Andrew, >some technologies, one signature handles an entire class of vulnerabilities. Where Snort >needs multiple signatures for the same vulnerability, ISS can protect against the >vulnerability with 1 signature. TP is the same. Interesting. Can you show me an example of this? I'd like to understand the design differences that lead the snort signature base to be as ineffecient as you describe.
> ISS, for example, does their own independent security research an has signatures to > protect against things that Snort people don't even know about. I don't understand how this differs from the Sourcefire Vulnerability Research Team. Can you provide some details, specific examples, of where the Sourcefire VRT has failed and the ISS research has succeeded? ~~~~~~~~~~~~~~~~~~ Brian Basgen IT Security Architect Pima Community College
smime.p7s
Description: S/MIME cryptographic signature
