Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security

Snort Creator Makes Good 288

Posted by timothy from the no-bayou-or-weaseling-required dept.
Anonymous Coward writes: "Robin Miller, aka Roblimo, has written a great analysis of one of the first Open Source companies to be profitable before their IPO, Sourcefire! In this 'local boy makes good', we read about Team Fortress-playing programmer Marty Roesch, who writes Snort to beat his online gaming addiction. Now Snort is one of the most successful Intrusion Detection Systems out there and Marty's start-up is going gangbusters. Robin explains how Marty's company started in his basement (like Apple's garage), got profitable, then got venture capital in a time when everyone swears there is no venture. Marty even offers jobs at Sourcefire for the Slashdot crowd, 'Linux zealots, Open Source gurus, self-starters who are self motivating so I can just turn them loose...'"
This discussion has been archived. No new comments can be posted.

Snort Creator Makes Good More

Snort Creator Makes Good

Comments Filter:

  • Careers? (Score:5, Informative)

    by cp4 ( 250029 ) on Monday July 01, 2002 @02:02PM (#3802222)
    Clicked on Careers and don't see anything for Linux zealots...

    Technical Writer and Marketing Manager don't quite fit the bill.

    Am I looking in the wrong place?
    • Clicked on Careers and don't see anything for Linux zealots...

      Technical Writer and Marketing Manager don't quite fit the bill.

      Hmmm. I take it you've never been in marketing....

    • Re:Careers? (Score:2, Interesting)

      by Hast ( 24833 )
      If you're interested in a job why don't you just fire off a mail to them? It's not too uncommon these days (with the market a bit down) for companys to hire because they have heard of you before.

      They said they wanted forward people after all, contacting them before they ask you too is rather forward. (Just don't be pushy about it, just ask them to add your CV to their pile.)

      You could also do as someone said and download the source and start poking around. (And the two are not mutually exclusive, of course.)

  • Misread the headline... (Score:5, Funny)

    by Anonymous Coward on Monday July 01, 2002 @02:02PM (#3802224)
    ...and thought it was "Snort Creator Makes God".

    I was like, whoa, cool...

  • Snort Slashdotted. (Score:5, Funny)

    by MisterBlister ( 539957 ) on Monday July 01, 2002 @02:03PM (#3802229) Homepage
    Can it still detect intrusions when its being hit by an infinite number of open source monkeys?

  • great! (Score:3, Interesting)

    by Arminius ( 84868 ) on Monday July 01, 2002 @02:04PM (#3802245) Homepage
    It's good to see people who are making a difference in the open source world and not just criticize it!
    • It's good to see people who are making a difference in the open source world and not just criticize it!
      ------
      Never underestimate the power of stupid people in large groups.

      Your sig changes the whole mood of your post. Funny, though!

  • Snort?? (Score:5, Funny)

    by Myshkin ( 34701 ) on Monday July 01, 2002 @02:07PM (#3802258)
    With a name like snort he is probably making a bunch of money off of people who think they're buying some cocaine.

  • And also useful... (Score:5, Informative)

    by User 956 ( 568564 ) on Monday July 01, 2002 @02:08PM (#3802272) Homepage
    I'm sure some of you would prefer the Windows version of Snort [silicondefense.com], put together by Silicon defense [silicondefense.com].

  • Good luck. (Score:5, Funny)

    by saintlupus ( 227599 ) on Monday July 01, 2002 @02:10PM (#3802289)
    Linux zealots, Open Source gurus, self-starters who are self motivating so I can just turn them loose...

    ...are actually off doing something interesting, rather than spending their time fucking about on Slashdot.

    --saint
    • You tell 'em, uh, I'm not really here either.
    • As in James Ellroy? I gotta know.
      • As in James Ellroy? I gotta know.

        Yes, as in James Ellroy. There's an edited version of an old interview with him in The Onion this week. Hunt through the archives for the original - it's a lot better.

        --saint

  • Sourcefire \.'ed (Score:3, Interesting)

    by unformed ( 225214 ) on Monday July 01, 2002 @02:14PM (#3802310)
    Not really surprised...you had to state that he's offering jobs, didn't you?

  • But will he remain profitable? (Score:4, Interesting)

    by jschrod ( 172610 ) <jschrod@nOsPAM.acm.org> on Monday July 01, 2002 @02:18PM (#3802338) Homepage
    The point is not if he is profitable, but if he will remain to be so after venture capital and the associated demands came into his company. I hope that this guy did a very thorough cost-benefit analysis before he took the money.

    Venture capitalists are not in for the long run, they want to capitalize their investments in the mid term. Quite some companies went bankrupt or got in difficulties after external money and the demand for quick market grab came in and drove solid growth strategy out. Look at SuSE for an example from the Linux world.

    Disclaimer: I'm owner and CEO of a (privately held, incorporated) company. We still make profits, even in this harsh market, because we didn't join the hype train, but brought solid add-on value to our customers. I wish Marty Roesch luck in choosing his business strategy...

    • Given the current heightened security awareness I'm sure the timing for this is just right. Still, the VC money is a gamble. Will they be able to grow the company quick enough to be ready when the vultures start wanting to see the ROI payoff?
    • Their exit strategy is probably to sell the company to a bigger competitor or a big iron vendor, like Sun or HP, in a couple of years. These don't only buy companies for profits, but also for technology expertise (people) and customer base.

      I'm sure we'll see an enhanced version of Snort for a proprietary *nix OS some day.
      He'll be rich and have all the time of the world to play games and drink beer with Zealots.

  • This "take in more money than you spend" concept is a little hard to grasp at first, but the more you think about it, the more sense it makes, at least in a fuddy-duddy, "old economy" kind of way.

    As much as I sincerely want to believe that this is attempting to be witty, it's far too close to the *cough*VALinux*cough* truth *cough*Amazon*cough* coming from an OSDN employee.

  • Step two revealed (Score:5, Insightful)

    by gmhowell ( 26755 ) <gmhowell@gmail.com> on Monday July 01, 2002 @02:27PM (#3802428) Homepage Journal
    First go read the newsforge article.... Okay, the joke is:

    Step one: develop open source software
    Step two: mumble, mumble
    Step three: profit!

    Now, it seems that step two is revealed. It's actually a few steps. Now, for the first time ever:

    Step two (a): Come up with (proprietary) tools that make the basic (GPL) Snort code easy to understand and use for non-technical managers.
    Step two (b): Load Snort and the additional tools into a box, and sell the box as a complete solution, instead of just selling software.

    It's been said before that there is no incentive to make OSS easy to use. Here (and elsewhere) is the proof. Make it hard to use. Release it. BUT, make the config tools easy to use, IF you pay for them.

    I'm not slagging the guy, he's gotta eat. But it is another notch in the belt for those who are cynical about OSS and business.

    • Re:Step two revealed (Score:3, Informative)

      by wessto ( 469499 )
      This is evident in Sun's iPlanet suite of application servers. You can get the entire enterprise edition of the server as a command-line set of tools absolutely free, however the nice GUI's for application deployment, monitoring and configuration will cost you.
    • that's what sendmail does as well isn't it? That program is god awful to use, but if you have their 'tools' then it is supposed to be much ,much more managable.
      • Yes but what they dont know is i have the last laugh, i dont use thier tools so i get a very very through understanding of the software (be it sendmail etc...) which makes me more valuable then the average point and click guy :) Use your gui wrappers, ill be laughing all the way to the bank :)
    • But the great thing is that anyone can build a config tool and sell it, thus creating competition. They can do that because they can see the source.

      Or, someone could add features to the source that could make it easier with or without tools.

      It's about CHOICE and OPTIONS.

      "...there is no incentive to make OSS easy to use."
      What's the incentive to make OSS?
      • "But the great thing is that anyone can build a config tool and sell it, thus creating competition."

        Or they can create an OSS project to develop a snort configuration tool, thereby undercutting the software end of the SourceFire project. I'm not sure if this scenario would be a win (an OSS project improves the usability of another OSS project) or a loss (an OSS project reduces revenue that's indirectly helping another OSS project).

        • Sourcefire is /not/ about selling a shrink wrapped box in the store. They get money from selling IDS system. They sell the rack boxes with snort installed and configured. They sell the normal boxes with admininistration tools. They sell training and expertise.

          They aim for the customers that "don't want OSS" in the first place. (I bet you can download a whole bunch of GUI's for Snort if you want them.) And from the article is seems like they charge quite a bit from the servers.
      • I agree that it's about choice and options. I looked at a half dozen programs before picking a photo gallery manager for my website (not linked in the above url, BTW).

        To answer your question: in CatB (or one of the other essays in the book) the incentive is peer approval and positive strokes from the community. Ease of use doesn't generate those things.

    • Re:Step two revealed (Score:5, Insightful)

      by crimoid ( 27373 ) on Monday July 01, 2002 @02:40PM (#3802528)
      Exactly, but this is a GOOD thing.

      Developers get to eat (and maybe pay rent), and customers aren't tied to one vendor.

      In addition the developer can get the assistance from the community at large, while the customer has equal opportunity to review the code that they are using.

      This is a shining example of how to leverage Open Source and make a living at it. Find a middle-ground where the core code is usable but not so easy that a monkey in a suit can install it.... the techies can run it for free and the suits can pay for it. I don't see how this is a bad thing.
      • I agree that it is a mostly good thing. The guy has to eat. Personally, I would prefer it if infrastructure tools were developed in-house, by, say, Bank of America and Ford, and Fred's Chicken Hut, then released into the wild, rather than have one company do the development, support, and sales.

        But, yes, this is a good thing.

    • I'm not slagging the guy

      Sure you are. If you read that far down into the article you had to read about the technical guys who gladly would have installed snort but couldn't get it past the suits because it didn't come from a 'company'. In other words, he could have sold the product as-is. The problem was that so could anyone else. The GUI front end for the phb's, a preloaded box, all that is just differentiation (what makes us better than the other guys).

      • Re:Step two revealed (Score:3, Insightful)

        by gmhowell ( 26755 )
        Honestly, I did miss the part (or underplayed) where he said the tools the company developed helped corporate buy-in.

        I think the thing that helped more than the product was the price tag. If you sell it for $49.95, it's not worth that much to a Fortune 100. But $20,000 per box plus $10k per sensor... That must really be worth something if you are charging that much for it.

        • You are right: for some reason, big companies don't like it cheap.

          And I think that's the problem with many Linux solutions: companies think about Linux, and they think about the funny penguin logo, the teen MS-bashers with testosterone overdose, and plenty of hairy OSS-preachers.

          It's not that I personally don't like it, being somewhat in the middle of the "hairy" and the "teen" :-) But it's understandable that many companies don't like something that they think comes from and is used by only a bunch of freaks. The (small) firm I work for does Linux and security consulting (among others), and has suffered because of that "unprofessional" mystique that big companies attach to Linux (and BSD, and OSS as a whole).

          So, as conclusion: it looks stupid, but I would say that, if you're going to do something related to OSS and big companies, charge for it. Not a lot, but a significant amount. These companies want to know that they're buying something good, and one of the proofs that they have about it is price.
      • BTW, skimmed the link in your sig. I don't have time to actually do the test, but after a paragraph or two, it was getting very painful to read. Mind expects one thing, eyes see another.

    • Tho this is one many are, and have died trying, sell support.

      Here's the tool, here's all the manuals, etc. we'll sell you:

      Training

      Onsite/offsite support

      Consulting

      All good and fine, until you IPO and require a profit and your customer base dries up, due to downturns in their revenues or they just get all cheap on you and then expect you to be around upgrading the software and able to bail them out when something goes wrong.

      Maybe sell insurance policies?

      • Clearly you didn't read the article. The biggest difference between Sourcefire and most of the other crash and burn software companies (whether selling Free softwware or commercial software) was that Marty and friends have not spent money they didn't have. They ran the company out of Marty's house for a while, and when they finally did get offices they bought pre-furnished offices from a burnout at pennies on the dollar.

        In fact, the cycle you describe is common in the commercial software world as well. I pay maintenance fees on several large commercial software packages that I have no intention of ever updating to the newest version. The version I have works fine, and the new version had "issues" in my environment. I pay the maintenance fees as insurance.

        Microsoft has a large enough market, and enough clout that they can force their customers to upgrade, but most software companies don't have that kind of leverage.

        • Clearly you didn't read the article.

          Ah, but I did. I was addressing a reply to the post and merely stating how things have been for the past 40+ years.

          FWIW, where I used to work, we were the last people in the world to "upgrade" releases of anything and held vendors feet to the fire anytime they tried to pull a "Microsoft" on us (your example, forcing customers to "upgrade" by threatening to withdraw support, which, if you think about it, is another manifestation of monopoly.) I follow the example on my own eq, having been stung a couple times, when "upgrades" ceased essential products and services from other vendors from working.

          Marty's judicious use of venture capital underscores the change in business these days, grow the business first, then seek and accept funding as necessary, rather than get a fat pile on an IPO and blow it trying to gather name recognition, while your analysts, techs, marketing people scramble to put something together.


    • The beauty of this model is that if you weren't such a lazy whinner you could get off your ass and write the same damned EZ-KONFIG tool.

      Don't complain about this.

      Usability = 1/Functionality

      This equation explains the problem pretty well I think.

      Snort is very flexible, stable and thin. It has tremendous packet scanning capabilities. Because of all of this functionality there are many choices to be made when configuring snort. It takes time, knowledge and effort to correctly and efficiently configure snort.

      All of the functionality is in the open source version, and there are other open source tools, such as ACID, which make analysis of the snort output very easy. I'm sure there will be some effort made to make snort easier to configure and maintain by an open source project someday. I won't do it though, cause I like snort the way it is.

      The man gave us a good app. I think its pretty fair of him to ask for money if you want him to hold your hand and set it up for you.
    • what's wrong with that??
  • Slashdot effect burns down sourcefire.com. :-)
  • ..I prefer Snood [snood.com] to Good any day!

  • Oh man, you HAD to mention that he was hiring. Instantly slashdotted.
  • I hope it still sounds great 12 months or so after the IPO.

  • I know at least one earlier (Score:4, Interesting)

    by T.E.D. ( 34228 ) on Monday July 01, 2002 @03:27PM (#3802902)
    ACT [gnat.com] is a company that creates only free software. They've been around since the late 90's, and I understand they have been in the black for years, perhaps since inception. They are a privately held company, and as far as I know, have no plans to ever do an IPO. Perhaps that's why they don't get much press (although RMS likes to use them as examples in his speeches).

  • Who let the trolls out??

    Tonight is 'Episode II: Attack of The Trolls' or somthing???

    The guy with the large post did an impressive work anyway... I wish this post were used to show + explain the bug! And why not a patch in the same large post! That would beat bugtrak and their exploits code!!

  • CONGRATULATIONS MARTY!!

    I attended a SANS function that Marty lectured at once, for using Snort as an intrusion detection system. It's damn solid software. Very impressive, very configurable.

    Congrats on getting paid to do what you love, Marty. The rest of us should be so lucky. :>
  • I was under the impression that OS X was _A_ BSD but not actually a code fork of FreeBSD. Do they really share the same code in the base distribution? Or are they just cousins in the same family tree?

    BTW, I do know that Hubbard(sp?) and other FreeBSD folk have become employed by Apple. How does that factor in?
    • I was under the impression that OS X was _A_ BSD but not actually a code fork of FreeBSD. Do they really share the same code in the base distribution? Or are they just cousins in the same family tree?

      IIRC, the kernel is Mach micro-kernel running a BSD personality layer, and the userland is a code-fork from FreeBSD 3.2

  • What I like best, is how Marty stands to profit so much, where others like Dragos who have commited so much time and code to the project, get nothing.

    Yah, marty sure does rule. Even when he's standing behind you while you're bent over an IDS server.

    • Re:yah, snort screws it's developers (Score:4, Interesting)

      by SomeOtherGuy ( 179082 ) on Monday July 01, 2002 @04:44PM (#3803424) Journal
      Maybe not in up front dollars...But if any open source package gets "huge" or becomes a "killer app" then being one of the "core developers" will mean much on the old Resume. Ask Linus or some of the Apache folks.

      In the medical field (and in some degrees education) it is considered a huge career boost to get "published" in a journal....Considering the amount of money a Dr. makes -- just getting a concept or research published does not make tons of cash -- but the future dollars he makes "because" he was published are very big!

      P.S. -- I work for a big Fortune 500 company and Snort has been all the rage this year so far. (Last year it was Apache).....
  • working there that is... too bad I'm in boston and not moving to MD.

    really working anywhere than my Office Space world right now would rule rule RULE!!!

  • I use snort; have been since one of the low 1.x betas.

    Marty's still on the snort list from time to time, as are some of the other primary developers.

    To all the whiners who are putting him done for what he's done:

    Either you work for the government, slurping from the public trough;

    or, you've inherited your livelyhood;

    or, you're still in school, and Daddy's paying your way.

    Stop whining, get off your butt, and see if you can make one half as much a contribution to the human race as Marty has.

    t_t_b

  • Demarc (Score:3, Informative)

    by checkitout ( 546879 ) on Monday July 01, 2002 @05:28PM (#3803728)
    If you're checking out snort for the first time, I highly recommend using Demarc PureSecure [demarc.com] which is free as in beer (aka for personal use). It's by far the best front end for snort, and does host based checks as well.

    The screenshots [demarc.com] are mouthwatering. :)
  • In the article he says that even after several sales of $300k he wanted to take in more sales before getting an office and hiring staff, he was able to make nice money and didnt believe in unnecessary expenses. Yet the next paragraph goes on to say he was able to secure $7.5 million in funding.
    Why the funding and investors, that I am sure have their $.02 to add, if you work on bare essentials and are making good money?
  • I'd like to see Marty write a book detailing all his experiences in the growth of his software company. I've always believed in the cautious spending philosophy he embraces, and find most of his other business practices are very wise for a person without a business degree, but then again I never really expect much from a person with a business degree. I'd like to hear more about Marty's hiring practices, his selection criteria for a CEO, and anything else relevant to growing a software company around a successful piece of software.

Slashdot Top Deals

Real programmers don't bring brown-bag lunches. If the vending machine doesn't sell it, they don't eat it. Vending machines don't sell quiche.

Close