ourcefire VRT Rules License Audit Rights

Don't be too quick to register to receive the latest Snort rules if you use Snort in your organization. This snort-users post brought this section of the VRT Certified Rules License Agreement to my attention:

"11. Audit Rights.

You will, from time to time and as requested by Sourcefire, provide assurances to Sourcefire that you are using the VRT Certified Rules consistent with a Permitted Use, and you grant Sourcefire access, at reasonable times and in a reasonable manner, to the VRT Certified Rules in your possession or control, and to your books, records and facilities to permit Sourcefire to verify appropriate use of the VRT Certified Rules and compliance with this Agreement.

Sourcefire's non-exercise of this right, or its failure to discover or object to any inappropriate use or other breach of this Agreement by you, shall not constitute its consent thereto or waiver of Sourcefire's rights hereunder or under law.

In the event your use of the VRT Certified Rules is not in compliance with a Permitted Use, or if you otherwise violate the terms of this Agreement, Sourcefire may, since remedies at law may be inadequate, in addition to its other remedies:

(a) demand return of the VRT Certified Rules;

(b) forbid and enjoin your further use of the VRT Certified Rules;

(c) assess you the cost of Sourcefire's inspection and enforcement efforts (including attorney fees); and/or

(d) assess you a use fee appropriate to your actual use of the VRT Certified Rules."

The snort-users poster said "our corporate counsel had apoplexy when he saw the license terms." I would have to agree. I can not see any corporate lawyer agreeing to these terms. Does anyone know of any similar licensing agreements for other projects or products?

I have not yet registered to receive the VRT rules, and at this point I am not sure I am willing to subject my company to this level of intrusiveness.

Update: Does Marty read this blog? Maybe -- he's looking at this audit provision, according to his recent snort-users post: "Any time you get lawyers involved things sometimes don't work out quite like you were planning." Stay tuned!


Scott said…
Looks like they have changes this.


Popular posts from this blog

Five Reasons I Want China Running Its Own Software

Cybersecurity Domains Mind Map

A Brief History of the Internet in Northern Virginia