Newsletters

Select newsletters below and click the button to sign up!

Boston News NY News
DC News Internet Daily
SiliconValley News
InternetNews Business Report




Become a Marketplace Partner


Partner With Us


Internetnews Bloggers

Recent Entries

Archives

November 2009
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30          

Monthly Archives

Search The Blog

Netstat -vat by Sean Michael Kerner (bio)

A command line view of IT



Open Source Metasploit gets acquired

By Sean Michael Kerner on October 21, 2009 1:01 PM
metasploit.small.jpg
From the 'pwnd by $$' files:

The open source Metasploit penetration testing framework has been acquired by a firm called Rapid7.

I've personally never heard of Rapid7 before today, but this acquisition in my view, has both a potential downside and a potential upside. I've been tracking the metasploit project for years (and have version 3.2 running in my test lab now) and in my view, it is an incredibly important security framework that sets the standards by which others are judged.

On the positive note, H D Moore the creator of Metasploit now gets some additional money and backing. With a commercial entity around the project, mundane items like revenue streams and pay stubs can be taken care of by someone else, while Moore concentrates on the framework itself.

It also means that Metasploit could potentially become a commercially supported tool.

According to Rapid7 CEO as a result of the acquisition, they will leverage Metasploit technology to enhance their own Rapid7 NeXpose vulnerability management solution.
"At the same time we will not only maintain, but accelerate the open source framework Metasploit with dedicated resources and contributions," Mike Tuchen, CEO of Rapid 7 said in a statement.
Here's some free advice for Tuchen - Metasploit has its own brand equity far beyond anything that the NeXpose (again something I've never heard off) product enjoys. A commercially supported version of Metasploit would be a tremendous shift in the current marketplace and further support the open source community.

Not that the open source Metasploit community has much to worry about.

H D Moore blogged that he will be taking on the role of Chief Security Officer of Rapid7 as well as Chief Architect of Metasploit.
"Rapid7 has committed to keeping the project open source, with no plans to change the license or the community development model," Moore stated. "What will be changing is how fast we add new exploits, integrate new features, and release new versions."
The other thing to remember is that since Metasploit is open source, if there are community members that aren't happy, there is always the option to fork the code.  I don't think that's likely to happen since Moore really is the guiding vision behind Metasploit and without him the project just isn't the same.

I am concerned that Rapid7 will now segment features that might have gone into open source and make them entirely proprietary. Then again considering that the just about anything can be reverse engineered, even if Rapid7 decided to keep some development proprietary, the community could always try and build the same functionality on its own.

| Comments (2) | TrackBacks (0) | Share

0 TrackBacks

Listed below are links to blogs that reference this entry: Open Source Metasploit gets acquired.

TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/9122

2 Comments

n3td3v said:

There will be a legal minefield now that a big company with lot's of money owns Metasploit now. I mean the Metasploit web site doesn't even have a privacy policy.

October 21, 2009 5:47 PM
HackNCr@ck3r said:

I am glad Mr. Moore is making bank. However, if Rapid7 acquired the rights, they must have something in mind.

November 11, 2009 12:36 AM

Leave a comment