Metasploit Creator HD Moore To Launch Venture Fund

wiredmikey writes: Well known security expert HD Moore announced that he is leaving Boston-based security firm Rapid7 to help launch a new venture capital firm focused on helping early-stage security firms get to market faster. Moore is the creator of the open source penetration testing framework Metasploit, which Rapid7 acquired in 2009. Moore says he will continue to work on Metasploit and will remain active in the community even after he leaves Rapid7 on January 29.

Sell Outs

Metasploit sold out, plain and simple, a good full featured product became a shell of itself with all the worth while stuff put into the expensive variants. I'm still annoyed about it after all this time.

Re:Sell Outs

[Martin+Blank]

The same functionality that was there before the purchase by Rapid7 is still there, plus a little more, in the Community edition. I'm struggling to think of many people in the pen testing community that make use of the paid versions, in part because we can script most of the functionality we need using the unpaid versions--when we use it at all. It still has a place in the toolset, but it's not the end-all, be-all that it was once perceived to be. Core Impact had the same lead-up and fall-off within the community.

There is no one utility, framework, or platform that can provide a complete pen testing architecture. As much time as I spend in Kali, I have to open up the Windows VMs from time to time, and I've even had to spin up CentOS VMs because instructions for some esoteric utility are written for only that and I have neither the time nor the patience to figure out how to get it to work in a Debian environment. I still use metasploit fairly extensively, but I don't really spend more than maybe 10%-20% of my time in it on average, and it's usually to automate something I've found via other means.

Who?

Well known security expert HD Moore

Am I supposed to know he/she?

Re:Who?

[greenfruitsalad]

he looks just like Michael Moore but with more pixels

Re:Who?

"he/she"

*them

Re:Who?

[ls671]

Obviously he does HD Moore is a mooore High Definition version...

Re:Who?

"he/she"

*them

You mean there is more than one? Wow, this HD group is even stranger than I thought.

Re: Who?

Surely you've heard of Moore's law, which can be stated as "the rate of production of exploitable code doubles roughly every eighteen months"

Well known?

I can't think of ANY security experts that are well known.

Re: Well known?

Arguably Kevin Mitnick?

Re:Well known?

[Martin+Blank]

Brian Krebs? Bruce Schneier? Dave Kennedy?

Maybe not tip-of-the-tongue names, but they appear on TV regularly and their works are published by most of the major media companies. Within the security field, virtually everyone knows their names. HD Moore is up there, too, having really shown what a security framework can do. Many other frameworks have followed.

Re: Well known?

Well known in tech is a Bill Gates or Steve Jobs. People you could mention to someone on the street and they'd know who you're talking about.

There is NO ONE in security that is well known outside of a niche that cares about it.

Re: Well known?

[Martin+Blank]

And people routinely get their roles wrong. Gates hasn't been involved in tech at a hands-on level in more than 20 years, with some quotes by him suggesting the last line of code in a shipped product written by him was around 1989, give or take a year. Jobs may have been involved more recently than that (I'm not sure what he did at NeXT from day to day), but the reality is that both were primarily managers that oversaw successful growth of their companies while others did most of the grunt work.

Within the IT field, many of these names are very well-known, and their products are often even better known. Just because a random person on the street doesn't know them off the top of their heads doesn't mean they're completely obscure. Dave Kennedy regularly appears on cable outlets, so his face (if not his name) will be familiar to viewers there. Same thing with Brian Krebs. Infosec people are becoming better known as time goes by. What was once a nearly anonymous swath of researchers even within the field is developing publicity and getting their names and faces out to the public. That will happen more as people become more aware of security issues.

Re:Well known?

[ls671]

Don't forget Fyodor...

(Gordon Lyon aka Fyodor Vaskovich)

Now in HD

HD Moore, as opposed to LD Moore. Or H.D. Moore, even.

Snowden

[Anubis350]

Snowden does actually count here. Love him or hate him, he's well known, and known for security (whether he's truly a "security guy" isn't really the point, as another poster pointed out Gates and Jobs are famous for tech, but what they really were were good managers, market analysts, and pitchmen)

Argh

[wonkey_monkey]

HD Moore

He looks bad enough in SD!

so good and selfless of him

"helping early-stage security firms get to market faster"

That's so good and selfless of him. I am sure he won't be raping those firms for all of their profits in return for the help he will be giving.