Thursday, October 16, 2008

DHS to Fund Open Source Next Generation IDS/IPS

I checked in with the #emerging-threats IRC channel a few minutes ago and saw a link to

October 16, 2008 (LAFAYETTE, Ind.) – The Open Information Security Foundation (OISF, is proud to announce its formation, made possible by a grant from the U.S. Department of Homeland Security (DHS). The OISF has been chartered and funded by DHS to build a next-generation intrusion detection and prevention engine. This project will consider every new and existing technology, concept and idea to build a completely open source licensed engine. Development will be funded by DHS, and the end product will be made available to any user or organization.

According to Matt Jonkman, this project will not be a fork of existing code. The idea is to take a new approach, not just replicate something like Snort.

While I am excited by this development, I don't think it's the project I would have wanted to fund right now. Open source users already have Snort, Bro, and other open source security products. I would rather see DHS support a free alternative to Snort signatures or even Tenable vulnerability checks. Another possibility would be funding tools to manage and integrate existing open source technologies. Still, seeing DHS award a grant in the open source security space gives me hope that other activities could be forthcoming.

I'll report on this as events develop, but don't expect to see any code in the wild for months. This is a tough problem and the OISF is starting "from the ground up."


Vivek Rajan said...

From the FAQ

>> In return licensingconcessions can be made to allow vendors, MSSP's and others to integrate this code into their proprietary products without reverse disclosure issues often encountered with GPL code.

It appears that they have decided what license NOT to use.

In any case, this is good news. Let us hope all the code including hardware acceleration are truly open source.

Parantar said...

i really love to read your blog. im gonna visit here everyday

SB said...


You may already know this, but I thought Id mention it anyway.

There is a free feed of Tenable (Nessus specifically) vulnerability checks available by the guys who created OSSIM. I havent used the feed myself as yet, so I make no claims about the level of coverage, but I mention it here just in case anyone wants to check it out.