In a recent podcast, Steve Gibson tries to sound knowledgeable about malware, vulnerabilities and exploitation. For whatever reason, Gibson tries to explain the Metasploit project as a "malware exploitation framework". From the project's own description, it "provides useful information and tools for penetration testers, security researchers, and IDS signature developers." Metasploit really has nothing to do with malware specifically, and it isn't a "test bed and a hosting bed" at all.
Original source:
http://media.GRC.com/sn/SN-238.mp3
http://www.grc.com/sn/sn-238.txt
STEVE: And there's one interesting new little module has been added to Metasploit that - Metasploit is this framework which is - at best it's quite controversial, I would say. It's a malware exploitation framework which is a sort of a test bed and a hosting bed for all the different kinds of things that we talk about here. Generally, by the time our listeners are hearing about it, someone has taken a vulnerability which is then understood, and written some code.