But we have a very similar scenario even closer to home, with the acquisition by Breach Security of mod_security. I’ve actually been thinking about the possible implications of that one, with a view to featuring it in my column for El Reg, and my conclusion is that if Ristic and Breach play their cards right, this could be good news for everyone. Ristic’s interview with securityfocus is reassuring on this count.
One thing that may have profoundly affected the mod_security situation is the use of the GPL. Of course, Breach (like MySQL) can do exactly what they like with their product. But if AN Other bases a new product on it – and mod_security certainly has scope for that – it has a profound effect. In effect, Breach have bought themselves a monopoly on the right to release a closed-source enterprise edition.