Redefining free security software


This article can also be found in the Premium Editorial Download "Information Security magazine: Tips from the 2007 Security 7 Awards."

Download it now to read this article plus other related content.

Remember when Nessus updates and plug-ins were free? It wasn't that long ago. And when the latest Snort signatures were a few gratis clicks away too? Those were the days when the best open source security software was free, as in free beer.

Well, Nessus had to grow up; Snort too. They've been commercialized by those that built them, and that was inevitable. After all, this is a capitalistic society, and eventually the socialism that is the free software movement just doesn't pay the bills.

Today, the core Nessus engine is free, and you can still get Snort at no cost, but the free beer analogy has gone a little flat. Timely updates will cost you an expensive license agreement, and the words copyright, patent and acquisition have infiltrated the lexicon of "the community." Smart guys like Renaud Deraison at Tenable and Marty Roesch at Sourcefire have mastered teetering the fragile boundary between upsetting the bottom line and satisfying their open source following.

ClamAV was the latest open source project to see dollar signs and cross over to commercialization. Ironically, it was Sourcefire, the proprietary home of the Snort IDS, that scooped up the Clam project, its five team members, SourceForge project page, Web domain, etc. The move is a great one for the newly public Sourcefire, which has been touting its new Enterprise Threat Management platform and figures to integrate ClamAV there.

Like with Snort, Sourcefire founder Roesch and CEO Wayne Jackson

    Requires Free Membership to View

are saying all the right things about maintaining open source Clam. However, the other shoe will inevitably drop here, as it did with Snort and its VRT Certified Rules license subscription service. Since 2005, up-to-the-minute Snort rules have been available only to subscribers; others could register to get their rules after a delay. Those who choose not to register must wait for major releases to get their new rules.

This was first published in October 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: