funsec mailing list archives
Re: SourceFire buys ClamAV
From: Jordan Wiens <numatrix () ufl edu>
Date: Fri, 17 Aug 2007 19:13:48 -0400
I realized my summary of the question and response wasn't quite as clear as it could have been. I asked:
"The licensing for signatures -- are there plans to take the clamav signatures a similar route you've taken the snort signatures in terms of seperate feeds, one from sourcefire, one from the community"
The answer:"We do not intend to do that, as a matter of fact fact we've committed to the team [ClamAV team, presumably?] to leave the licensing model for the malware database exactly as it is today."
I heard that as they're not planning on having any future split licensing model (since that's explicitly what my question asked), but you're right, they could of course always change their mind.
Marty has explicitly said time after time that he's no desire to go the Nessus3 route with Snort. It is interesting to see the new clarifications to the preamble and the dual-licensing in the future, but Fyodor's been doing that for years with NMap and there hasn't been nearly the same reaction. That appears to be their mechanism to still write and use GPL software and not totally change the license like Tenable did, but still prevent the situation where they're competing against their own code as other companies integrate it (unless those companies products were entirely GPL!).
-- Jordan Wiens, CISSP UF Network Security Engineer (352)392-2061 On Aug 17, 2007, at 1:24 PM, C Q wrote:
They will find a way around this promise... Sure they might leave the existing database "as is", but then they'll slowly start introducing additional/enhanced signatures under their license. And then the next thing you know a significant number of signatures are "special" that you no longer can use anyway you want, etc... It's a bit easier with IDSes to have alternative signatures... because there's just not as many new threats where with viruses there's a constant flow of new ones and if you start fragmenting the signature creation effort the quality and the coverage will suffer. And because their "special"/tested/quality/whatever signatures have the commercial backing and the necessary resources the users will be slowly encouraged to use them :-) And that's not all... the future holds even more changes... just like what happened with Nessus 3. As the top open source projects gain popularity and especially commercial success their owner will be financially motivated to lockdown their data files (signatures, etc) and then the source code to prevent other commercial entities from capitalizing on the use of the same software. The guys with the pockets full of money will demand it to avoid dealing with competitors that are using the same technology to make bigger profits... Nessus 3 was the first big open source project, now it's MySql with their enterprise database server (RedHat doesn't really count with their ES because they don't own the kernel, so they couldn't close it).On 8/17/07, Jordan Wiens <numatrix () ufl edu> wrote: I actually asked that question on their investor call this morning.They said as a part of the acquisition they pledged to leave the malware database and signatures under the same license they're under now. Besides, I'm sure the bleeding threats guys or someone else would fill in the void for truely open source signatures. In fact, who says you need VRT sigs now to be "properly" protected? There's plenty of other sources of quality signatures. What is interesting is that part of the goal is to produce a "clean" codebase, I assume to be "untained" by pesky contributions so that they can dual-license the product. The goal for that was about a year from now. At least they're not just arbitrarily changing the license without getting permission from contributers this time (sorry, Marty!). -- Jordan Wiens, CISSP UF Network Security Engineer (352)392-2061 On Aug 17, 2007, at 10:46 AM, C Q wrote: > Anybody feels like placing bets on how > long it's going to take SourceFire to pull > the same trick with ClamAV signatures > they pulled with Snort signatures where > you'll need to "conveniently" license > the signatures from SourceFire to have > the latest ones to be properly protected :-) > > The engine source code will be useless > if you don't have the very latest AV sigs... _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- SourceFire buys ClamAV C Q (Aug 17)
- Re: SourceFire buys ClamAV Jordan Wiens (Aug 17)
- Re: SourceFire buys ClamAV C Q (Aug 17)
- Re: SourceFire buys ClamAV Dude VanWinkle (Aug 17)
- Re: SourceFire buys ClamAV Jordan Wiens (Aug 17)
- Re: SourceFire buys ClamAV C Q (Aug 17)
- Re: SourceFire buys ClamAV Blue Boar (Aug 17)
- Re: SourceFire buys ClamAV C Q (Aug 17)
- Re: SourceFire buys ClamAV Dude VanWinkle (Aug 18)
- Re: SourceFire buys ClamAV C Q (Aug 17)
- Re: SourceFire buys ClamAV Jordan Wiens (Aug 17)