Metasploit mailing list archives
Re: Metasploit Rising
From: Ben Greenfield <bcg () struxural com>
Date: Thu, 22 Oct 2009 10:22:33 -0400
Congratulations to everyone. I see this as a very positive move, both for Rapid7 and for the project. Personally, as someone who works for a cybersecurity company that purchases all kinds of licenses each year (Nessus, Burp, GFI, etc), I would absolutely be willing to pay for Metasploit (assuming the pricing is realistic, unlike Core which IMO is not affordable or priced reasonably). I guess I would just ask that if the project moves to a subscription model to make the costs somewhere between Burp and Nessus. I think Burp is an outstanding value, and Nessus is terrific, but I think the pricing is a little heavy handed. Core just isn't realistically priced in my opinion. Congratulations again, I'm sure that the project will benefit a lot from full time development. On Thu, Oct 22, 2009 at 9:21 AM, HD Moore <hdm () metasploit com> wrote:
On Thu, 2009-10-22 at 11:20 +0300, Siim Põder wrote:Just wondering what would "acquire" mean in the context of an open source project? As far as I understand, this should mean a non-exclusive patronship of a company supporting the development of a project by hiring people to develop/manage it full time. Similarily as many companies could be said to have "acquired" linux kernel? Or was there an actual "Metasploit" entity that was bought?This has been a frequent question, let me start with some history: When skape, spoonm, and I started on the rewrite from Perl to Ruby, we also took steps to make the IP rights easier to enforce. The reason for this was to prevent a third-party from ripping off our work before we even had a functional tool. To this effect, Metasploit LLC was created as a three-member partnership, and each of the original developers assigned their copyrights to the LLC. In return, we each received the equivalent of a personal BSD license to the sum of the code. The public license for version 3.0 and 3.1 was a commercial-style EULA that had a clause providing the LLC with rights to incorporate any changes made by third parties. I personally owned the domains, trademarks, and many of the original copyrights (going back to 1.0). The LLC also owned training materials and other documentation. In 2008, both skape and spoonm left the project to work on other ventures. This left me as the sole partner of the LLC, but without a real development team. I converted the LLC to a sole proprietorship and changed the license of the framework to BSD. With the 3.2 release, all of the code owned up to that point by the LLC was relicensed under the 3-clause BSD license, and the MSF_LICENSE alias in the modules was updated to reflect this. All contributions back to the tree would only be accepted under the BSD license (excluding some third-party stuff as identified in the README). This change made it easier to bring new developers into the project. What Rapid7 acquired is the combination of my personal and the LLCs assets. This includes all rights to the 3.x code base up to 3.2 in whole, plus specific rights since 3.2, the trademarks, domains, web site content that was authored by the LLC, training materials, and a number of other things that were not actually public. This isn't limited to just the Metasploit Framework, but also includes things like Decloak.net, the WarVOX project, and a few unpublished works. Rapid7 is sponsoring the project in that sense that they are funding dedicated resources, but its a much more than just a sponsorship. The result is closer to the ClamAV acquisition by Sourcefire (as far as I can tell, details of that were not made public), and less like the Tenable/Nessus or IBM/Linux models. We plan to continue development under pretty much the same model. The only major change is that I have help doing the "boring" backend work, quality testing, and preparing releases. Rapid7 is committed to the open source model and keeping the BSD license. -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Re: Metasploit Rising, (continued)
- Re: Metasploit Rising Carlos Perez (Oct 21)
- Re: Metasploit Rising David Maciejak (Oct 21)
- Re: Metasploit Rising Abhijeet Hatekar (Oct 21)
- Re: Metasploit Rising Zenofex (Oct 21)
- Re: Metasploit Rising David Gomes (Oct 21)
- Re: Metasploit Rising Exibar (Oct 21)
- Re: Metasploit Rising Ryan Lindfield (Oct 21)
- Re: Metasploit Rising li bo (Oct 21)
- Re: Metasploit Rising Siim Põder (Oct 22)
- Re: Metasploit Rising HD Moore (Oct 22)
- Re: Metasploit Rising Ben Greenfield (Oct 22)
- Re: Metasploit Rising HD Moore (Oct 22)
- Re: Metasploit Rising Andrés Sarmiento (Oct 22)