Nothing to snort at

A common question raised about open source is, “How can you make money from free software?” It’s a good question, but as Martin Roesch can attest, it does have a good answer.

If you happen to work in the security field, you might know Roesch’s name or at least his work. You see, Roesch is the lead developer of Snort (www.snort.org), an incredibly popular open-source intrusion detection system.

Roesch became aware of the open-source movement in the 1990s. He read Eric Raymond’s work, The Cathedral and the Bazaar, which described the community dynamic behind open source, and became fascinated with the concept of creating a “category killer” — a piece of software that creates a new standard in a particular area.

So he began creating an intrusion-detection tool, which he dubbed “Snort.” After receiving much feedback and encouragement from the open-source community, he worked to expand the project, adding features that users wanted. Before long, Snort had matured to the point where it was looking like a potential category killer for intrusion detection.

But as Snort gained popularity in security circles, Roesch soon became aware of business issues regarding the project. Corporations wanted to use Snort, but they also wanted to buy Snort support contracts from a corporation backing the software. Businesses also wanted to see things such as simple Web interfaces and user training classes so that intrusion detection would become more about using security software and less about having a brilliant security person on staff who could figure out the best way to use complex tools.

Roesch decided this was an excellent business opportunity, so he founded the company known as Sourcefire (www.sourcefire.com) in 2001. Says Roesch, “We don’t sell intrusion detection; we sell everything else.”

Sourcefire provides the desired support and consulting functions to organizations using Snort, while providing tools to simplify the configuration process and manage the large quantity of data that Snort gathers. Among the additional capabilities offered by Sourcefire is an integrated database system, so there is no longer any need to labor to load the raw data in some external database to make it usable for analysis. Advances such as these make Snort much more appealing to the enterprise.

Sourcefire may have started as a handful of people operating out of Roesch’s living room, but the business quickly caught on. In just two years, Sourcefire has grown to over 50 employees in three U.S. locations with established international distribution channels.

Sourcefire’s example shows one way that businesses can grow around open-source software. By focusing on selling services, add-ons, and expertise, it is possible to grow a viable business. Sourcefire’s customers win because they get the services and support they need for intrusion detection. Snort users win because Sourcefire continues to develop Snort, releasing improvements under an open-source license. Sourcefire wins because it can profit and grow. And the Internet wins because all sites have access to a powerful tool to aid in their security.

Now that’s what I call a great solution.