Infosecurity.US

News, overnight of the acquisition of the Open Source Metasploit Project by Rapid7. The company, best known for it’s vulnerability scanner, monikered  NeXpose (Editors Note and Disclaimer: I use the product with great frequency) is a well known and respected security product coupled with a PostgreSQL backend. More information, including linkage  from Securosis and a FAQ from Mike Tuchen of Rapid7 appears after the jump. Congratulations to Rapid7 on an absolutely outstanding acquisition choice, and to HD Moore (now CSO at Rapid7), Egypt ,MC, Ramon Valle, Patrick Webster, Efrain Torres, Stephen Fewer, Lurene Grenier, I)ruid, Chris Gates, Kris Katterjohn, Valsmith (all contributors) and others on the Metasploit Project team for a superlative product.

From Securosis’ Adrian Lane: “Rapid7 Acquires Metasploit“

“Rapid7 acquires Metasploit, the open source penetration testing platform. Wow. All I can say is ‘Wow’. I had been hearing rumors that Rapid7 was going to make an acquisition for weeks, but this was a surprise to both Rich and myself. Still coming to terms with what it means, and I have no clue what the financial terms look like, but almost certainly this is a cash+stock deal. On the surface, it is a very smart move for Rapid7…”

From Rapid7’s Mike Tuchen:

October 21, 2009

I’m extremely pleased to announce Rapid7’s acquisition of Metasploit, the leading open source penetration testing framework and world’s largest database of public, tested exploits. We believe the acquisition deepens our leadership as the leading provider of vulnerability management, compliance and penetration testing solutions and will provide great value for our customers and partners.

As a result of the acquisition, we will leverage Metasploit technology to enhance our vulnerability management solution, Rapid7 NeXpose^TM. At the same time we will not only maintain, but accelerate the open source framework Metasploit with dedicated resources and contributions. I’m also pleased to announce that HD Moore, the founder of Metasploit, will be joining Rapid7 full-time as Chief Architect of Metasploit and Chief Security Officer of Rapid7.

I’m excited about this news for a number of reasons:

• The acquisition raises the bar to what our industry can expect from all those involved, be they vendors, end-users, partners or community members. Since joining Rapid7, I’ve learned about some of the key principles of network security: defense in depth, continuously identifying and fixing your vulnerabilities, and improving security through continuous investments in people, process, and technology. With this announcement we are embracing the role of industry innovator by providing better protection to you as our client, feeding the community and creating an environment open for dialog about the implementation of security best practices.
• As a result of our union, we will be able to bring superior data on exploitability to our customers, helping them to prioritize and remediate key security issues. The exploit data will be directly embedded in our vulnerability management solution NeXpose, providing a whole new level of risk analysis capabilities to our clients, while ensuring that NeXpose, which will continue as a separate product, delivers the safest, most proactive and actionable vulnerability scanning capabilities in the industry.
• We’re thrilled that HD Moore and other key Metasploit contributors have joined Rapid7 to work full-time on the open source Metasploit Framework code. HD and the team will now have more dedicated resources and support to invest in exploit research and to create a broader penetration testing platform. As part of our support of the community, we will contribute vulnerability data from the NeXpose product to expand the accuracy and reliability of the Metasploit Framework, which will remain open source. It is a true win-win for everyone.
• Finally, the combination of NeXpose and Metasploit will enable Rapid7 to continue to grow its relationship with partners and consultants, delivering improved technology and more comprehensive solutions for vulnerability management and penetration testing. Having a broader portfolio will further accelerate our dialog with our partner ecosystem to ensure that our solutions meet their needs.

Over the next weeks we will be providing additional details on our plans so please stay tuned to hear more from us. For additional information, please reference our press release on the acquisition as well as the FAQ below. If you have any feedback or suggestions regarding our announcement, I would love to hear from you.