Slashdot Mirror

← Back to Stories (view on slashdot.org)

Metasploit Project Sold To Rapid7

Posted by Soulskill on from the onward-and-upward dept.

ancientribe writes "The wildly popular, open-source Metasploit penetration testing tool project has been sold to Rapid7, a vulnerability management vendor, paving the way for a commercial version of Metasploit to eventually hit the market. HD Moore, creator of Metasploit, was hired by Rapid7 and will continue heading up the project. This is big news for the indie Metasploit Project, which now gets full-time resources. Moore says this will translate into faster turnaround for new features. Just what a commercial Metasploit product will look like is still in the works, but Rapid7 expects to keep the Metasploit penetration testing tool as a separate product with 'high integration' into Rapid7's vulnerability management products."

5 of 70 comments (clear)

  1. A great way to ruin a good resource by al0ha · · Score: 3, Interesting

    Rapid7, who are incredible jerks at least in terms of aggressive cold-call sales people. There are periodic rounds of complaining about them on one of the lists I'm on. We can't stand those guys.

    --
    Did you ever wake up in the morning, with a Zombie Woof behind your eyes? -- FZ
    1. Re:A great way to ruin a good resource by Anonymous Coward · · Score: 2, Interesting

      Just what a commercial Metasploit product will look like is still in the works

      I'm going to bet that it'll look like a several hundred dollar pricetag that puts it out of reach of many users of the original project and at least 4 figures for use in enterprise with the most basic support tier.

      Call me pessimistic, but when fairly unique security tools are commercial projects this is almost always what the pricing looks like.

  2. Re:How does one buy an open source program? by b0bby · · Score: 3, Interesting

    I doubt I'm smarter than you but... I would guess that the HD Moore guy who ran the project owns the Metasploit name, trademark, domain etc, as well as the copyright on the code. So you can see how all that could be worth something, plus they're hiring him to keep working on it. If they wanted to they could presumably close the source going forward, though he says in his blog post that they're committed to keeping it open. If they can make a popular tool work well with their other products, it might be worth it to them and apparently it is, since they've done it.

  3. Legal minefield by n3td3v · · Score: 1, Interesting

    There will be a legal minefield now that a big company with lot's of money owns Metasploit now. I mean the Metasploit web site doesn't even have a privacy policy.

    --
    Security Nerd.
  4. Re:"penetration testing" by Anonymous Coward · · Score: 1, Interesting

    I work for a hundred million dollar company that makes a substantial portion of its income doing "legitimate" penetration testing.

    Our customers are Fortune 500 companies and the like.

    It's a very useful toolset.

    You would be surprised how many times a week I hear this story:

    Security Admin: Upper management doesn't understand the risk these vulnerabilities pose and we can't get funding to get it fixed. We need it demonstrated through videos and screenshots, exactly what sort of damage can be done by a single attacker given 1 week to exploit this application.

    So, we pop the app and create a presentation littered with examples of what might happen.

    Then security gets funding and the bad guy doesn't get his way.