This article can also be found in the Premium Editorial Download "Information Security magazine: Tips from the 2007 Security 7 Awards."
Download it now to read this article plus other related content.
The other potential hitch is for enterprise UTM users whose vendors have built their products on top of open source offerings like Clam. Astaro and Barracuda are two such cases, and Information Security spoke to their CEOs about the situation. Neither Jan Hichert nor Dean Drako seemed particularly stressed about the trickle-down for their customers. Most UTM vendors offer multiple AV scanning engines, and ripping and replacing Clam should a license become onerous wouldn't be a big deal, both CEOs said.
The bigger question is around the commercialization of open source and the end of open source poaching. HD Moore made a loud statement this year with the introduction of the Metasploit Frame-work License upon the release of Metasploit 3, which limits the use of exploit modules and interfaces. "Proprietary businesses were using his code in commercial products, but not maintaining his copyright, instead using his community as free R&D," says Nick Selby, an analyst with The 451 Group. "That's not cool. He changed from the GPLv2 and Perl Artistic licenses to a home-baked license that says that neither Metasploit nor derivative works may be sold."
It's a faulty argument that these products are borne mostly on the sweat of the community. True, there are contributions from the outside, but it's a fair guess that Sourcefire engineers are the keepers and enhancers of a majority of the free Snort code--same goes for Clam and its team, and Moore's minions. There's
This was first published in October 2007