H D Moore sells Metasploit: Open source project in commercial hands

Rapid7 acquires Metasploit project promising development resources

The Metasploit project has been acquired by Rapid7, a US-based vulnerability management company.

Metasploit creator H D Moore confirmed the sale in a podcast interview with Risky.Biz overnight (Click to hear the podcast). "This is more of a buy in than a sell out," he told Risky.Biz "It's about taking Metasploit to the next level with a real company with real funding."

Eager to put open source enthusiasts' minds at ease, Moore told Risky.Biz the acquisition will result in full time resources being allocated to the Metasploit project. Rapid7 will fund five full time developers to work on the project and Moore insists all core software developed by the new, full time team will remain free and open source.

"Nothing that people are using today is going away," he said. " I'm definitely in it for the long haul."

Rapid7 director of products and operations, Corey Thomas, insists the company is committed to the future of Metasploit as an open source project. He says the acquisition seemed a natural progression following partnership and integration discussions with Moore.

"We [already had] two or three developers who contribute to Metasploit," he said. "After a period of time we decided the best way to go was to make a direct investment and fully sponsor the Metasploit project."

Originally released in 2003, Metasploit allows security professionals to rapidly develop exploits for computer vulnerabilities. Initially regarded as controversial, Metasploit has become a staple tool for penetration testers and other technical security professionals.

To hear H D Moore and Corey Thomas discuss the acquisition, listen to Risky Business episode 128 here.

Subscribe to the Risky Business podcast here.

Follow Risky Business on Twitter here.

Sign up for a forum account and our weekly newsletter here.

...or leave us a voicemail on Sydney 02 8569 1835 or USA +1 877 688 8417 (Toll free).