Open Source Metasploit gets acquired

From the ‘pwnd by $$‘ files:

The open source Metasploit penetration testing framework has been acquired by a firm called Rapid7.

I’ve personally never heard of Rapid7 before today, but this acquisition in my view, has both a potential downside and a potential upside. I’ve been tracking the metasploit project for years (and have version 3.2 running in my test lab now) and in my view, it is an incredibly important security framework that sets the standards by which others are judged.

On the positive note, H D Moore the creator of Metasploit now gets some additional money and backing. With a commercial entity around the project, mundane items like revenue streams and pay stubs can be taken care of by someone else, while Moore concentrates on the framework itself.

It also means that Metasploit could potentially become a commercially supported tool.

According to Rapid7 CEO as a result of the acquisition, they will leverage Metasploit technology
to enhance their own Rapid7 NeXpose vulnerability management solution.

“At the same time we will not only maintain, but accelerate the open
source framework Metasploit with dedicated resources and contributions,” Mike Tuchen, CEO of Rapid 7 said in a statement.

Here’s some free advice for Tuchen – Metasploit has its own brand equity far beyond anything that the NeXpose (again something I’ve never heard off) product enjoys. A commercially supported version of Metasploit would be a tremendous shift in the current marketplace and further support the open source community.

News Around the Web