I have written now several times about Rapid7 and their commitment to the open source community. It started a while back when they acquired the Metasploit project (a leading pen test tool) and hired its manager, HD Moore to an executive position. Since then, Rapid7 has continued to put its money where its mouth is regarding support of open source security projects. They have donated funds to hire engineers, undertaken sponsorship of specific technical development milestones. Some of the other open source projects they have underwritten are w3af and John the Ripper. They have been an exemplary corporate open source community member.
I must admit that when they first acquired the Metasploit project I had my doubts about their good intentions. I remember speaking to HD Moore back then and he reassured me that they were going to be good open source community citizens. Well I was certainly wrong on this one. They have been more than good citizens.
With this new program Rapid7 is setting aside 100k to divide among the 7 winners. According to the company:
Any security-related open source project – with a preference for BSD-compatible licensing – is applicable and encouraged to submit a “Magnificent7” application. After the Rapid7 program committee reviews all initial proposals, promising projects will be chosen to participate in the second round of application, taking place at the UNITED Security Summit, where they will be granted a 45-minute presentation and in-person Q&A session with the Rapid7 committee. During their pitch, participants will be judged based on several criteria including a working demonstration of the software and the caliber of their project roadmap. Selected recipient(s) for the first funding phase will be announced following the UNITED Security Summit and the second round will open for submissions in Q1 2012.
To submit a nomination for Magnificent7 funding consideration, please visit the Rapid7 Community website for details and guidelines and email the submission to email@example.com. All first round submissions are due by September 9, 2011.
All first round registrants must be registered to attend the United Security Summit.
The United Security Summit is also the brainchild of the Rapid7 team, but has found wide support from the security community. Actually I am one of the guest speakers at United speaking on risk analysis and vulnerability management. But let me be clear I have nothing to do with the open source Magnificant7 awards.
It will be interesting to see what open source projects are selected and if the corporate sponsorships make a difference. I am looking forward to more open source support from Rapid7 and hope to see other security vendors join in the support of the open source community.
As co-founder and Managing Partner at The CISO Group, Alan Shimel is responsible for driving the vision and mission of the company. The CISO Group offers security consulting and PCI compliance management for the payment card industry. Prior to The CISO Group, Alan was the Chief Strategy Officer at StillSecure. Shimel was the public persona of StillSecure as it grew from start up to helping defend some of the largest and most sensitive networks in the world.
Shimel is an often-cited personality in the technology community and is a sought-after speaker at industry and government conferences and events. His commentary about the state of security, open source and life is followed closely by many industry insiders via his blog and podcast, "Ashimmy, After All These Years" (www.ashimmy.com). Alan is now also a regular contributor to The CISO Group’s security.exe blog and podcast. Follow him on Google.
Alan has helped build several successful technology companies by combining a strong business background with a deep knowledge of technology. His legal background, long experience in the field, and New York street smarts combine to form a unique personality.
Disclosure: The CISO Group sells a software-as-a-service PCI compliance application called SAQPro. The company is independent and does not represent any other vendor's products as a reseller.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited.