When Check Point Software Technologies Ltd. tried to acquire Sourcefire Inc. for $225 million last year, Snort users feared their beloved open source IDS tool would languish under new ownership. But now they're cautiously optimistic about Sourcefire's plans to go public.
A majority of Snort users and industry experts interviewed in recent days said an IPO would leave Snort's management in the hands of Sourcefire, where they said it belongs. And, they added, an IPO could give the company much needed cash to invest in Snort upgrades.
The infrastructure to support Snort isn't cheap and Sourcefire isn't flush with cash, said Richard Bejtlich, founder of the Washington, D.C.-based consultancy Tao Security. "The money to keep Snort thriving has to come from somewhere, and an IPO could give Snort more legs," he said.
Sourcefire announced last week that it had filed with the U.S. Securities and Exchange Commission to raise up to $75 million in an initial public offering (IPO) of stock, seven months after Check Point dropped plans to acquire the company amid concerns that foreign ownership of Snort would threaten U.S. national security.
Check Point is based in Israel, and the FBI and Pentagon expressed strong reservations about the deal because Snort is used to safeguard classified U.S. military and intelligence data. Meanwhile, some Snort users expressed concern that Check Point would allow Snort to languish, as some feel it has done since it acquired the popular free ZoneAlarm desktop firewall application as part of its $205 million purchase of Zone Labs in 2003. Others feared Check Point would seek to further monetize Snort by no longer allowing it to be an open source product.
Martin McKeay, a CISSP and Snort user based in Santa Rosa, Calif., worried about the future of Snort under the management of Check Point. But he said an IPO would leave Snort in the hands of Sourcefire management, where it belongs.
"I'm much less concerned with this than I was with the purchase by Check Point," he said in an email interview. "The [Check Point] purchase presented a change of management at a high level and might have taken some of the control out of the hands of the folks at Sourcefire, whereas going public leaves the majority of the control exactly where it's always been."
If Sourcefire struggles financially and eventually lets go of Snort, some users believe the IDS tool would survive in the care of the open source community.
Eric Nooden, information systems manager for Rockford, Ill.-based Rockford Gastroenterology Associates, said there's enough documentation and secondary sites like Winsnort.com and Bleedingsnort.com [now called Bleeding Edge Threats] to keep Snort rules current for some time to come.
"Plus, as with some other open source projects, if Snort support were to languish, it could always be forked off and supported by some other adventurous programmers and the open source community," Nooden said in an email interview.
As for the effect a Sourcefire IPO could have on Snort, Nooden doesn't expect much to change in the long run.
"I think that initially there will be moderate excitement for the IPO, but that will be generated from their current user base," he said. "After a few months, all the hubbub with die and they will be left with what they started with -- their initial user base."
Though initial reaction to Sourcefire's IPO plans was positive among those interviewed, a SearchSecurity.com online poll revealed more skepticism.
Asked if Sourcefire's plan to become a public company is a bad move for the future development of Snort, 55% said yes, open source tools should not be managed by a public company. But 22% said no, that Snort will thrive with Sourcefire in the limelight. The remaining 22 % said it's too soon to tell.
Some security expert bloggers are also speculating that the IPO is merely bait to attract another buyer for the company.
Whatever happens, McKeay doubts Sourcefire would ever relinquish the reigns of Snort.
"Snort is probably one of the biggest assets of Sourcefire, acting as a testing ground and gateway product for their main line of IDS products," he said. "I don't see any reason for them to stop."