[Emerging-Sigs] Emerging Threats Sells Out!!!
mmonitz at gmail.com
Sun Oct 24 10:19:26 EDT 2010
can someone please clerify the meaning of "sensor" for licensing cost?
On Mon, Sep 27, 2010 at 4:18 PM, Matthew Jonkman <jonkman at jonkmans.com>wrote:
> We are adding a full coverage premium subscription ruleset. So not really
> selling out I suppose, it's just us still. No outsiders... so we're kind of
> selling out to ourselves. If you have to sell out that's the way to do it I
> We are building a new ruleset, one that has full vulnerability coverage. We
> have a professional research team on full time now, and we've bought the
> Telus Security Labs feed (the guys that supply the entire industry with
> research, rules, and intel, the big brains!). This has allowed us to fill in
> the historical gaps in coverage of the open ET ruleset, and will assist us
> in keeping completely up to date with new vulnerabilities and new exploits
> as they happen. http://www.emergingthreatspro.com
> But wait, there's more!!!
> What's the biggest security threat on your network, and every network these
> days? (besides your users)
> It's malware. I don't think there's any argument there, and that's why the
> ET ruleset has been so useful, because we all focus on malware. You don't
> get the malware coverage in the existing commercial rulesets because it just
> moves too quickly. And all the commercial rulesets are built for an
> appliance the same company sells, so adding more rules day after day doesn't
> make the appliance they also sell look good as it slows down. So the result:
> we have commercial rulesets with only minimal malware coverage, so we all
> use the ET ruleset to augment.
> So we're changing that, we're making THIS the one ruleset you need, not the
> one you add on to the others. We have the full time research team, we have
> the intelligence feeds, and we have enough coffee to keep the state of
> Washington awake for a year straight. We're on it! We've hired most of our
> researchers from the Emerging Threats Community (and we're still hiring,
> shoot me a resume if you want to play with us!). So it's the people you
> already know and trust. We've been doing this for 10 years now.
> We're JUST doing rules, not hardware. This is a major difference. You now
> have a CHOICE in what ruleset you use just like you choose the hardware that
> fits your needs.
> We're rebuilding and expanding the ET Sandnet that's been feeding us so
> much good intel over the years, and we're partnering with all the names you
> already know in the industry to share intel, samples, and more.
> But wait, there's more!!!
> We're publishing in many engine formats. One of the drivers to do this was
> to get a full coverage ruleset out there that could take advantage of the
> new capabilities of Suricata. It's pretty clear no one else is going to do
> that, so we're going to make it happen.
> At launch we are covering Snort 2.8.4 era, 2.8-CURRENT, and Suricata. We'll
> have a Snort 2.4 ruleset out shortly to support those of you using an older
> engine. And here's the big thing.... We'll support 2.4, and all of our
> platforms, until no one needs it anymore! If you can't upgrade, fine. Not
> everyone needs to, can, or wants to upgrade. As long as people need it we'll
> keep putting out a 2.4.
> The Existing and future ET ruleset will also be published in these formats!
> We'll be introducing new platforms and languages later this year as well,
> so keep an eye out.
> But wait, there's more!!!!
> Emerging Threats Pro exists because of the community, ET *is* the
> community, it's been my honor to be the moderator all these years. We will
> stay part of that community. So here's my personal commitment, and the
> commitment of the new company Emerging Threats Pro, to the community. Write
> this down, frame it whatever. (I'm hanging it on my office wall)
> 1. ET Pro will support the Emerging Threats open project as long as needed.
> Hosting, infrastructure, manpower, everything.
> 2. The Emerging Threats Ruleset will remain FREE, BSD licensed as it always
> has been. That will not change unless we all agree we need to change it.
> 3. Every rule that comes from the community will immediately go through the
> ET Pro QA and load testing rig, and be converted to all the platforms we
> support as a company, and be IMMEDIATELY distributed to the community in ALL
> of those formats. All rules, in all formats, QA'd and converted,
> IMMEDIATELY. We'll do the grunt work.
> 4. I will turn over control of the project to a board of five community
> members to make the decisions, those board members will be elected. (I will
> stand for election as well. VOTE JONKMAN! :) )
> We'll set up that board for ET soon and get an election going. The reason I
> want to do that is we've seen things go bad in many other open source
> projects over the years when money and company interests come before keeping
> the community the project came from happy. I believe I will do a good job
> taking care of both projects for the long term, but I'm human like everyone
> else. I don't think anyone that's gone through this process of building a
> business behind an open project and ended up alienating a community went
> into it intending to do so. I would regret it forever if that happened to
> us. So to make SURE that doesn't happen I am going to give full control of
> the open project to the community.
> That means you still have a stake in the project, and you have to step up
> and help govern it. You have to nominate responsible board members, and
> these board members have to put a little work into it now and then. And if
> you don't like how things are going you have to speak up, offer solutions,
> or get yourself elected to the board and make changes. If the you or the
> board really don't like how I and the ET Pro team are taking care of things
> then you may take over and manage the project. You'll have full power to do
> so at any time.
> It of course worries me to give up full control of Emerging Threats. It's
> been my baby for many years now (8, 9?). But I have faith in this community.
> I KNOW we will take care of this thing we've built, and I KNOW it will last
> a very long time and continue to do good things. Because of that faith I
> think I can get over having sole control and let this thing live it's own
> life. (Maybe this is what it'll be like when my daughters go to college...)
> So, more details coming soon on the technical changes. Your download url
> won't change if you want the 2.8.4 ruleset as it is now. I'll get the
> charter for this board out soon and we can get some nominations and election
> Bottom line:
> 1. ET Pro will offer a complete ruleset based on and expanding the ET open
> 2. ET Pro will support the open project in all it needs
> 3. You are going to have a say in how we run the open project from here out
> 4. You have a choice where to get your rules now!
> Comments welcome as always.
> Matthew Jonkman
> Emerging Threats
> Open Information Security Foundation (OISF)
> Phone 765-429-0398
> Fax 312-264-0205
> PGP: http://www.jonkmans.com/mattjonkman.asc
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Emerging-sigs