Open Source Antivirus: ClamAV project sold to Sourcefire

The ClamAV project – the known open source anti-virus toolkit – last friday announced that all project’s Intellectual assets had been sold from the five key developers to Sourcefire, the firm maker of intrusion detection products based on Snort.

Sold!Sold! by Pommykiwi

Sourcefire, who recently launched its public offer, is likely to maintain ClamAV much in the same way as it has done with Snort. Martin Roesch, Sourcefire’s CTO, stated:

The success of the ClamAV project is a direct reflection of the talent and dedication of the founding team and the project community. Sourcefire will continue to invest in the ClamAV technology, much as we have with Snort and

As reported by Ohloh, over ClamAV history 13 contributors have submitted code, and only 6 have done it in the last year. As a matter of fact Sourcefire now is hiring the whole core group, and they are in the position to double-licensing it.

Differently from StillSecure, or worse Tenable Security, Sourcefire seems willing to balance open source and business through an hybrid production model, making money possibly with the Twin licensing business model.

I agree with the ClamAV team, saying that the acquisition by Sourcefire is a testament to the hard work of the entire ClamAV community, and I wonder: will they be able to retain external contributions (mainly virus signatures) from now on?

Dana asks if open source users, are going to get caught in the trips-and-dramas of corporate finance, just as if they were using proprietary software. While I know that it might be so, I think that there are chance that Sourcefire will balance its business interests with the community’s ones, eventually finding a way to keep ClamAV’s OEM’s interest in the project.

I disagree with Alan Shimel, who whishes that:

anytime a commercial entity makes a licensing move like this, other companies that are using that open source tool band together with others in the community and fork the project as is their right.

It is not efficient and likely not effective, above all unrealistic. On the contrary I would like to see other firms using ClamAV be part of the game. It is just up to Sourcefire find a way, if it makes some sense to them to work to build a ClamAV technological club.

Best wishes to all ClamAV guys, congratulations!

Technorati Tags: Commercial Open Source, Open Source Strategy, Sourcefire, ClamAV