Open Source Antivirus: ClamAV project sold to Sourcefire
The ClamAV project – the known open source anti-virus toolkit – last friday announced that all project’s Intellectual assets had been sold from the five key developers to Sourcefire, the firm maker of intrusion detection products based on Snort.
Sold! by Pommykiwi
Sourcefire, who recently launched its public offer, is likely to maintain ClamAV much in the same way as it has done with Snort. Martin Roesch, Sourcefire’s CTO, stated:
The success of the ClamAV project is a direct reflection of the talent and dedication of the founding team and the project community. Sourcefire will continue to invest in the ClamAV technology, much as we have with Snort and Snort.org.
As reported by Ohloh, over ClamAV history 13 contributors have submitted code, and only 6 have done it in the last year. As a matter of fact Sourcefire now is hiring the whole core group, and they are in the position to double-licensing it.
Differently from StillSecure, or worse Tenable Security, Sourcefire seems willing to balance open source and business through an hybrid production model, making money possibly with the Twin licensing business model.
I agree with the ClamAV team, saying that the acquisition by Sourcefire is a testament to the hard work of the entire ClamAV community, and I wonder: will they be able to retain external contributions (mainly virus signatures) from now on?
Dana asks if open source users, are going to get caught in the trips-and-dramas of corporate finance, just as if they were using proprietary software. While I know that it might be so, I think that there are chance that Sourcefire will balance its business interests with the community’s ones, eventually finding a way to keep ClamAV’s OEM’s interest in the project.
I disagree with Alan Shimel, who whishes that:
anytime a commercial entity makes a licensing move like this, other companies that are using that open source tool band together with others in the community and fork the project as is their right.
It is not efficient and likely not effective, above all unrealistic. On the contrary I would like to see other firms using ClamAV be part of the game. It is just up to Sourcefire find a way, if it makes some sense to them to work to build a ClamAV technological club.
Best wishes to all ClamAV guys, congratulations!
Roberto Galoppini, 
tom, 
mike, and 1 other are discussing.
University Update - Linux - Open Source Antivirus: ClamAV project sold to Sourcefire 6:41 pm on August 20, 2007 Permalink
[…] YouTube Open Source Antivirus: ClamAV project sold to Sourcefire » This Summary is from an article posted at Commercial Open Source Software on Monday, August 20, 2007 The ClamAV project – the known open source anti-virus toolkit – last friday announced that all project’s Intellectual assets had been sold from the … from StillSecure, or worse Tenable Security, Sourcefire seems willing to balance open source and business … (mainly virus signatures) from now on? Dana asks if open source users, are going to get caught Summary Provided by Technorati.comView Original Article at Commercial Open Source Software » 10 Most Recent News Articles About Linux […]
Sourcefire aquires ClamAV : An Information Technology Perspective 9:39 pm on September 22, 2007 Permalink
[…] Having been a longtime supporter of the ClamAV project, I was interested to see the headline, Open Source Antivirus: ClamAV project sold to Sourcefire. ClamWin is actually the product that I’ve used extensively in the past. Our new self-service kiosk project at work is running this and doing beautifully through the test period. […]
mike 4:05 pm on June 16, 2008 Permalink
Hi Roberto,
Interesting trend: Another open source security project sold.
OSSEC HIDS project acquired:
http://www.ossec.net/main/ossec-project-acquired
What do you think?
-m
tom 11:22 am on July 11, 2008 Permalink
Interesting! I have been using Win Clam for sometime and just happened to find this piece of news by chance.
Which are other open source projects sold out in this manner?
Roberto Galoppini 4:57 pm on July 14, 2008 Permalink
Not many really. community open source projects tend to stay that way for life, even if they become hybrid projects. Acquia, providing value-added services for Drupal is an example of what happens “usually”. Instead “buying” a community project is not an easy goal, since copyright assignments should be signed by each author. And, even if feasible, “buying” a community is risky bet, definitely a decision to be handled with care.