October 16, 2008 (LAFAYETTE, Ind.) – The Open Information Security Foundation (OISF, www.openinfosecfoundation.org) is proud to announce its formation, made possible by a grant from the U.S. Department of Homeland Security (DHS). The OISF has been chartered and funded by DHS to build a next-generation intrusion detection and prevention engine. This project will consider every new and existing technology, concept and idea to build a completely open source licensed engine. Development will be funded by DHS, and the end product will be made available to any user or organization.

This is an unprecedented opportunity for the security community. DHS has recognized that many parallel technologies in the marketplace could greatly enhance the overall security of government agencies and the Internet as a whole. This grant will allow us to work as a community to tie these technologies together.

Over the next six months, members of OISF will be leading brainstorming sessions at key conferences and meetings as well as through mailing list discussions. These sessions will function as open forums to bring up ideas, ask questions and, most of all, let OISF know what YOU need for YOUR network. Any idea, any technology – anything – will be considered for integration. This project will solicit input, code and support from all interested parties, academic groups, vendors and projects.

Through this discussion process a full feature list will be developed with the help of the community. Some of the concepts and goals to be considered are:

1. Native Multithreaded/Multicore Support

2. Snort ® Rule Syntax Compatibility

3. Alerting Scoring and Thresholds (Spamassassin-style, action if over a threshold)

4. Block and IP Reputation Feeds, multiple sources (Similar to Snortsam, but allow multiple 'clouds')

5. Full Native support for any hardware acceleration where the vendors can assist development

6. Optional Web interface for simplified setup

7. Native IPv6 support

Intrusion Detection and the Security field in general is at a crossroads. We collectively have more data about hostile sources available than we can effectively act upon using existing tools. This engine we hope will allow feeding these disparate sources of information into a single tool to assist in decision making and protection.

Any vendor, group, academic institution, government agency or individual may be part of the consortium that will manage this project long-term. Members may support development and maintenance with financial donations, coding support, technology support, infrastructure, etc. Members will be rewarded with licensing that will allow integration of this engine into their products and services.

Initial project members are Matt Jonkman of Emerging Threats as Project Manager (http://www.emergingthreats.net), Victor Julien (http://www.inliniac.net) and Will Metcalf (http://node5.blogspot.com) both of Snort_Inline (http://snort-inline.sourceforge.net) as Technical Leads.

We will be recruiting many new members for this project over time. If you are interested in participating or contributing to the project please contact us at This e-mail address is being protected from spambots. You need JavaScript enabled to view it .

If you have ideas to contribute please join our discussion mailing list:
http://lists.openinfosecfoundation.org/mailman/listinfo/discussion

or join oisf-announce to stay in touch:
http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-announce

Snort is a registered trademark of Sourcefire, Inc.