111 days ago we announced in our inaugural blog post that the future is friendly. It just got a lot friendlier.

That post was about making a fundamental difference in our space, bringing people together to drive change, and admitting that our industry has not been good enough. In that post, Rapid7 made the commitment to be better and we meant it.

It seems we were not alone.

People are coming together at a staggering pace to raise the bar on our industry and the movement is growing stronger every day. We are doing our part along with others to change the industry and today marks another important moment. When Rapid7 launched a java-based vulnerability scanner, other vulnerability management companies said it would never work. When we included web application security and database security in that platform, they didn’t see the value. When we included an expert system to detect truly exploitable exposures and maintained a penetration testing practice, they didn’t get it. Customers get it, which is why we have done all of these things.

We promised that we had some big news, and I’m excited to share with you the first of many announcements to come: Metasploit is now part of Rapid7.

HD Moore and his crew have joined Rapid7 to drive the Metasploit Project full time from here. The Metasploit Project will continue as open source, HD and his team will continue as its leaders – now with additional support from the rest of Rapid7 for one of the most important community-based projects to ever come out of our industry.

Inevitably, this will raise some questions.

To the community: there is no reason to fear. HD and the rest of the Rapid7 team are committed to supporting The Metasploit Project as an open-source, community-based effort. Rapid7’s investment is about stepping up our contributions to help in any way that we can. There is no better time than now to acknowledge and support the contributions that you make on a daily basis to our collective awareness and evolving the state of security. For this, we thank you.

To customers: you can be certain that you can and should expect more from your vendors and service providers. Today marks the shift from detecting vulnerabilities to uncovering truly exploitable threats. Also be aware that some of our competitors – old and new – will direct FUD and misinformation toward you rather than rising to the challenge of listening, understanding, and responding to your needs. We are more capable than ever of addressing your highest expectations and our collective expertise just got a lot stronger. For this, you have spoken, we have listened, understood, and responded.

To competitors: have no doubt … the bar has been raised. You will not be able to peddle stale-dated technology to customers who deserve more. You will not be able to charge twice market value for inferior solutions. You will keep pace with customer expectations or you will not survive. Our offer still stands from 111 days ago … if you are ready to fulfill the promise to protect our customers, feed the community, and catalyze change, we’d love to work with you. If you’re not, make no mistake … the FUD will be yours to wrestle with. For this, we could not be more serious.

With this move, we are pleased to announce that HD Moore is now Rapid7’s Chief Security Officer. I’d like to take this opportunity to welcome HD, his team, and the entire Metasploit community to the Rapid7 family.

Change *is* happening, and we’re driving it together.