Sourcefire's Roesch pledges long, open-source life for Snort
Many users in the Snort community are interested in the Check Point acquisition. What's happened since the acquisition?
Roesch: Well, the fact that we're going to have more resources at our fingertips to continue to advance Snort. More people in research, developers, QA people, [and] the quality of the technology should continue to improve more rapidly. We have a lot of ideas as far as where detection technology needs to go to remain relevant. I don't think the end-all, be-all of detection technology is deep-packet inspection. I think that that's one approach, but it ignores a whole lot of problems that aren't going to be ignored by the bad guys forever. We're working hard to combat those kinds of problems and bring people more effective, powerful analysis technology. So the Snort community should be thrilled because we're going to pour a lot of interesting ideas and hard work into this technology that they're still going to benefit from.
There's a lot of skepticism from the Snort users right now because they're in wait-and-see mode, so we need to prove to them that we mean it when we say Snort's going to get a lot better. We're not going to try to close it or anything like that. Once they see how much benefiting, they're going to be really happy.