remember not everyone want to be a<br>> consultant who promotes/supports OSS .</div> <p>I would add that "free" is not the only consideration by many on this list. Source code transparency, security, ease of integration, and control of your own destiny are also key considerations. Perhaps many of these "vilified" (sic) commercial vendors who use open source products with zero contribution would have chosen a different product if Snort was not under GPL. Multiply that decision times a thousand and who knows where the IDS market would stand today? In other words, I think "free" mis-characterizes the symbiosis between the open source community and the commercial owner. </p> <div>Tom</div></div> ------=_Part_143179_14044725.1184909343970-- --===============0616732981== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ --===============0616732981== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users --===============0616732981==-- 
|
Linear Mode
