[Emerging-Sigs] Rule question

Miso Patel miso.patel at gmail.com
Wed Oct 20 10:33:22 EDT 2010


This is very concerning to me.  A company complaining about people not
updating software for only 1 years?  I understand patching for
security updates (like the Adobe you mentioned) but only supporting
releases for 1 years?  Windows XP is ten years old and MS still
supports it.  Hobbyest software I can see being supported for this
short time (or not supported at all) but for commercial software, I am
shocked.

It has been my impression that Snort, while a great IDS offering, has
always been more of a pet project than a real commercial offering and
despite SourceFire going public, it still seems to struggle to be a
true software company. With limited support on versions and rules,
that's not how the game is played.  Don't get me wrong, like I said,
Snort is a good IDS product and the continual development on it is
encouraging but it seems that SourceFire has been formed to take an
open source project and commercialize it.  I don't think that is wrong
at all but I think they are doing it wrong.

Miso Patel, CISO

On 10/20/10, evilghost at packetmail.net <evilghost at packetmail.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>> We need to at least all get to 2.8.6.1. 2.8.4 is over a year old, I think
>> it came out in May of 09. It's important to stay current, or at least
>> current-ish. Aside from the new functionality and speed improvements, we
>> make improvements to make detection more accurate, and detect things you
>> may be missing with an older version.
>
> You're insane... :)
>
>> By supporting older versions, I think, personally, all you are doing is
>> keeping people content with the older versions of software. Supporting
>> their bad habits is not good. That's not Sourcefire's opinion, that's just
>> mine, but you wouldn't keep an old unpatched version of adobe reader
>> around, because it's "too difficult" to upgrade would you?
>
> I'd keep people on older versions of Adobe unless they needed the new
> features added or weren't vulnerable to a security vulnerability.  Adobe
> is a poor comparison here.
>
> Does't the SF appliance run an outdated "custom rolled" version of RHEL?
>  RHEL isn't known for being current, they're known for being STABLE.
> That's an odd choice for an GNU/Linux base isn't it?
>
> - -evilghost


More information about the Emerging-sigs mailing list