This article can also be found in the Premium Editorial Download "Information Security magazine: Tips from the 2007 Security 7 Awards."
Download it now to read this article plus other related content.
Well, Nessus had to grow up; Snort too. They've been commercialized by those that built them, and that was inevitable. After all, this is a capitalistic society, and eventually the socialism that is the free software movement just doesn't pay the bills.
Today, the core Nessus engine is free, and you can still get Snort at no cost, but the free beer analogy has gone a little flat. Timely updates will cost you an expensive license agreement, and the words copyright, patent and acquisition have infiltrated the lexicon of "the community." Smart guys like Renaud Deraison at Tenable and Marty Roesch at Sourcefire have mastered teetering the fragile boundary between upsetting the bottom line and satisfying their open source following.
ClamAV was the latest open source project to see dollar signs and cross over to commercialization. Ironically, it was Sourcefire, the proprietary home of the Snort IDS, that scooped up the Clam project, its five team members, SourceForge project page, Web domain, etc. The move is a great one for the newly public Sourcefire, which has been touting its new Enterprise Threat Management platform and figures to integrate ClamAV there.
Like with Snort, Sourcefire founder Roesch and CEO Wayne Jackson
This was first published in October 2007