I have written now several times about Rapid7 and their commitment to the open source community. It started a while back when they acquired the Metasploit project (a leading pen test tool) and hired its manager, HD Moore to an executive position. Since then, Rapid7 has continued to put its money where its mouth is regarding support of open source security projects. They have donated funds to hire engineers, undertaken sponsorship of specific technical development milestones. Some of the other open source projects they have underwritten are w3af and John the Ripper. They have been an exemplary corporate open source community member.
I must admit that when they first acquired the Metasploit project I had my doubts about their good intentions. I remember speaking to HD Moore back then and he reassured me that they were going to be good open source community citizens. Well I was certainly wrong on this one. They have been more than good citizens.
With this new program Rapid7 is setting aside 100k to divide among the 7 winners. According to the company:
Any security-related open source project – with a preference for BSD-compatible licensing – is applicable and encouraged to submit a “Magnificent7” application. After the Rapid7 program committee reviews all initial proposals, promising projects will be chosen to participate in the second round of application, taking place at the UNITED Security Summit, where they will be granted a 45-minute presentation and in-person Q&A session with the Rapid7 committee. During their pitch, participants will be judged based on several criteria including a working demonstration of the software and the caliber of their project roadmap. Selected recipient(s) for the first funding phase will be announced following the UNITED Security Summit and the second round will open for submissions in Q1 2012.
To submit a nomination for Magnificent7 funding consideration, please visit the Rapid7 Community website for details and guidelines and email the submission to email@example.com. All first round submissions are due by September 9, 2011.
All first round registrants must be registered to attend the United Security Summit.
The United Security Summit is also the brainchild of the Rapid7 team, but has found wide support from the security community. Actually I am one of the guest speakers at United speaking on risk analysis and vulnerability management. But let me be clear I have nothing to do with the open source Magnificant7 awards.
It will be interesting to see what open source projects are selected and if the corporate sponsorships make a difference. I am looking forward to more open source support from Rapid7 and hope to see other security vendors join in the support of the open source community.