Metasploit Project Sold To Rapid7 70
ancientribe writes "The wildly popular, open-source Metasploit penetration testing tool project has been sold to Rapid7, a vulnerability management vendor, paving the way for a commercial version of Metasploit to eventually hit the market. HD Moore, creator of Metasploit, was hired by Rapid7 and will continue heading up the project. This is big news for the indie Metasploit Project, which now gets full-time resources. Moore says this will translate into faster turnaround for new features. Just what a commercial Metasploit product will look like is still in the works, but Rapid7 expects to keep the Metasploit penetration testing tool as a separate product with 'high integration' into Rapid7's vulnerability management products."
Re:"penetration testing" (Score:5, Insightful)
You are right, it gets used by script kiddies.
That is EXACTLY why I use it regularly to make sure it doesn't work for them. I can quickly scan a host and see what they may be able to take advantage of.
What do you do? How do you know that you've installed every patch. MS doesn't even TELL you about ever patch, let alone include them in Windows Update. Does all of your other software auto update as well? Do you have some mystical application that makes sure you never make a configuration mistake that opens an exploit? My IIS servers don't return customized version information, is it just supposed to look at that and know what it really translates to and what patches I have installed on it.
You sir, are not a system admin. You may be employed as one, but you certainly shouldn't be. The mere thought that patching is enough by itself is retarded. Assuming that you have perfect configurations that never change and will be safe forever after you set them up is retarded. Pretty much no matter how you look at it, your argument is one of extreme lack of experience.
Every high security environment in the world does penetration testing, as do lower security environments who would rather be safe than sorry. Banks, the government, health care providers to name a few, ALL do penetration testing, both by software, and social engineering, all the way down to trying to actually break into a physical location.
Fuck you and your arrogant ignorance about security, come back to us when you get out of pointy-headed-boss-school or secretary school, whichever you happen to be in.
Re:How does one buy an open source program? (Score:3, Insightful)
In exchange, the original author gets a) a job, and b) the ability to work full time on the code base he's passionate about. And probably some cash.
How exactly does "a job" and "the ability to work full time" for someone else constitute compensation for something you've already created?
If the author of the code agrees that this is sufficient compensation, then it is sufficient compensation. Otherwise, the sale couldn't be made.
Re:How does one buy an open source program? (Score:3, Insightful)
Re:How does one buy an open source program? (Score:3, Insightful)
You're all a pisspool of nattering armchair lawyers bragging about how they'd have won such-and-such case on court.tv without even knowing the details. How the *FSCK* would you even know? Did I miss where the terms of the contract were posted online?
Here are just the scenarios I've seen (or offered) in my own career:
"Hi, this project you're working on is great -- can we buy a nonexclusive license for $$$?"
"How much would we have to pay you to focus on functionality that'd do Y? How long would it take?"
"The tool is nice, but I just need to know how you did X, so I can incorporate it into a limited-niche project. Would you sell me source-code and your time at $$ plus $$ per hour? We'll readily sign NDA's and noncompetes."
"F*** it, I'm out of here. First job, any job..." (phone rings) "You want me to go pro with my open-source project? HELL YESSS!!"
"Great tool, and we'd love the prestige you've attained -- can we pay you a few years back salary and promise $$$$ forward salary. You'll get to focus on this project, some stock options, you'll build a division in our company, and we'll take over marketing and logistics."
Where exactly is the evidence of this being a shitty deal -- Reread egypt's comments at blog.metasploit and then tell me the last time any of you gasbags got offered a chance to exit a decent-but-hectic day job, focus in on a side project you dream about and struggle to find weekends to work on, get a big-ass raise, bump up your prestige, and probably get god knows what else in the way of one-time payments or stock options.