On Fri, 2015-08-28 at 10:46 -0400, William Pechter wrote:
Michael Tremer wrote:
Sure it is free software in the end and we all wouldn't do free software if we didn't know this from the beginning. We do not expect money from every single user, because other things are even more important. But at the end of the day money is needed to run the project. If someone is paying that from their own pocket and an other one is making the huge profit, something is *clearly* wrong.
Thank you for the in depth answer...
I hope there's someone out there who will leak the name of the large company so there's a change in their behavior and a loss of at least a little of their customer base.
There are various speculations out there who it could have been.
Probably every big business is guilty of not supporting the software they use. Remember when Heartbleed "uncovered" that two guys did OpenSSL in their spare time? Many companies relied on this software and no one really supported the project. After that they got ridiculous amounts of money. I am not convinced that this is the solution to throw this money onto the project in that case a severe issue is discovered.
Unfortunately, there's big money in computer security these days and some large companies have been buying up the Open Source products.
I don't think that this money is invested in real security. People buy solutions that look like security but they are not. People like scanning proxies that search for viruses and forget about making TLS completely useless. These are the products that sell for money. Under -the-hood improvements like grsecurity do not look as nice on a flyer and won't convince the customer to buy anything.
I remember when Cisco replaced their sensor box under Solaris (IIRC it was Solaris, not SCO) with a Linux customized box with Snort...
Perhaps the Open Source community needs to pool resources in some kind of cooperative to keep these projects going.
At least Snort is still available after the Cisco buyout. It could have been worse and been an Oracle purchase which usually causes a pull of the open source version from the net.
Snort is still available, but I think that development has not really advanced much since then. They are commercially exploiting a nice Open Source project. I am not too deep in this - this is just my impression. Some projects are better if they are left independent and big companies sponsor them instead of owning them.
-Michael
Bill