OISF

We are being VERY careful to have a solid legal framework to stand on that will allow the foundation to fulfill it's goals of building a great piece of software, making it open source and easy to use without license conflicts, and protecting the foundation and project from litigation down the road.

So version 0.3 of the bylaws are available. The only changes are:

1. We are going with GPLv2 to avoid the patent complications. Those are surmountable, but the possible negative image some folks still have of gplv3 are something we don't want to have to overcome. 2 will work.

2. A quorum will be defined as a majority for voting purposes. (this isn't spelled out in the summary of the bylaws here. These are just working material, once we're set these will be drafted into full legalese and made available for review)

So please all take a look and let us know if there are any other issues we should consider before the full bylaws are drawn up.

http://www.openinfosecfoundation.org/bylaws_draft_v0.3.txt

Thanks Tom and everyone for the frank and constructive conversation. It'll pay off for us all with a solid and reliable framework to get things done!

We'll be having a public forum and brainstorming session in Washington DC on July 16th, 2009! This session will be a mix of technical and political issues.  

We encourage our current and potential consortium members, potential users and resellers, as well as future end users to attend. We very much want to hear from all in a discussion format what is most important to you, and what you need to have in the next iteration of IDS. The discussion on the lists has been great, but most often even better things come to life when a lot of smart folks are in the same room at the same time, as we've seen at our prior brainstorming sessions.

We'll be getting quite technical, but we'll also answer any and every question about the politics, goals, and funding sources of the foundation. We know this is a very strange situation we have, being funded by DHS to create open source security software.  

So please plan to attend, July 16th in Washington DC, at the SRI Building in Rosslyn:

http://www.sri.com/contact/wdc.html

If you plan to or are rather sure you'll be there please drop an email to This e-mail address is being protected from spambots. You need JavaScript enabled to view it , we need an approximate headcount for the catering, provided courtesy of SRI.

If you can't make this one don't worry, we are planning similar meetings through the development cycle on the west coast and in Europe. We want to hear every idea we can get!

The OISF Team

The Open Information Security Foundation held it's first Board Meeting and Planning Session. The meeting was incredibly productive, and we were able to secure the support of a number of new organizations and vendors. We're very excited about the future, and we've a lot of news to share.

Most of the news and decisions that have been made we'll release in individual statements in order to avoid information overload. But overall let me summarize what the Foundation is doing and where we all stand:

We have received allocation of the second phase funding, and we're part of the OSSI HOST program (http://www.oss-institute.org). This allows us to begin immediately our coding efforts. We have finalized hiring of about ten contractors for everything from coding and research to quality assurance and sysadmin work.

These individuals will be introduced to the community soon, but you know most of them already. I'm VERY excited about the team that's coming together. That said we have room for more. Primarily we need more programmers, but we are also in search of an exceptional individual to become our documentation project lead. If you are interested please email This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

We are in the process of building out our infrastructure. Code repository, QA lab and hardware, and public facing hosting and the like. We are in need of all sorts of assistance, the less we spend on hardware and infrastructure the more goes into coding efforts of course. If you or your organization is interested in becoming a member of the Foundation Consortium (which grants the ability to use an alternative more permissive license) please contact us now. We have quite a few needs that will save the foundation's resources for more directly beneficial effort.

We'll be announcing a number of other things shortly, including a new draft of our bylaws, new mailing lists, and a list of the features we're going to build into our first release. Please stay tuned.

While we're getting to coding later than we had hoped last year, rest assured we are still committed to a production release of the engine by the end of 2009! We will make this goal and we have the resources and brain trust to make it happen!!

Thanks to all for your support to date. This is truly a community driven and supported project, and we look forward to cementing the relationships with both the community and the organizations that will be our constituency over time.

Thanks to everyone who commented on the existing Bylaws draft. We've made some changes to suit the comments and concerns. The major change being that contributors to the project retain their copyright of code or ideas. This was discussed on the lists and makes a lot of sense, and we hope will satisfy both our individual contributors as well as the organizations that intend to contribute.

The latest (and lets hope final!) draft is available here:

http://www.openinfosecfoundation.org/bylaws_draft_v0.2.txt

We welcome further comment good or bad!

The Open Information Security Foundation