First off, I couldn't help wondering if the sale had been motivated mostly by financial concerns ... was he rich now? Living in a big house? While he didn't exactly share his net worth with me, he explained that after working for a startup, BreakingPoint Systems, for four years, he was more concerned with making a career change than in getting a big payout. He is still living in the same house.
In fact, he said his daily routine "is not not that different for me personally. [Metasploit] is a never-ending pit of time. I can always improve it, always make it better," he quips. Well, not precisely the same. Rapid7 had the good sense to add Moore to their internal IT team, working on security, in addition to having him talk with Rapid7 partners, and doing "general engineering stuff." he says. Hence his title, Chief Security Officer and Chief Architect at The Metasploit Project
Metasploit has benefited, Moore says, because it is now the focus of six full-time, paid employees. Rapid7 tried to hire two of the project's main developers, but only scored one. It was also able to hire two of the project's part time contributors.
At the time of the sale, he promised the Metasploit community that they would NOT see a slow demise of the tool under Rapid7's care. The general perception is that Rapid7, which offers a proprietary vulnerability management tool, NeXpose, may be pulling an "Oracle" ... buying a FOSS project for nefarious reasons, mostly involving in making the tool go away. (Moore however, says that NeXpose doesn't do pen testing and therefore doesn't compete with Metasploit. It competes with Qualys, nCircle, and Tenable.)
