Cisco announced on July 23rd that it will be acquiring Sourcefire for 2.7 billion dollars. The first reaction from everyone in the Snort community was, “What will happen with open source Snort?”. Marty Roesch, Founder and CTO of Sourcefire and the author of the Snort IDS assured everyone that Snort will remain free and open source. Even with the worse case being that Cisco does not support open source Snort, where does this leave the state of open source security? One of the most enduring values of tools like Snort is that the code is freely available to evaluate, providing security researchers and administrators access to evaluate and extend functionality as necessary. With all of the “open source” products being brought into commercial products, there is a risk that the transparency into potential vulnerabilities will be a right reserved to the vendor.
Suricata does provide an alternative open source intrusion detection and prevention engine which can support the Snort rules that have already been created. The alarming aspect is giving trust to vendors of the tools that keep our networks and hosts safe. We will all have to wait to see what the future holds for Snort as Cisco begins to integrate Sourcefire’s product line.