Re: Metasploit joining forces with Rapid7

[Ron <ron () skullsecurity net>]

So, when can we expect Nmap to join forces with, say, Symantec? :D

But seriously, I'd be lying if I said that the Rapid7 move didn't 
concern me.. I'm not all that sure how it's all going to shake out. That 
being said, I have a ton of respect for HD and the Metasploit guys, and 
I'm sure they wouldn't be doing it if they didn't see it as the best 
option.

My biggest concern is community contributions. I mean, who's going to 
contribute to a for-profit company without getting paid for it? Why do I 
want to write code that some company is making money off of? I'm sure a 
lot of people feel the same way...

But, in the end, we'll just have to wait and see how it shakes out. I 
wish them the best of luck!

Ron

On 10/21/2009 06:14 PM, Fyodor wrote:
> This doesn't directly affect the Nmap project, but I'd like to
> congratulate HD Moore and the Metasploit project for joining forces
> with Rapid7!  HD has done so much for Metasploit in his spare time
> that I can't wait to see what he and Egypt and the new team accomplish
> going forward with full-time dedication to the project.
>
> The Nmap project has certainly improved dramatically since 2002, when
> I quit my job at Netscape to work on Nmap full time.  I can't take all
> the credit for that, but it did allow me to expand the scope of Nmap
> and implement many features I had wanted for years.  Development sped
> up yet again when David joined the project (starting as a SoC student
> in 2007).  Since I left Netscape we've added Zenmap, the Nmap
> Scripting Engine, Mac OS X support, Ncat, a rewritten port scanning
> engine, ARP scanning, version detection, and much more[1].  I wish
> Metasploit the same sort of success!
>
> Of course it is always a bit scary to see an open source project
> acquired by a for-profit VC-backed company.  What if they go closed
> source and we end up having to pay thousands of dollars a year for a
> required plugin feed?  After reading what HD has to say and speaking
> with Chad Loder of Rapid7, I don't see this as likely.  They both
> sound dedicated to keeping Metasploit a free and open source resource
> for the community.  Plus, Metasploit is BSD-licensed so anyone can
> fork it if they aren't happy with its direction.
>
> Here are some links with more information:
>
> Metasploit ML threads:
>   http://seclists.org/metasploit/2009/q4/93
>   http://seclists.org/metasploit/2009/q4/103
>
> Formal announcement/FAQ:
>   http://www.rapid7.com/metasploit-announcement.jsp
>   http://www.metasploit.com/home/faq
>
> Blog/News articles:
>   http://vrt-sourcefire.blogspot.com/2009/10/rapid7-make-bold-statement-acquiring.html
>   http://blog.coresecurity.com/2009/10/21/rapid7-metasploit-and-expansion-in-the-penetration-testing-market/
>   http://www.cio.com/article/505572/Open_Source_Security_Project_Could_Get_a_Boost_with_Metasploit_Buy?taxonomyId=1461
>   http://risky.biz/RB128
>   http://blog.internetnews.com/skerner/2009/10/open-source-metasploit-gets-ac.html
>   http://news.slashdot.org/story/09/10/21/141206/
>
> Cheers,
> Fyodor
>
> [1]  http://nmap.org/book/history-future.html
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/


--
Ron Bowes
http://www.skullsecurity.org/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/