Who is hd moore

I know of five or six zero-day exploits that are being privately traded right now. These are cases where the vendor is not being told on purpose. Paul Roberts is an experienced technology reporter and editor who writes about hacking, cyber threats and information technology security. Here are the latest Insider stories. More Insider Sign Out. Sign In Register. Sign Out Sign In Register.

Latest Insider. Check out the latest Insider stories here. More from the IDG Network. Sun's Brewin toasts Java. Go hack yourself. Tips on how to divorce your technology vendor. At the time of the sale, he promised the Metasploit community that they would NOT see a slow demise of the tool under Rapid7's care.

The general perception is that Rapid7, which offers a proprietary vulnerability management tool, NeXpose, may be pulling an "Oracle" Moore however, says NeXpose doesn't do pen testing and therefore doesn't compete with Metasploit. It competes with Qualys, nCircle, and Tenable. Some in the industry also thought that Rapid7 held no love for open source.

Moore says that's a mischaracterization. He points out that many of Rapid7 founders and original engineers do contribute to open source and have been involved in some high-profile projects. But he's also got a point when he says, "The challenge for open source is that, while it's a fun hobby, how can we make it profitable -- a real business? We can operate an open source project, but how can we make it sustainable? That's my curiosity. Metasploit might become one of the first examples of how a completely FOSS project grows up to be successful.

It is the venture capital model without the start-up money though VCs are funding plenty of OS start-ups these days , too. Build it. They will come. Someone will buy it.

And if you want them to stay, the FOSS project better remain as well supported as the eventual commercial version. This isn't the first open source project to have been bought by a big guy. And the jury is still out on most of them. I could argue that Metasploit is a bit unique in that it didn't have a commercial arm when Rapid7 acquired it. Then again, I admittedly haven't done the research to know how many acquired FOSS projects had no commercial version, and were not venture funded.

If you know of others, let me know and I'll write about them, too. And there are concerns when a select few are in a position to profit from the collective work of many volunteers who think they are working on a solely not-for-profit project. You can easily monitor all your serverless functions in one place and generate serverless metrics straight from Datadog. Check it out yourself by signing up for a free day trial and get a free t-shirt at softwareengineeringdaily. With strongDM, you can easily extend your identity provider to manage infrastructure access.

You can automate onboarding, offboarding, and moving people within roles. Manage and audit remote access to infrastructure. Start your free 14 day trial today at: strongdm.

Subscribe to Software Weekly, a curated weekly newsletter featuring the best and newest from the software engineering community. Network Discovery with HD Moore. By SE Daily. Podcast Thursday, January 14 Popular How should we punish Zuckerberg?