DHS to Fund Open Source Next Generation IDS/IPS

I checked in with the #emerging-threats IRC channel a few minutes ago and saw a link to www.openinfosecfoundation.org:

October 16, 2008 (LAFAYETTE, Ind.) – The Open Information Security Foundation (OISF, www.openinfosecfoundation.org) is proud to announce its formation, made possible by a grant from the U.S. Department of Homeland Security (DHS). The OISF has been chartered and funded by DHS to build a next-generation intrusion detection and prevention engine. This project will consider every new and existing technology, concept and idea to build a completely open source licensed engine. Development will be funded by DHS, and the end product will be made available to any user or organization.

According to Matt Jonkman, this project will not be a fork of existing code. The idea is to take a new approach, not just replicate something like Snort.

While I am excited by this development, I don't think it's the project I would have wanted to fund right now. Open source users already have Snort, Bro, and other open source security products. I would rather see DHS support a free alternative to Snort signatures or even Tenable vulnerability checks. Another possibility would be funding tools to manage and integrate existing open source technologies. Still, seeing DHS award a grant in the open source security space gives me hope that other activities could be forthcoming.

I'll report on this as events develop, but don't expect to see any code in the wild for months. This is a tough problem and the OISF is starting "from the ground up."