Rapid7 is buying Metasploit, and promising to advance open source penetration testing and the Metasploit Project, which develops exploits against known vulnerabilities.
The upside for Rapid7, a commercial security testing company, is that it will use Metasploit resources to expand capabilities of its NeXpose vulnerability management software.
Rapid7 says the deal will provide it with better data about exploits so its customers can discover and fix vulnerabilities that could lead to successful attacks against their networks, the company says. The parties are not saying how much Rapid7 paid for Metasploit.
Meanwhile, the all-volunteer Metasploit Project will gain a full-time development staff led by its originator H.D. Moore, who becomes chief architect for the project supported by an exploit developer, a user-interface designer and a quality assurance engineer, according to his blog. He will also be Rapid7's chief security officer.
“Rapid7 has committed to keeping the project open source, with no plans to change the license or the community development model,” Moore says in his blog. “What will be changing is how fast we add new exploits, integrate new features, and release new versions.”
With the new resources from Rapid7, the project will make great leaps forward within a few months, he predicts. “They may not be exploit developers, but they understand business and how to make a marriage with Metasploit increase their own bottom line without destroying the value of project in the process,” he says.
These advances will include expanding Metasploit's exploit library and increasing the number of publicly available exploits, Rapid7 says.