[Openvas-discuss] nmap + sourcefire = new vulnerability scanner
Javier Fernández-Sanguino Peña
jfs at computer.org
Fri May 25 10:10:04 CEST 2007
On Fri, May 25, 2007 at 02:25:08AM -0400, oday at fas.harvard.edu wrote:
> Sourcefire subscription customers get closed-source versions of the rules,
> which they are not allowed to distribute under any conditions, as soon as
> they are available. After 30 days, the Vulnerability Research Team (VRT)
> rules (verified by Sourcefire) are released under the GPL to anyone who
> registers and downloads them. Other rules, developed by the open source
> community, are available as well, under whatever license the creator has
> released them.
This last paragraph is not true. VRT rules are *not* released under the GPL,
they are "free for download" but are not GPL licensed. See
http://www.snort.org/vrt/
I should now, I'm the Snort maintainer and I'm unable to upgrade to a new
release because that would mean pulling out all the (previously GPLd) rules,
as they are now part of the VRT ruleset and, consequently, non-free.
If somebody corrects me here I would be happy, as my emails to the people at
Sourcefire have gone unanswered.
Regards
Javier
More information about the Openvas-discuss
mailing list