The future of open source security solutions in doubt

The open source movement has been particularly influential in the security software market.  Such open source security tools like Snort, Nessus, NMap, IP Tables, etc. have attracted hundreds of thousands, if not millions of users collectively and are among some of the most successful open source projects. Over the past years commercial companies including StillSecure, have built upon some of these open source technologies to extend and expand their capabilities and feature sets and offer enterprise class solutions.  At the same time some of the driving forces behind these open source projects have capitalized on their popularity by starting companies of their own.  We have seen a trend develop that these companies started by the open source project managers have taken over the management of the project and in many ways changed key parts of the licensing of the security tools. They have been in fact moving away from what many think of as the principals of open source software to stop other companies who incorporate these tools from competing with their commercial ventures.  In many cases they will keep the tool itself licensed under the GPL but then charge for updates and new rules or tests. Sort of like giving away the engine to make the money on the gasoline. I guess it is the old razor and razor blade story taken into a new game.  Two pieces of information today I think cast a shadow on even that continuing though.  First of all Checkpoint announced today that it was acquiring Sourcefire for 225 million dollars. Sourcefire was started by the folks who run the Snort project.  Secondly, an interview with the founder of the Nessus open source security project posted notice that the new version of their product will no longer be licensed under the GPL at all!  He cited pressure from other companies using the open source tools and competing with his commercial venture as the reason.  On the Sourcefire deal, the founder of the Snort project posted to the list a notice that Snort will continue to remain a GPL licensed open source tool.  Currently they just charge if you want the latest rules and signatures they develop as soon as possible.  However, we have all seen what happens with acquisitions. People move on, priorities change and frankly I don't know if anyone can say what the future holds for the continued open status of this project.  The Nessus comments speak for themselves and clearly signals the death knell of that tool being an open source project. 

What does this mean?  Well for StillSecure, we have anticipated and followed these developments for some time now and have our plans already in progress.  We have the resources and capabilities and have been developing our own tools, rules, signatures and engines for some time now.  Our SAT (Security Alert Team) does a great job of keeping all of our products up to date and we rely on no open source security project exclusively for any content or technology.  We think the developments commented on above, could potentially alienate the open source communities upon which some of these companies depend. It is a great opportunity for us to capitalize on by offering alternatives that offer more functionality and greater value than the commercial offerings of some others.  Does it mean that open source development in the security arena will be stifled or that this "golden age" of open source security tools is coming to an end?  Maybe, I guess we will have to wait and see.  If it is, I am sorry to see it go but am excited to see if we can fill the void!