Fyodor on Nmap and Sourcefire collaboration

50

Author: Joe Barr

Sourcefire and Insecure.org announced today that they will collaborate to develop an open source Nmap-based vulnerability detection tool. The engine will come from Insecure.org, based on its Nmap Scripting Engine (NSE), and Sourcefire will develop plug-ins for the engine.

Sourcefire is the commercial venture formed by Martin Roesch, creator of the very popular Snort, an open source intrusion detection system. Its business model is based on a dual-licensing scheme. While Snort itself is free software, licensed under the GPL, the “rules” it uses to identify specific threats are dual-licensed.

Sourcefire subscription customers get closed-source versions of the rules, which they are not allowed to distribute under any conditions, as soon as they are available. After 30 days, the Vulnerability Research Team (VRT) rules (verified by Sourcefire) are released under the GPL to anyone who registers and downloads them. Other rules, developed by the open source community, are available as well, under whatever license the creator has released them.

The Nmap-contributed engine will replace similar functionality currently used by Sourcefire in its 3D System, which combines Snort with other components to provide a complete system to “discover, determine, and defend.” Sourcefire told us today that they are unsure which license the plug-ins will be released initially.

Fyodor, the creator of Nmap, took time from his busy schedule to brief us on this new development for the project.

“Besides the Nmap Scripting Engine, we’re working on a new cross-platform graphical interface named UMIT. We are also ramping up for the Google Summer of Code, which starts next Monday. Google sponsored six talented students to work on Nmapfor the summer!”

If that’s not enough, he added “Oh, and Nmap is celebrating its 10th anniversary on September 1!”

Fyodor told us that the NSE is licensed under the GPL, and will continue to be moving forward. He also said that he expects that Sourcefire will use a dual-licensing scheme for the plugins, which would allow Nmap to include them in its distribution, probably on a time-delayed basis as Sourcefire currently does with Snort rules.

Fyodor denies that this news will serve to make him even richer and more famous, saying “The Nmap project already had our 5 seconds of fame when Trinity used Nmap to hack the Matrix. So for NSE we’re trying to make the Internet a little bit more secure rather than shooting for fame and glory.”