Sourcefire has changed the licensing and distribution of Snort rules, and created the VRT Certified rules, which are tested and certified by the Sourcefire Vulnerability Research Team.

As an end user, you can get these rules in one of three ways:

• Pay a subscription fee to Sourcefire and get the rules as soon as they are released
• Register for free and get the rules five days after they are released to paid subscribers
• Get whatever is current with each release of the Snort engine (in other words, no updates between engine updates, which is not recommended)

There are special considerations if you are a "Snort Integrator." In any case, you need to read the FAQ at Snort.org.