[Emerging-Sigs] Rule question
miso.patel at gmail.com
Wed Oct 20 10:33:22 EDT 2010
This is very concerning to me. A company complaining about people not
updating software for only 1 years? I understand patching for
security updates (like the Adobe you mentioned) but only supporting
releases for 1 years? Windows XP is ten years old and MS still
supports it. Hobbyest software I can see being supported for this
short time (or not supported at all) but for commercial software, I am
It has been my impression that Snort, while a great IDS offering, has
always been more of a pet project than a real commercial offering and
despite SourceFire going public, it still seems to struggle to be a
true software company. With limited support on versions and rules,
that's not how the game is played. Don't get me wrong, like I said,
Snort is a good IDS product and the continual development on it is
encouraging but it seems that SourceFire has been formed to take an
open source project and commercialize it. I don't think that is wrong
at all but I think they are doing it wrong.
Miso Patel, CISO
On 10/20/10, evilghost at packetmail.net <evilghost at packetmail.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>> We need to at least all get to 220.127.116.11. 2.8.4 is over a year old, I think
>> it came out in May of 09. It's important to stay current, or at least
>> current-ish. Aside from the new functionality and speed improvements, we
>> make improvements to make detection more accurate, and detect things you
>> may be missing with an older version.
> You're insane... :)
>> By supporting older versions, I think, personally, all you are doing is
>> keeping people content with the older versions of software. Supporting
>> their bad habits is not good. That's not Sourcefire's opinion, that's just
>> mine, but you wouldn't keep an old unpatched version of adobe reader
>> around, because it's "too difficult" to upgrade would you?
> I'd keep people on older versions of Adobe unless they needed the new
> features added or weren't vulnerable to a security vulnerability. Adobe
> is a poor comparison here.
> Does't the SF appliance run an outdated "custom rolled" version of RHEL?
> RHEL isn't known for being current, they're known for being STABLE.
> That's an odd choice for an GNU/Linux base isn't it?
> - -evilghost
More information about the Emerging-sigs