Re: How to choose an IDS/FW MSS provider

Marty said:

> 3) Snort has had 2 remote exploits (buffer overflow and integer  
> overflow leading to heap overflow on certain platforms) and a 2-3 
> DoSes  due to protocol handler mistakes in 6.5 years.  ISS has had at 
> least  that many over the years and a resultant worm to boot.  Did 
> being  closed really help them all that much?  I think that developing 
> in the  open forces us to be a little more careful than we might 
> otherwise be,  but I think that over time being open leads to a more 
> secure codebase  due to the exposure to the "elements" that it entails.

Not to mention Snort can be installed on a Linux system with GRSecurity 
protecting it, offering a much higher level of confidence than a 
appliance, at the cost of having someone who knows how to install a 
kernel patch. I've always wondered why IDS vendors don't do this. I'm 
sure there's a really good reason.

-dave



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------