Sourcefire's Roesch: How Snort can normalize JavaScript, model rules

Sourcefire's Roesch: How Snort can normalize JavaScript, model rules

Date: Apr 10, 2013

SAN FRANCISCO -- In the hearts and minds of information security practitioners, arguably no tool is as beloved as Snort, Sourcefire Inc.'s venerable open source intrusion detection system for Windows and Unix.

"It was a perfect software project," said Snort creator Martin Roesch, Sourcefire's chief technology officer, "because you never had to finish it and you interacted directly with the users."

Even though Snort celebrates its 15th anniversary this year, Roesch said there are plenty of new features for the passionate Snort user community to get excited about.

In this interview, conducted at the 2013 RSA Conference, Roesch discussed some of Snort's recently added capabilities, including JavaScript normalization for examining obfuscated code, file analyzers and anti-evasion technology. Roesch also reflected on why Snort has enjoyed so much success, how much coding he gets to do these days, and what the future of Snort may hold.

Editor's note: Roesch's title was interim CEO at the time of the interview.

More on Open Source Security Tools and Applications

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: