Vendor Disclosure and plugging

[Joel Esler <jesler () sourcefire com>]

All,

I've received several complaints of late about various vendors plugging their wares on list.  As many of you know, this 
is generally frowned upon, and I receive complaints as soon as you do it in my inbox.

I have to write this email every couple of years, and it looks to be about that time.  

We have had issues with another vendor doing this a couple years ago, and everyone piled into them rather harshly, and 
I'd rather nip this in the butt now.

As a reminder.  If you are talking about a product that you make, that is commercial, you need to fully disclose that 
you work on it, work for the company that makes it, etc.  This is a list for Snort discussion and any of the tools that 
surround it.   Tools that are free are always up for discussion, that's completely fine.  The line is crossed when you 
start talking about "for pay" stuff.   You wanna talk about Snort inside of Security Onion, totally fine.  Doug 
dedicates his time to providing a free tool which is awesome.  You wanna talk about Snorby (the free version) on list, 
(as an example, I'm not picking on Dustin).  This is an Open Source list about an Open Source tool and an Open Source 
ecosystem.

The list etiquette needs to be something along the lines of:

User - "I have problem blah"
Vendor - <thinks to himself> My product can solve that problem, I should write them on list!:

"Hey User!  Snort's feature set can solve that problem in "x" way.  This is how you'd do it in Snort, <reference 
section of the manual>  If you aren't interested in manually maintaining X, I'm employed at blah and we make 
"yaddayadda".  If you are interested, please contact me off list.

That discusses the problem, how Snort solves it, or could solve it (so you've contributed back to the community), and 
that leaves it up to the User to discuss with you off list, it also fully discloses who you work for, and everyone is 
fully aware of the feature now.  

This is as close to crossing the line as we can get.  I literally could answer every email with "Sourcefire 
blahblahblah"  But all Sourcefire employees that belong to these Snort lists are made aware they are not allowed to do 
that.  If there is any question about the response they are going to give, they ask me off list before they do it.  We 
are very careful about not plugging on-list because we don't want to be that guy.  We've had to kick that guy off the 
list before.  

Don't be that guy.

Please do not hesitate to contact me on or off list.  (In the spirit of openness, please feel free to write me on-list 
publicly so everyone can see the response), but as anyone of you knows that have emailed me off list, I'll answer you :)

Like I said, I'm not coming down on anyone, I just see where this is going, and I'd rather nip it now.  If we need to 
create a mailing list just for products surrounding Snort and people can subscribe to it, opt-ing in, as it were, we 
can do that.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester  
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the  
endpoint security space. For insight on selecting the right partner to 
tackle endpoint security challenges, access the full report. 
http://p.sf.net/sfu/symantec-dev2dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!