Well, Nessus had to grow up; Snort too. They've been commercialized by those that built them, and that was inevitable. After all, this is a capitalistic society, and eventually the socialism that is the free software movement just doesn't pay the bills.
Today, the core Nessus engine is free, and you can still get Snort at no cost, but the free beer analogy has gone a little flat. Timely updates will cost you an expensive license agreement, and the words copyright, patent and acquisition have infiltrated the lexicon of "the community." Smart guys like Renaud Deraison at Tenable and Marty Roesch at Sourcefire have mastered teetering the fragile boundary between upsetting the bottom line and satisfying their open source following.
ClamAV was the latest open source project to see dollar signs and cross over to commercialization. Ironically, it was Sourcefire, the proprietary home of the Snort IDS, that scooped up the Clam project, its five team members, SourceForge project page, Web domain, etc. The move is a great one for the newly public Sourcefire, which has been touting its new Enterprise Threat Management platform and figures to integrate ClamAV there.
Like with Snort, Sourcefire founder Roesch and CEO Wayne Jackson
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
are saying all the right things about maintaining open source Clam. However, the other shoe will inevitably drop here, as it did with Snort and its VRT Certified Rules license subscription service. Since 2005, up-to-the-minute Snort rules have been available only to subscribers; others could register to get their rules after a delay. Those who choose not to register must wait for major releases to get their new rules.
This was first published in October 2007