When I started learning about programming I thought, "Man, wouldn't it be awesome if I could get somebody to pay me to write code all day?" Not too long after that I started learning about security. Then I thought, "Man, wouldn't it be awesome if I could get somebody to pay me to break things all day?" As luck would have it, I've now found someone to pay me to write code that breaks things.
Today, Rapid7 announced its acquisition of Metasploit. Along with that acquisition, my weekend hobbyist role will soon become full-time employment as Core Developer. From the perspective of the framework, it means there will be a dedicated, fully funded development team where there used to be just a few volunteers hacking away on the weekends. It means there will be more time to do proper quality assurance. It means fewer bugs. More exploits. Faster development. It means a bit more organization and planning; decisions based on long term goals and design, not just what's shiny to me right now. Code won't have to languish waiting for updates or rewrites for lack of a long weekend. New features won't have to sit patiently in comments or tickets waiting to be implemented because we're all busy at our day jobs. Now, Metasploit is our day job.
From a user's perspective Metasploit will still be free. All of the important bits are going to remain open-source, a point that was very important to me, since its open nature is what drew me to Metasploit in the first place and what, I believe, attracts many of its users and contributors. It is likely that the license will be 3-clause BSD for all (or nearly all) of the code I write. Free code is happy code.
From my perspective, it's going to be awesome.
Wednesday, October 21, 2009
Subscribe to:
Post Comments (Atom)
19 comments:
Good for you egyp7!! Happy Coding
Congratulations on living the dream man, its nice to see the project growing as fast as it as and all of you/the Metasploit team's hard work paying off.
-Zenofex
Nice..:)
How big the team?
Congratulation..:)
Congratulations! :)
... thumbs up ...
nothing else to say :)
Congratulations, that's really great news!
Congratulations for all you -and your team- did.
this is awesome.
:)
and i thought i have having a bad day but this news made it all worth while :)
Congrats to meta and the crew! all I know is, I hope rapid 7 is nothing like I recently experienced! I went to check out their nexpose to see what it is all about. Well, one of their salesman tracked me down literally looking up my phone number through my work directory. Not only that, called every day multiple times. Almost like a psycho girlfriend... Just watch out.
Spoke to you after your talk at Blackhat this year. You rock dude!
Hope you guys will now have time to integrate MSF with Evilgrade and so on.
Congrats :D
Congratulations ! It's gonna be a lot of fun developing the framework with more resources. enjoy !
Congratulations!!
Metasploit it is a great project and the team make a incredible work ;D
Regards!!
congrats! this is great news for the community. you might want subtly point out the typo on their social engineering service. They probably meant to say "induce users to divulge" :)
http://www.rapid7.com/services/social-engineering.jsp
I ain't buying the rapid7 merger horse dung. Sourcefire and snort only made money for CEO's and marty while slaves like Egypt and y0 do work for nada. HD get bank, the rest lose...
happy Metasploiting. I think the rest of us will fork off.
late
To address the last anonymous comment -- prior to the acquisition, what everyone "gets" is what myself and the rest of the volunteers put in. Going forward, the community still gets the right to use and fork all community-provided code, as well as the code that myself, egypt, and the other rapid7 folks contribute. This situation is different from Nessus/Tenable and Snort/Sourcefire in many ways - it is not an open source project going commercial, its a commercial company jumping into open source. The great thing about the BSD license is anyone can fork the project -- its in our best interest to keep providing the best tools to the community going forward. For the folks who are nervous about the acquisition or otherwise worried that a commercial presence is a bad thing, all I can suggest is wait and see. If the last two weeks are anything like the next few years of development, Metasploit will continue improve at a phenomenal rate.
I wonder what changes have already been made? For instance, the FireFox Malware search engine:
http://www.metasploit.com/research/misc/mwsearch/index.html?q=
returns a 404, page does not exist.
Guess this means no more metasploit firefox search engine.
The malware search engine was removed *years* ago. It was no longer useful once google removed the PE meta information from their index. If you want to see a better view of what has changed, look at the redmine activity log for development:
https://metasploit.com/redmine/projects/framework/activity
Most of my personal code and projects have been moved to http://digitaloffense.net/tools/ - this makes it easier to manage web site updates without tracking a 4Gb directory of random tools :)
Post a Comment