Re: CVE-2012-5076 and CVE-2012-1723 Rules

[Joel Esler <jesler () sourcefire com>]

On Nov 26, 2012, at 10:21 AM, "lists () packetmail net" <lists () packetmail net> wrote:
> On 11/26/2012 09:14 AM, Joel Esler wrote:
> > As far as the community ruleset, the tl;dr is yes.
>
> Excellent, thanks Joel, and thanks too for taking my E-Mail in the context it
> was intended -- Friendly open discussion around differences in both rule sets.
>
> I am very much looking forward to this getting completed and working with you
> again.  Cooperation in the info sec community ensures the greater good will
> benefit.  Having a well structured and working feedback loop from community
> input (rules, URL structures, PCAPs, etc) will certainly strengthen the ruleset
> in the same way it has on the ET side.

So what we've been doing in the meantime is accepting any submissions that come in (some attributed via the blog, some 
don't want to be attributed which is fine) and putting them in after testing via our normal methods.

When the community ruleset is rolled out, a metadata tag will be added to those rules that have been submitted by the 
community, and all those will be placed into their own ruleset for free-to-everyone download.  Subscribers will not 
have to do anything.  

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!