|
Popular open source security products are being commercialized, changing the way customers and vendors view "the community."
Remember when Nessus updates and plug-ins were free? It wasn't that long ago. And when the latest Snort signatures were a few gratis clicks away too? Those were the days when the best open source security software was free, as in free beer.
Well, Nessus had to grow up; Snort too. They've been commercialized by those that built them, and that was inevitable. After all, this is a capitalistic society, and eventually the socialism that is the free software movement just doesn't pay the bills.
Today, the core Nessus engine is free, and you can still get Snort at no cost, but the free beer analogy has gone a little flat. Timely updates will cost you an expensive license agreement, and the words copyright, patent and acquisition have infiltrated the lexicon of "the community." Smart guys like Renaud Deraison at Tenable and Marty Roesch at Sourcefire have mastered teetering the fragile boundary between upsetting the bottom line and satisfying their open source following.
ClamAV was the latest open source project to see dollar signs and cross over to commercialization. Ironically, it was Sourcefire, the proprietary home of the Snort IDS, that scooped up the Clam project, its five team members, SourceForge project page, Web domain, etc. The move is a great one for the newly public Sourcefire, which has been touting its new Enterprise Threat Management platform and figures to integrate ClamAV there.
Like with Snort, Sourcefire founder Roesch and CEO Wayne Jackson are saying all the right things about maintaining open source Clam. However, the other shoe will inevitably drop here, as it did with Snort and its VRT Certified Rules license subscription service. Since 2005, up-to-the-minute Snort rules have been available only to subscribers; others could register to get their rules after a delay. Those who choose not to register must wait for major releases to get their new rules.
|
