Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Rules » Rule Licensing

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

Rule Licensing


Posted by bluefoxicy on April 07, 2005 15:08:32

[quote]
1.1. "Commercial Purpose" means the use, reproduction or distribution of (i) the VRT Certified Rules or any Modification, or any portion of the foregoing, (ii) a Compilation that includes, in whole or in part, the VRT Certified Rules or any Modification that in either case is intended to result in a direct or indirect pecuniary gain or any other consideration or economic benefit to any person or entity involved in such use, reproduction or distribution. Examples of a Commercial Purpose, include without limitation, (v) integrating the VRT Certified Rules with other software or hardware for sale, (w) licensing the VRT Certified Rules for a fee, (x) using the VRT Certified Rules to provide a service to a third party, (y) selling the VRT Certified Rules, or (z) distributing the VRT Certified Rules for use with other products or other services.
[/quote]

This raises a question. In the future I would like to use a bunch of stuff to build a security node, and possibly allow others to use the specs, including businesses. Consider the following situations.

SITUATION A

Person Dev creates a security device out of a Mac Mini or such, a cheap machine with two (2) network ports using a bunch of stuff, including snort. This person distributes the specs for free, occasionally building them for (lazy) friends or friends of friends, for a fee simply to cover his time. This is not a business.

1. Dev may want to distribute the devices he builds for friends (at profit) with snort rules. May the 5 day rules be used, or must the point release rules be used?
2. Assuming the restricted rules can't be used, may the device be capable of using the point release rules, yet also of being configured to use an Oink Code to get subscriber or 5 day rules?

SITUATION B

Dev now has a lot of friends! Suddenly some very rich people want to be his friend, too! They want him to build them 300 of these nodes to use in their IDS facilities, and 5 heavy nodes to use in a main IDS.

Dev is now inspired to start a support and service business. He hires a lawyer, starts working out a more managable design, and begins working to incorporate his business. The lawyer works out a contract that leaves rights to the design to Dev, and assures that the building of these nodes and the software are freely available, not suddenly somehow raked under the client's IP ("We own the concept of using these software in this configuration!").

Dev can not distribute the 5 day rules this way. He now leaves the point release rules in. The business is using these nodes internally, not reselling them.

1. May the device be capable of using the point release rules, yet also of being configured to use an Oink Code to get subscriber or 5 day rules?
2. May the commercial entity register and use the 5 day rules for these nodes, assuming the business is using its own Oink Code?
3. May Dev configure the node for the business, if supplied the Oink Code by the business, to use the subscriber or the 5 day rules?


Note that in situation (A), Dev is supplying his friends his copy of the rules, just as a matter of use. In situation (B), Dev requires the commercial entities to use their own accounts and Oink Codes to gain access to the newest Snort rules. While I don't believe anyone actually cares what Dev gives his friends in (A), it's still nice to understand the legalities; (B) I think all 3 questions are fairly easy 'yes' answers.

Posted by bluefoxicy on April 07, 2005 15:09:09

wtf it cut all my newlines!!!!

Posted by bluefoxicy on April 07, 2005 15:36:22

Oh I get it, IE sucks and won't display newlines on the forums. Gotcha.

Posted by roesch on April 08, 2005 12:10:05

Ok, let me see if I can answer this.

Situation A

The best way for Dev to proceed is to not include any rules with his design and just download them as needed from snort.org. That way his users can make a decision about whether they want to get the rules on point releases, as registered users or subscribe. If his users are too lazy to even do that then I'd probably recommend that you register them individually and setup Oinkmaster to autograb updates on the delay. Since Dev isn't a business and at best could be thought of acting in a consultant role, you're under the section of the license agreement that makes you an end-user if I'm reading your scenario correctly.

Scenario B

I'm not sure what Dev is doing here. Is he selling a product or a service? If he's doing either, he's bound by the commercial redistribution limitations of the VRT license. In order to distribute rules he'll need a redistribution license. If he wants his users to have early access to the rule updates then he can resell subscriptions, otherwise the users can be registered and get Oinkcodes to do downloads. I think if I'm reading this right that the answer to all three questions should be "yes".

Hope that clears things up a bit.

-Marty



Posted by bluefoxicy on April 09, 2005 05:44:24

Cool, 'cause I wanna build stuff like this at some point, just to do it; though I could conceivably see people thinking it was cool (I know a lot of nerds), and well. If the opportunity arises, I'm a businessman ;) Good to look ahead (years ahead, not 2 months like managment likes to do)
site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.