The Ashimmy Blog

This is a question which has come up recently and I understand was a recent topic on a Snort IRC channel.  It seems recent comments by me and on our podcast have raised some questions about what the future course of licensing for new versions of Snort are going to be.  I also spoke about this with Thomas Ptacek of Matasano a while back and we never finished our conversation.  Obviously, I am not the final word on this topic and you should look at Sourcefire for the definitive answer.  However that being said, my understanding is that Snort 3.0 will have some license changes.  My belief is it will still be open sourced and released under a GPL license as Marty Roesch has said many times.  However, the licensing change, again from what I understand, will deal with people who embed Snort into their applications and under current license do not fall under the derivative clauses of the GPL.  So under Snort 3.0 there will be changes to the base GPL as to what constitutes a derivative work.  My opinion is that in essence what is happening here is Sourcefire is going to move Snort to more of a dual-licensed system.

What does this mean?  Simple, in my mind.  If you are going to use Snort as part of your application (as many IDS/IPS vendors do, some publicly, some not so much) and sell that application for money, you are going to have to have a commercial license from Sourcefire.  You will not be able to bundle Snort with your application and not commercially license it from Sourcefire.  Does this effect many of you out there?  Probably not.  If you download Snort and use it on your network or in work, you are fine.  If you use Snort in your product that you sell, than it matters quite a bit. 

I perfectly understand why Sourcefire is doing this.  They see companies competing with them in the market using the work product they have put a lot of time, effort and money into.  They are perfectly entitled to do so.  So yes Snort 3.0 is going to continue to be open sourced.  However, there are changes involved that may effect you if you are using Snort as part of another product.  If this is incorrect or if Marty, Wayne or anyone else from Sourcefire wants to comment or correct me here, I stand ready to be corrected.  Would welcome the chance to clear this matter up.

For those companies using Snort as part of your product, what are your options?  Do you pay Sourcefire whatever their commercial fees are?  Will we see a fork of Snort with the forked version still under the GPL but supported by an alternative community, perhaps Bleeding Edge Community or some consortium of companies that bundle Snort?  I don't know but time will tell.