back to article Metasploit creator seeks crowd's help for vuln scanning

Security outfit Rapid7 has decided that there's just too much security vulnerability information out there for any one group to handle, so its solution is to try and crowd-source the effort. Announcing Project Sonar, the company is offering tools and datasets for download, with the idea that the community will provide input …


This topic is closed for new posts.
  1. ecofeco Silver badge

    No thanks, but good luck

    I've tried a few crowd sourced distributed computing projects. Never again unless it's to help stop some kind of E.L.E. The way the programs hog my PC resources is unacceptable.

    That said, I do wish them sincere good luck and think they have a good idea.

  2. grumpy-git


    perhaps if the project could run only at times when the screen saver is active then it may be of more interest.

    Pre-assigned functions shouldn't be toooo hard to set up for download for running in the background when other applications are suspended for example with auto-uploads of data when given milestones are reached.

    Seem to remember a Climate Change project using distributed crowd resources which did this, even though the actual project had errors... so not beyond the realms of the organisers to provide this option

    Looks like a good idea in principle and I wish them luck

  3. david 12 Silver badge

    Google should be providing this information free to registered security researchers. They already have a massive scanning program, and a massive data collection, storage and distribution program. This should be a publlc service from the company.

    1. Ambivalous Crowboard

      Why should they?

      Google are a business, a profit-making entity. They can do (and will do) what they want. You want our own Google data? Set up your own Google.

      1. Robert Helpmann?? Silver badge

        Re: Why should they?

        Google should be providing this information free to registered security researchers...

        Google are a business, a profit-making entity. They can do (and will do) what they want.

        Yes, but there are some pretty compelling reasons for them to provide this service. Most obviously, it is relatively cheap for them to do this sort of thing and it ought to work as advertising for the company as a whole. Increasing the overall security of the online world works in their favor both directly (fewer vectors of attack against them directly) and indirectly (the customers are more likely to spend money on Google's services if the environment in which they operate is more secure). It provides at least the excuse of legitimacy for some of the data gathering they might otherwise be criticized for.

      2. ecofeco Silver badge

        Re: Why should they?

        Internet security, much like public health, is an issue that now has very serious consequences for everyone, including Google.

        That's why they should.

  4. Anonymous Coward
    Anonymous Coward

    Botnet port and exploit scanner that will defeat any port scanning detecting firewall by using 1 host per port.

    Nice, but why dont they just ask the NSA, im sure they have already mapped the entire internet by now... oh wait they dont like to share.

    Still a good idea, although its pretty likely botnets have been doing this for ages...!

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020