Rapid7, the leading provider of security risk intelligence solutions, today announced that it has selected three new open source projects for the Magnificent7 Program, which supports innovative open source projects in the security industry. John the Ripper, Ghost and Buttinsky will all be supported in the second round of the program, which starts immediately. The three projects will receive financial support as well as technological, business, and marketing mentoring and expertise. Ghost and Buttinsky were chosen due to their fresh approaches to critical and underdeveloped security sectors. John the Ripper's inclusion in the program builds on Rapid7's previous support of the project, which resulted in a major technology update in 2011 and integration with the Metasploit Framework.
The Magnificent7 Program was created with a view that in the increasingly complex security landscape, open source projects can represent the best of community collaboration and deliver innovative solutions to solve very real security challenges. Rapid7 is committed to supporting these projects so they can grow and make a greater impact for more organizations. The first two projects supported by Magnificent7 – Androguard and Cuckoo Sandbox – have both released updated versions since their inclusion in the program in March 2012.
The open source projects being supported in the second round of Rapid7's Magnificent7 Program are:
John the Ripper
Rapid7 first partnered with John the Ripper – the most widely-used open source password cracking and auditing tool – in 2011, when it supported a development project that delivered a 17% improvement in gate count for the Data Encryption Standard (DES) Algorithm. Its inclusion in the Magnificent7 Program builds on this relationship, enabling core developer Alexander Peslyak to enhance parallel and distributed processing support for John the Ripper.
"Being selected for the Magnificent7 Program builds on an already-productive working relationship with Rapid7," said Alexander Peslyak, founder and core developer of John the Ripper. "There's clear demand for better parallel and distributed processing support in John the Ripper as this will enable users to more easily and effectively utilize a larger amount of computing resources. This development has consistently stayed on the back burner, but the funding from Magnificent7 will change that!"
Ghost USB Honeypot
Ghost, led by Sebastian Poeplau, is a targeted honeypot for USB malware that functions by emulating a USB flash drive to bait, detect and collect information from infected systems allowing security practitioners to protect enterprise sized networks. With Magnificent7 support, Poeplau hopes to discover preventative measures to complement the reactive functionality of the current product.
"I'm very excited that Ghost was accepted for the Magnificent7 Program. Working with Rapid7 is a great opportunity to make the project available to a wide audience and implement a lot of exciting new features," said Sebastian Poeplau, lead developer of Ghost. "I'm particularly honored to find Ghost in the company of excellent projects such as Cuckoo Sandbox and Androguard."
Lead developers, Patrik Lantz and Lukas Rist, will build a comprehensive botnet monitoring tool from scratch by combining the approaches and goals of Lantz's and Rist's existing botnet tools, Hale and WSBS, respectively. Eventually Buttinsky will integrate HPFeeds to receive sandbox data analysis, and will utilize behavior analysis to avoid detection and learn about command infrastructure.
"Botnet monitoring is a crucial part of threat analysis, but is often neglected due to the lack of proper tools," said Patrik Lantz, lead developer of Buttinsky. "The Magnificent7 Program will generate great visibility for this project to become widespread, and provide us with technical support that will aid us towards a final product that incorporates the functionality needed in the community."
If you have an innovative open source project that addresses a problem in the security space, Rapid7 would like to hear from you! Please see the Magnificent7 submission guidelines for details.
Rapid7 is the leading provider of security risk intelligence. Its integrated vulnerability management and penetration testing products, Nexpose and Metasploit, and mobile risk management solution, Mobilisafe, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are used by more than 2,000 enterprises and government agencies in more than 65 countries, while the Company's free products are downloaded more than one million times per year and enhanced by the more than 175,000 members of its open source security community. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. Its products are top rated by Gartner®, Forrester® and SC Magazine. The Company is backed by Bain Capital Ventures and Technology Crossover Ventures. For more information about Rapid7, please visit http://www.rapid7.com.