Suricata is truly open source. First of all, it is released under GPLv2 licence and, equally important, the copyright for the code is owned by the Open Information Security Foundation (OISF), created specifically to be a long term safe haven for Suricata. There is not an IPO or acquisition in Suricata’s future. It is open source and will remain open source, governed equally by the community and vendors who rely on and help maintain the engine. Thus Suricata is completely vendor and platform neutral.
Suricata’s bug tracker, development roadmap, and code are available for all to see at any time. Input and feature decisions are made by the community in the open. If you need Suricata to do something new just bring it up!
If you’re building a commercial product using Suricata under the hood you can count on the community for support. Non-GPL licenses are available to organizations that provide support and development for Suricata through the OISF.
To us, Open Source means the following:
- Suricata is open source under a GPLv2 license
- Development of Suricata is headed by the OISF, a registered non-profit. The OISF, which is community run, owns all the code and has in it’s charter that it will always be available as open source.
- “full duplex” open source: you don’t just get the code, you can participate in all aspects of Suricata’s development
- free and public community meetings determine road map, directions to go
- public code repository (git), see the daily code changes
- hosted on github for easy forking, just fork and start hacking away!
- public road map
- public bug and issue trackers
- public wiki open for all