During the holiday season of the past weeks, I reflected a lot on the past with my loved ones. At the same time, I couldn't help thinking about the Rapid7 journey so far and the exciting path before us. I thought I'd share some of this with you.
2010 was an explosive year for Rapid7. By adding a full-time development team to the Metasploit Project, we grew the open source community more than five-fold, now reaching over a million unique downloads per year. We brought penetration testing to a new level with a series of commercial releases, namely Metasploit Express and Metasploit Pro. Many have argued that this makes the Metasploit Project the most successful collaboration between an open source project and a commercial vendor. At the Metasploit Project acquisition anniversary in October, the Metasploit Framework, had been updated with 292 additional exploits and 207 auxiliary modules, an increase of 91 and 209 percent respectively since version 3.2, the current version at the time of the acquisition. Since then, we've added many more.
2010 was also a year of exploits. Rapid7 CSO HD Moore discovered and added notorious exploits, including DLL hijacking and VxWorks, which have impacted enterprises and security professionals since being reported. Later that year, Joshua “Jabra” Abraham discovered a vulnerability in SAP Business Objects. We expanded our team of researchers, most notably adding Chris Gates and Rob Fuller. I'm sure we'll see a lot more exploits in 2011.
Our w3af sponsorship brought with it great talent, and you'll see some of the exciting advancements we've made in Web scanning over the course of the year. We continued to expand the unification of vulnerability management, penetration testing and configuration assessment in the NeXpose vulnerability scanner, having received our FDCC lab certification. And it won't stop there. We're dedicated to giving our customers the actionable, real security they demand.