   iQ: Martin, first of all, congratulations on being named one of eWeek’s 100 most influential people in information technology. That’s quite an accolade, especially for the CTO of an Open Source driven company that was founded less than a decade ago... thoughts? Martin Roesch: Thank you very much. I’m honoured that the guys at Ziff Davis would include me on a list with such prestigious innovators. I’d just like to say a big thank you to everyone at Sourcefire and also right across the Snort community for all their fantastic dedication and support. iQ: What do you think earned you your place on the list? MR: To me it really just reflects the combined success of the Snort project and Sourcefire as a company. When I first wrote Snort I knew that it was better than some of the then current commercial products, but I really had no idea that it would so profoundly affect the information security industry. I’d never have imagined that Snort would be downloaded millions of times, have literally hundreds of thousands of users, or be the basis of hundreds of other Open Source projects and commercial products. iQ: So how does Sourcefire – and your role in the business – sit within that wider context? MR: Sourcefire is best known as a leader in intrusion prevention, but my real vision is for the company to be instrumental in transforming the way organisations manage and minimise their network security risks. iQ: Snort is now a hugely popular IPS / IDS engine of course. Tell us more about how it came about. MR: I originally wrote Snort as a weekend project back in 1998 as a home traffic analysis tool. I released the code under the GPL Open Source license and it just took off, with contributions and feedback from the community forming what’s become the basic architecture of Snort today. Sourcefire itself wasn’t founded until 2001, when I saw the opportunity to combine the innovation of Open Source with commercial support and enterprise value-add features. Once Sourcefire was founded, some of the original contributors joined the company – creating what went on to become the dedicated engineering team that still writes the core code – and some became our first customers. Since then we’ve continued advancing Snort and developing new technologies like Sourcefire RNA and RUA that integrate with Snort in the Sourcefire 3D System. In 2007 Sourcefire became a public company and completed its first acquisition – ClamAV – the popular anti-virus project. iQ: Snort's success seems almost ironic given its Open Source foundations – on the face of things at least, Open Source and security seem diametrically opposed. MR: It’s like this. Security in Open Source is really based on the “many eyes” theory versus the “security through obscurity” stance preferred by the closed development model. So instead of hoping that hidden security flaws aren’t discovered (the fundamental basis of rather too many security solutions if you ask me. Ed.), the Open Source development methodology encourages its community to find and report flaws. Also, if you look at how widely used Snort is today, the number of smart, technical people reviewing and refining the code for Snort far exceeds those doing a similar job for closed software companies. Additionally, the market has a shown a strong preference for solutions that give them the ability to both inspect and verify the quality of the code, and for security products that can prove that they do, in fact, provide the protection they claim to. iQ: In essence then, you’re saying that Open Source’s very openness is in itself an advantage from a security perspective. So Sourcefire and Snort’s use of Open Source really lies at the heart of what they’re all about? MR: Open Source is really Sourcefire’s roots. iQ: The Open Source arena has seen some pretty big changes since its emergence in the late 1990s though. Where do things sit now in your opinion? Has Open Source grown up? MR: If Open Source is characterised by one thing, it’s rapid innovation. What’s different now is the mainstream adoption and commercial support of Open Source technology. And yes, you could say it’s has grown up – especially in terms of adapting to the expectations of the enterprise. Most enterprise Open Source users expect the same support, documentation and ease of use they’re used to from commercial, closed vendors. Sourcefire, for one, has embraced this model to try to deliver the best of both worlds – the rapid innovation of Open Source coupled with the value-add features and commercial support enterprise users demand. iQ: There’s an argument that the broader market perception and the reality of Open Source have diverged somewhat. Is this right? Are the perception and reality of Open Source now different things? MR: I don’t think perception and reality have diverged so much as there is a much broader group of end users that make up the market. These diverse groups have different expectations and definitions of “Open Source”. Today’s market accepts a lot of flavours of Open Source – from the traditional OSI and Free Software Foundation definitions, through trial versions of commercial products, all the way to proprietary products that provide source code. This liberal use of the term Open Source is one of the things that have really sparked the debate about what Open Source now is. iQ: Open Source is still the Yin to closed source's Yang, but it seems less like an antagonistic relationship these days than something of an unholy alliance... do you agree? MR: To me, the market has spoken and demanded that software companies of all kinds adopt more open models. And some have gone further than others in doing this. How open they become really depends on the demands of their customers and of the markets they’re trying to serve. At Sourcefire, we firmly believe that the combination of Open Source community projects with commercial value-adds such as extra functionality, support, documentation, and so on is a win-win for all. Our goal is to be THE Open Source security company. iQ: Do you think this "odd couple" arrangement will continue and evolve, or will one camp or the other eventually go to the wall? MR: As I said, I think this will really depend on the expectations of end users and customers and it will vary across segments. I don’t think the typical desktop application user will demand a more open model, but if current trends hold in the security industry for example, I expect the tendency towards more Open Source will continue and even accelerate. iQ: After Microsoft's much publicised "snowball's chance in hell" statement about Open Source a few years ago, at the recent ApacheCon Europe 2008 OS conference we saw an MS representative with a t-shirt that said: "Microsoft: Snowball spotted in Amsterdam, April 2008". Is this indicative of how far Open Source has come, do you think? MR: I think it’s an indication of the global reach of Open Source technology these days, and it proves what I’ve been saying about the market dictating that vendors become more open. iQ: What then, IS Open Source these days? What does it mean? Where's it going? How should today's CIOs and IT directors think about it? MR: If you ignore, for a moment, the ongoing debates about licensing and the definition of terms, at its core, Open Source has proven beyond doubt that it is an incredibly powerful way to develop software. CIOs and IT directors should evaluate Open Source, like any technology, on how useful it is to them and its total cost of ownership. They should understand whether their organisation is really capable of implementing and managing free Open Source technology effectively, or if commercially support versions and distributions are a better option. iQ: How will the Open Source / commercial software landscape evolve over the next year, five years, decade? MR: I believe we’re still just at the tip of the iceberg when it comes to enterprise adoption of Open Source. This growth market will drive innovation and force commercial software companies to adopt more open development models. As this happens more projects will become self aware of their market potential and be the next generation of innovative companies and commercial products. iQ: Where to next for Martin Roesch, Sourcefire, and Snort then? MR: It’s hard to believe, but Snort turns ten this year and as durable a platform as it is, it’s time for an upgrade – what’s been widely known as Snort 3.0 – really a major rewrite that will be delivered in two parts. The first will transform Snort into the Snort Security Platform – a more flexible, scalable traffic analysis platform. The second is the Snort 3.0 engine, a rewrite to take Snort forward for the next 10 years and beyond. Sourcefire v4.8 will be out in August. This release introduces several new and improved features but the one I’m most excited about is support for virtualisation. As enterprises move to virtualised environments, there will be security challenges that today’s products don’t address. We’ll also continue advancing ClamAV, which we acquired last August – another project that demonstrates how commercial companies and Open Source communities can benefit one another. The first major release since the acquisition is due in September. We’re also planning on acquiring additional technologies to expand our capabilities and enter new markets. And we’re extremely excited about the BOSS (Best of Open Source Security) conference we’re hosting next February in Las Vegas that will bring together leading Open Source projects, advocates, and end-users to discuss exactly the issues we’ve been talking about today. |
|
|
||||||||||
Insight.com/uk
 |
 |
 |
|
 |
|
||||||||||||
 |
Resources 
|
 |
|
 |
 |
|
 |
|
|||||||||||||||||||||||||||||||
 |
|
 |
||||||||||
 |
 |
Insight Direct (UK) Limited , Registered in England & Wales. Registered Office: Technology Building, Insight Campus,Terry Street, Sheffield S9 2BU, UK
Company Number: 2579852, VAT Registration Number: 746 0751 29
Company Number: 2579852, VAT Registration Number: 746 0751 29