The ClamAV project - the known open source anti-virus toolkit - last friday announced that all project’s Intellectual assets had been sold from the five key developers to Sourcefire, the firm maker of intrusion detection products based on Snort.
Sold! by Pommykiwi
Sourcefire, who recently launched its public offer, is likely to maintain ClamAV much in the same way as it has done with Snort. Martin Roesch, Sourcefire’s CTO, stated:
The success of the ClamAV project is a direct reflection of the talent and dedication of the founding team and the project community. Sourcefire will continue to invest in the ClamAV technology, much as we have with Snort and Snort.org.
As reported by Ohloh, over ClamAV history 13 contributors have submitted code, and only 6 have done it in the last year. As a matter of fact Sourcefire now is hiring the whole core group, and they are in the position to double-licensing it.
Differently from StillSecure, or worse Tenable Security, Sourcefire seems willing to balance open source and business through an hybrid production model, making money possibly with the Twin licensing business model.
I agree with the ClamAV team, saying that the acquisition by Sourcefire is a testament to the hard work of the entire ClamAV community, and I wonder: will they be able to retain external contributions (mainly virus signatures) from now on?
Dana asks if open source users, are going to get caught in the trips-and-dramas of corporate finance, just as if they were using proprietary software. While I know that it might be so, I think that there are chance that Sourcefire will balance its business interests with the community’s ones, eventually finding a way to keep ClamAV’s OEM’s interest in the project.
I disagree with Alan Shimel, who whishes that:
anytime a commercial entity makes a licensing move like this, other companies that are using that open source tool band together with others in the community and fork the project as is their right.
It is not efficient and likely not effective, above all unrealistic. On the contrary I would like to see other firms using ClamAV be part of the game. It is just up to Sourcefire find a way, if it makes some sense to them to work to build a ClamAV technological club.
Best wishes to all ClamAV guys, congratulations!
Hi Roberto,
Interesting trend: Another open source security project sold.
OSSEC HIDS project acquired:
http://www.ossec.net/main/ossec-project-acquired
What do you think?
-m
Interesting! I have been using Win Clam for sometime and just happened to find this piece of news by chance.
Which are other open source projects sold out in this manner?
Not many really. community open source projects tend to stay that way for life, even if they become hybrid projects. Acquia, providing value-added services for Drupal is an example of what happens “usually”. Instead “buying” a community project is not an easy goal, since copyright assignments should be signed by each author. And, even if feasible, “buying” a community is risky bet, definitely a decision to be handled with care.