The Security Kitchen

Dear Titania,

for years I have honestly appreciated your contribution to the community in the form of the useful tool called Nipper.  As an information security consultant, performing audits and pentests, it was just another tool in my toolset, that made my work easier. It translated a config from a device to a report that I was able to read and draw conclusions from.  Moreover, it was released under a GPL license, which made me like it even more.

In the past months, rumours were that you were going to close the source, turning Nipper into a commercial product. This would assume that you have established a niche for your product, and have a good outlook on a steady flow of money coming in.  Awesome !

GPL products going commercial is a natural progression. It happened before.  Nessus went commercial, but they allowed older versions to be used, and forked.  OpenVAS was developed from the older source code. The Nessus guys knew they had a quality product, but more than that, they had quality people and they knew that they could deliver added value to their prospective customers WITHOUT making a douche move on the community.

When Daniel Cid started developing OSSEC, it was a side project.  The guy is so awesome that not only was he able to release this awesome tool under the GPL, the product was later acquired by Third Brigade which build a quality support service around it.  His awesomeness was proven again earlier this year when TrendMicro acquired 3rd Brigade AND vowed to keep OSSEC under the GPL (v3) license.

You see, GPL + Commercial just works … if your product is worth it.

It can be done !

Whatever happened between some pints of lager stinks. By going commercial, you revoked access to all previous versions of Nipper and removed the GPL license.  I sincerely hope that nobody outside your ‘company’ ever contributed to Nipper, or will you give kickbacks ? You cut off a community that was behind you

Your tool (it’s a PARSER !) is awesome, but for a very limited audience.  How do you think you will enable your users, which are mainly network admins, network consultants, auditors, etc. to convince their managers to buy a license for a friggin parser (with a  GUI, w00t!) ? My guess is, those knowlegdable enough to do so will write their own for the 3 or 4 brands they support, others will sigh and just spend more time on ‘auditing’ their network.

You obviously feel there isn’t that big of a difference between earlier versions and v1. Not enough to entice customers to buy in your ‘earn money quick’ scheme. You obviously see the previous versions as competition.  And then, I’m not even talking about the way you mistreat the community that relentlessly supported your work which, again, up to this point was awesome.

Oh well, another day, another dollar.  Good luck and thanks for nothing.

Regards,

Wim

P.S. I will remove all links to Titania as of now.  I probably tool this a little too personal