Details on the deal were not released, but Rapid7 did go through a $7 million venture financing round last year with Bain Capital.
Metasploit, which is a penetration testing project, will become part of Rapid7's NexPose security suite.
In reaction to this deal the usual suspects made the usual noises, worried that Metasploit may go closed source or take its eye off the ball, but to founder HD Moore it's all good.
He revealed in a blog post called Metasploit Rising that he's been working on the project as a hobby for six years, but he will now have a full-time job as Chief Security Officer for Rapid7. The Metasploit developer who goes by the nom de keyboard Egypt will also go on salary at Rapid7. (Don't knock it if you haven't tried it.)
Projects get commercial arms all the time, with lead developers often becoming executives like Dries Buytaert at Drupal or Matt Mullenweg at WordPress. This is generally received with much rejoicing among community members. It means software will get regular updates and they can obtain professional help when their questions go beyond what the community can answer.
This deal seems like just another way of doing the same thing, only the founders get to stay at their keyboards, in development, without having to become salesmen or magazine cover boys. The concern is whether the commercial sponsor/owner has the same love of the code and the community that the founders did.
I can't answer that for certain, but that's the way toward profit. If a community has value, and that of Metasploit certainly does, then Rapid7 would be foolish to do anything but support it.