Metasploit continues to garner interest among commercial security providers. Core Security has now signed on to integrate support for Metasploit into its Core IMPACT Pro application.
But the mutual support only goes so far. The Metasploit owner Rapid7 and Core Security don’t have a formal relationship, so don’t look for Core Security employees to be contributing to the open source project, at least not in a formal way. eSecurity Planet takes a look.
The open source Metasploit framework is often the place where security vulnerabilities become usable enabling security researchers to test out exploits and fix flaws. Until recently, Metasploit was typically used only as a standalone community project, but that’s no longer the case.
Metasploit is now owned by security firm Rapid7, the company that also integrates Metasploit into their testing tools. This week, security testing firm Core Security announced that they would be integrating support for Metasploit into their Core IMPACT Pro application. Evaluating the impact of the enterprise tool integration of Metasploit depends on a number of factors. It’s also not clear whether or not the open source community aspect of Metasploit will enjoy any benefits as a result either.
“Metasploit itself won’t provide anything that our customers didn’t have access to before as the framework itself was always available to them,” Fred Pinkett, vice president of product management at Core Security, told InternetNews.com. “But, the important thing is that what it will provide, as a result of the integration, increased ease-of-use for our customers who want to use the two products side-by-side through the IMPACT Pro interface.”
Pinkett further clarified that Core Security is building an integration with Metasploit and not building it “into” their product, so there won’t be any use of Metasploit code within IMPACT Pro at all. Core Security is also not providing any indemnification or insurance to anyone using Metasploit. Pinkett reiterated that it is the user’s choice to use the Metasploit framework and any of the code it contains is their own and Core Security cannot account for that.