For those who have been wondering what we’ve been up to, we are pleased to announce the immediate availability of NeXpose Community Edition.

Community Edition is an important part of our commitment to say what we mean and to do what we say we’re going to do. When we made the Metasploit announcement, there was much speculation about metasploit joining the Rapid7 family and what this means for the community. In some cases, people have understandably expressed concerns about the open source future of the project. There have even been questions about Rapid7’s broader commitment to the community. With the Metasploit announcement, we assured the community that the Project would remain open source. NeXpose Community Edition is an important part of our commitment to the community and raising the bar for the right reasons.

Sincere thanks to all of those within Rapid7 and throughout our network who provided valuable guidance and feedback. We could not have done this without your help.

We’re confident that you’ll like what you see in NeXpose Community Edition. Here is a quick snapshot of what is included:

• Out-of-the box Metasploit integration
• Coverage for more than 11,000 vulnerabilities with nearly 40,000 vulnerability checks included
• Targeted coverage for Operating Systems, Network Devices, Web Server infrastructure, and Database Platforms (up to 32 IPs).
• Regular, automatic vulnerability coverage updates
• 24 hour or less delivery of new vulnerability checks following Microsoft Patch Tuesday
• Prioritized risk assessment – identifies risk based upon how the vulnerability in one system affects another.
• Remediation guidance and Vulnerability descriptions
• Accurate scan results – use of the expert system to provide the same precision and accuracy as NeXpose Enterprise
• Extensive community support – provides knowledge exchange via full access to the Rapid7 Community Portal at http://community.rapid7.com.
• Simple deployment – easily deploys as a software solution on laptops and desktops.
• No cost start-up security solution – provides a free entry-level vulnerability management solution.

So check it out and let us know what you think. Download is available at: www.rapid7.com/nexposecommunitydownload.jsp

Metasploit's commercial rival Core Security says its integration with vulnerability scanning is well established, and a healthy separation between pen testing and vulnerabilty scanning should be maintained. "You still need the separate data," says Fred Pinkett, vice president of product management for Core Security. "A pen-testing tool only covers a certain number of remotely exploitable things, so you need that vulnerability scanning data you still need to do those scans and understand what that data is telling you" about what's exploitable, he says.