By Alex Salkever Martin Roesch was already an open-source legend before his software became the industry standard for network-intrusion detection. A security luminary and widely quoted source on protecting networks, Roesch had worked at computer-security jobs for the Pentagon and phone company GTE before it became part of Verizon (VZ). In 1998, as a weekend exercise, he authored an open-source program called Snort, designed to examine data traffic coursing over a network and sound an alarm if hackers are trying to break in. Snort quickly became popular among computer-security geeks.
Like Linux guru Linus Torvalds, Roesch built a devoted retinue of followers, who contributed code fixes and other crucial assistance that, in a virtuous cycle, further improved Snort. Anyone could look at the software's underlying code, but reselling Snort was proscribed under the rules of its open-source license. All told, Snort was a textbook open-source project with rapid technology advances driven by broad collaboration -- and Roesch directed the project with a light, firm, but relatively egoless touch.
"TREMENDOUS LEVERAGE." Alas, writing open-source software doesn't make you rich. In 2001, Roesch decided to turn Snort into a commercial venture. He named his company Sourcefire, in part as a reference to his open-source roots, and launched it from the living room of his home in Columbia, Md. His plan? Build a proprietary tool that could manage security software with graphical interfaces, making it much easier for harried network administrators to use Snort.
Just three years later, the outfit is profitable, with revenues that are north of $20 million and growing at a 50% annual clip. After $34 million in venture capital-investments, the CEO that Roesch hired, Wayne Jackson, has elevated Sourcefire's value to nearly $100 million.
Sourcefire is one of a growing number of small software players that have built new businesses around open-source code. Their business models contain various mixes of proprietary and open-source software components and span the software gamut, from other security companies such as Tripwire to database outfits such as MySQL and desktop-computing offerings like Xandros. Most are still small, with revenues well under $50 million.
In general, they fly below the radar of tech trackers such as Gartner and IDC, which tally the billions of dollars in annual Linux revenues racked up by bigger players such as IBM (IBM), Oracle (ORCL), and Red Hat (RHAT). But analysts and venture capitalists have come to view hybrid open-source business models like Sourcefire as in some ways superior to the more traditional, proprietary-software businesses. "What you get with Sourcefire is free engineering from a large community," says Peter Christy, a principal at tech consultancy NetsEdge. "It's tremendous leverage, and it can be extremely efficient."
LOOK HARD, POKE AROUND. What's more, larger companies increasingly are looking for a happy medium between the flexibility of pure open source and the peace of mind inherent in buying proprietary hardware and software from established companies. "We pay for the security console, but we've been able to write our own rules on top of Snort to handle spyware," says Tim Petersen, a network-security engineer at America First Credit Union, a 58-branch financial institution with assets of $2.8 billion based in Ogden, Utah. "If you are dependent on a company writing them for you, that means you can't keep ahead of the curve."
Petersen felt comfortable enough with Snort and Sourcefire's Snort-enhancement tools that he ended up buying another Sourcefire product, RNA (short for real-time network awareness). As for the reality that anyone can see the source code powering some of his key security functions, Petersen isn't worried, saying that means bugs could be rooted out more quickly and with a greater degree of comprehensiveness. "Based on my experience," he enthuses, "I would say security is better on open-source products."
Even as he wrestles with building better proprietary technology for Sourcefire customers, Roesch continues to oversee the Snort open-source project. Sourcefire maintains it as a free barebones download for alpha geeks who don't want to pay for nifty management tools. Says Roesch: "It's something we always plan to do, and it really helps us make Snort a better tool."
PLEASURE MEETS PROFIT. Striking the right balance between open source and proprietary has proven extremely tricky to pull off. Roesch does so by staying humble and ensuring that the community of users he built with Snort feels it's not being exploited. He also makes sure a very distinct line is drawn between Snort's code and Sourcefire's proprietary offerings. "It's a remarkably delicate leadership effort," notes NetsEdge's Christy. "Not only do you have to lead without being dictatorial but you also have to make sure the community benefits from the technology your company is developing."
The approach seems to have worked. With an expanded product portfolio and hundreds of customers in industries from financial services to health care, Sourcefire has won a raft of awards from accounting firms, technology publications, trade shows, and others. Not bad for a good-guy hacker who still loves to get his hands dirty programming and testing code. "It was something I enjoyed doing, and I have been lucky enough to turn it into a real business," says the ever-modest Roesch. Consider it another living-room success story. Salkever recently stepped down as Technology editor for BusinessWeek Online