Last updated at Wed, 26 Jul 2017 15:30:42 GMT

When I started learning about programming I thought, "Man, wouldn't it be awesome if I could get somebody to pay me to write code all day?"  Not too long after that I started learning about security.  Then I thought, "Man, wouldn't it be awesome if I could get somebody to pay me to break things all day?"  As luck would have it, I've now found someone to pay me to write code that breaks things.

Today, Rapid7 announced its acquisition of Metasploit.  Along with that acquisition, my weekend hobbyist role will soon become full-time employment as Core Developer.  From the perspective of the framework, it means there will be a dedicated, fully funded development team where there used to be just a few volunteers hacking away on the weekends.  It means there will be more time to do proper quality assurance.  It means fewer bugs.  More exploits.  Faster development.  It means a bit more organization and planning; decisions based on long term goals and design, not just what's shiny to me right now.  Code won't have to languish waiting for updates or rewrites for lack of a long weekend.  New features won't have to sit patiently in comments or tickets waiting to be implemented because we're all busy at our day jobs. Now, Metasploit is our day job.

From a user's perspective Metasploit will still be free.  All of the important bits are going to remain open-source, a point that was very important to me, since its open nature is what drew me to Metasploit in the first place and what, I believe, attracts many of its users and contributors.  It is likely that the license will be 3-clause BSD for all (or nearly all) of the code I write.  Free code is happy code.

From my perspective, it's going to be awesome.