/>
X

Does Sourcefire investigation reflect lack of understanding of open source?

If Israeli CheckPoint buys Sourcefire, how does that affect the open source Snort program? Does who the inventor works for make the software less secure?
zd-defaultauthor-zdnet-uk-10001012.jpg
Written by ZDNet UK on

Yesterday, the Committee on Foreign Investments in the United States announced it was investigating the acquisition of a small American company - Sourcefire - by the Israeli company CheckPoint. The concern is nominally that Sourcefire has a number of sensitive defense and government contracts. But the real concern has to do with Snort, open source intrusion detection software invented by Sourcefire's founder Martin Roesch. While Sourcefire has commercialized Snort, the software is completely open source. In an article in today's Washington Post, Sourcefire CEO Wayne Jackson notes:

"What nobody's talking about is the fact that Snort, which is at the center of all this hubbub, is open source. . . . China could be using it. Iran could be using it. North Korea could be using it. Nothing's being transferred except control, and those are issues that could certainly be addressed with the committee."

While some defense executives are concerned because so many government computers run Snort, control of the software doesn't rest in Sourcefire's hands. If the concern is that Roesch, as a CheckPoint employee, would insert some backdoor into  a future version of Snort, the fact that it is open source would quickly expose such a vulnerability. There is far less vulnerability because the source code is not secret and development is not limited to a single company.

The Post quotes Tony Fratto, a spokesman for the Treasury Department, which leads CFIUS, as saying,  "Certain members of the committee have outstanding concerns that there's potential risks to national security were the transaction to proceed."

Jackson said he is "confident that measures can be put in place to mitigate whatever risks the federal government believes might exist." He also said the firm will continue to serve its federal customers throughout the investigation, which is expected to conclude this month with a report to the president.

Related

Are you ready for the worst Economy Class airline seats in the world?
airline-seats.jpg

Are you ready for the worst Economy Class airline seats in the world?

Business
Remote working vs back to the office: Benefits are clear, but there could be trouble ahead for some
A middle aged man in casual attire sat at his computer desk speaking to colleagues via a split-screen video chat application

Remote working vs back to the office: Benefits are clear, but there could be trouble ahead for some

Professional Development
Microsoft Azure-certified roles are well-paid, and you can study for certification for $39
replace-this-image.jpg

Microsoft Azure-certified roles are well-paid, and you can study for certification for $39

Deals