Snort mailing list archives
Re: Sourcefire Tactics - New Licensing
From: Martin Roesch <roesch () sourcefire com>
Date: Fri, 4 Mar 2005 13:55:33 -0500
Michael,First off, Sourcefire won't be forking a codebase that it owns. We continue to support the community and devote resources to the project far beyond what any other commercial entity has done.
From Snort's beginnings in 1998 and then from when I founded Sourcefire in 2001 until the spring of 2002, I was the primary developer of Snort (at Sourcefire too). I wrote stream4, frag2, spo_unified, spp_telnet_negotiation, spp_http_decode, spp_minfrag and spp_bo. I also wrote the fast, full, syslog, null, and tcpdump output mechanisms. I also wrote the main decoders in Snort (ethernet, arp, vlan, ip, tcp, udp, icmp). I also wrote most of the detection plugins that form the rules language keywords in Snort originally (20 out of 29 of them in 2.3), although some of them have seen extensive work by Sourcefire. I wrote Snort's detection engine. I wrote the output interfaces. I wrote the parsing and config subsystem. More recently I have written frag3 as well as some other significant pieces of code that are in the pipeline right now.
I also spent night after night after night writing docs, fixing bugs, evaluating patches and answering email, on the order of 3000 emails from me in the archives if you'll take a look over the course of 1999-2002. I had no funding and pretty weak computers. I had a day job and I was spending all my free time working on it (just ask my wife). I find that I really resent your assertion that this project would have gone nowhere without a massive influx of code from outside contributers, I think I managed to do a lot of good work and that the code that's still in there today has stood the test of time. Fyodor Yarochkin was a big contributer in those days, if he's still around here maybe he could comment on my level of effort.
People at Sourcefire like Marc Norton, Dan Roelker, Steve Sturgis, Andy Mullican, Jeremy Hewlett, Andrew Baker, Chris Green and Brian Caswell (to mention a few) have done a tremendous amount of work and modified and improved a lot of this code as well as extended Snort so that we can do cool stuff like make it hit gigabit+ per second performance marks and have stateful rules.
Sourcefire isn't a nameless, faceless corporate entity that's out there working hard to screw people, Sourcefire is *my* company. Contrary to the beliefs of some, the investors don't run this place, guys like Wayne and I do. We made the decision to go down this route as a management team, I was fully on board with it and we spent a great deal of time figuring out a licensing scheme that was fair to us and the community as well as the commercial entities that were profiting from our R&D (like your company, for example).
Generating FUD about a licensing change for which you have very little information at this point isn't helping anyone. Corporate entities who want to profit from Sourcefire's research team should not be surprised when Sourcefire as a company decides that there should be some fairness in the relationship. The Snort.org VRT subscription dollars and money from commercial redistribution license will go back into the VRT so that we can improve the service, the more successful this program is the more everyone participating in it will gain from it.
Sourcefire isn't asking you to pay for code, it's not even asking you to pay for rules, what we're saying is that if you are a company that's profiting directly from the quality and timliness of the rules that are generated by the VRT that you contribute back to that from which you benefit. The rules that are under the GPL today will remain under the GPL, so you're not being constrained there. The community rules from the users will remain under the GPL or alternative licenses that the individual authors may propose. The rules that Sourcefire develops at a cost of millions of dollars per year will be available to end users *for free* if they so desire, but for corporations that are taking and giving nothing in return, we ask that they be willing to pay for ongoing access to Sourcefire's brains and resources.
-Marty On Mar 4, 2005, at 2:53 AM, Michael Steele wrote:
Peter,Ok, remember this when Sourcefire forks the source code for Snort. I doubt that will ever happen, but who is to say what might happen down the road.Sourcefire is where they are at this point because of the development that was produced pre-Sourcefire. There was a LOT of development on Snort outside of Marty, and Sourcefire has built on that development. It would have taken years longer for Snort to be developed to where it was when Sourcefire wascreated.Sourcefire has placed a LOT of money into developing Snort, and that's a given, but they are the biggest reapers of profit from Snort. I just heardthere is a 90k IDS solution that Sourcefire is or will be selling.This is NO big deal. It's just one small step. If people don't really careand voice their opinions it will leave the door open for further restrictions. Remember, baby steps first. Kindest regards, Michael... WINSNORT.com Management Team Member -- Pick up your FREE Windows or UNIX Snort installation guides mailto:support () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users- admin () lists sourceforge net] On Behalf Of James Riden Sent: Thursday, March 03, 2005 11:44 AM To: 'Snort Users Postings' Subject: Re: [Snort-users] Sourcefire Tactics - New Licensing "Peter J Manis" <pmanis () comcast net> writes:I agree. This is sad. Essentially, what is happening here is taking the open out of the opensource. First the rules from Sourcefire, and now they are trying to take Bleeding Snort. I understand if Sourcefire is upset about a few individuals using their rules, but what business do they have attempting to take Bleeding Snort under their control? This is clearly a coorporation hoax to monopolize the development of Snort rules, first by licensing the Sourcefire rules, and now trying to get Bleeding Snort to abide by their licenses! Next will be Snort itself!I suggest you ask for your money back. This is not the end of the world; it's precisely what the GPL was designed for. Anyone who wants to fork the current sourcecode and rulebase may do so, and do their own development. -- James Riden / j.riden () massey ac nz / Systems Security Engineer Information Technology Services, Massey University, NZ. GPG public key available at: http://www.massey.ac.nz/~jriden/ ------------------------------------------------------- SF email is sponsored by - The IT Product GuideRead honest & candid reviews on hundreds of IT Products from real users.Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- SF email is sponsored by - The IT Product GuideRead honest & candid reviews on hundreds of IT Products from real users.Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Discover. Determine. Defend. roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Demarc Certified Open Signatures, (continued)
- RE: Demarc Certified Open Signatures Bob Konigsberg (Mar 02)
- RE: Demarc Certified Open Signatures Michael Steele (Mar 02)
- Re: Sourcefire Tactics - New Licensing Peter J Manis (Mar 02)
- Re: Sourcefire Tactics - New Licensing Frank Knobbe (Mar 02)
- Re: Sourcefire Tactics - New Licensing Peter J Manis (Mar 02)
- Re: Sourcefire Tactics - New Licensing Paul Schmehl (Mar 02)
- Re: Sourcefire Tactics - New Licensing Peter J Manis (Mar 02)
- RE: Demarc Certified Open Signatures Bob Konigsberg (Mar 02)
- Re: Sourcefire Tactics - New Licensing James Riden (Mar 03)
- RE: Sourcefire Tactics - New Licensing Michael Steele (Mar 03)
- RE: Sourcefire Tactics - New Licensing Theodore Stout (Mar 04)
- Re: Sourcefire Tactics - New Licensing Martin Roesch (Mar 04)
- Re: Sourcefire Tactics - New Licensing Paul Schmehl (Mar 04)
- Re: Sourcefire Tactics - New Licensing Brian (Mar 04)
- Re: Sourcefire Tactics - New Licensing Kevin Johnson (Mar 04)
- RE: Demarc Certified Open Signatures Eric Hines (Mar 04)
- Re: Demarc Certified Open Signatures Guillaume Arcas (Mar 04)
- RE: Demarc Certified Open Signatures Esler, Joel CNTR/Sytex (Mar 04)
- RE: Demarc Certified Open Signatures Eric Hines (Mar 03)
- RE: Demarc Certified Open Signatures Frank Knobbe (Mar 05)
- RE: Demarc Certified Open Signatures Jose Maria Lopez Hernandez (Mar 03)