OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Jeff Nathan (jeffwwti.com)
Date: Wed Dec 05 2001 - 13:12:35 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Nate.Duzenberrymortgage.wellsFargo.COM wrote:
    >
    > OOPS. I am now aware that they ported it.
    >
    > It still is not a good HID solution for our environment. I can't attach a
    > service level agreement to an open source application that doesn't have
    > escalation support. Not to mention that I can't put Beta software in a
    > production server farm! We are using it for NID in a few select scenario's
    > and have had problems with HP ITO integration.
    >
    > Sorry, those are simply the facts in a large environment.

    I'm writing this from my personal email address but I'm also in a
    position where I deal with a large enterprise, one that's a bit higher
    on fortune's list than Wells Fargo I might add and by no means small.
    There is the assumption that the quality assurance process software
    undergoes before it's released somehow insures there aren't
    vulnerabilities and insures proper functionality. If that were the
    case, then commercial software wouldn't ever show up on Bugtraq and
    bugfixes wouldn't exist. We all know, however, this isn't the case.
    Once we understand that the beta process for commercial software neither
    insures security nor functionality the argument against open source
    applications in a large enterprise pretty much loses steam.

    This entire argument additionally assumes that all open source software
    is beta software and does not go through a quality assurance process.
    This is an assumption that does not hold true with snort. As you know,
    snort has a very large user base and in having such has a large quality
    assurance organization testing every beta build before it's released.

    Large companies often feel like they must turn to business partners whom
    they have an established relationship with for every product regardless
    of the quality of the product the partner provides. Simply because a
    business partner provides an SLA on a sub-par product does not mean the
    product will function as promised. When dealing with the security of a
    large enterprise, I'll take functionality first and promises from
    vendors second.

    I'll leave the host based ID argument alone for the moment because I
    feel it is outside the scope of this thread. However I will add that
    snort is most definately fit for large enterprise environments.

    -Jeff 

    -- 
http://jeff.wwti.com            (pgp key available)
"Common sense is the collection of prejudices acquired by age eighteen."
- Albert Einstein