At Metricon6 and later on his blog Cognitive Dissidents, Joshua Corman presented his latest discovery - HD Moore's Law:

"Casual Attacker power grows at the rate of Metasploit"

Which is basically a different way of saying that Metasploit is the minimum bar you need to test for if you want to keep your network secure.

HD Moore created the Metasploit Project in 2003 to provide the security community with a public resource for exploit development. This project resulted in the Metasploit Framework, an open source platform for writing security tools and exploits.

The Metasploit Framework took away some of the "black magic" components of hacking, making it accessible to network admins and security professionals with "lesser powers" to run typical hacking attacks against their own network to see if the network is vulnerable. They could then use these findings to remediate any security issues they found. This is still true today.

At the same time, this commoditization of exploit tools made it easier for a casual attacker to exploit other people's network, and this is where Joshua Corman's comment comes in: If you can breach your own network, then someone else can too. Because Metasploit is the industry's leading penetration testing tool with about 120,000 users, it is both the best way to test your network's security and also the most likely vector of attack.

Thanks Josh, for calling out this law, and for suggesting that people should test if they meet the "Metasploit minimum bar". If you'd like to test your own network, you can download a free copy of Metasploit here.