When Rapid7 bought the Metasploit Project exactly one year ago this week, there were rumblings of concern that the open-source penetration testing tool would lose its identity and go all commercial.