<![CDATA[Open Source calendar platform goes proprietary under the delusion that "AI" means keeping their code secret leads to more secure software.]]>Open Source calendar platform goes proprietary under the delusion that "AI" means keeping their code secret leads to more secure software.

The move does absolutely nothing to increase the security of their product.

Link Preview Image
Cal.com Goes Closed Source: Why AI Security Is Forcing Our Decision | Cal.com - Scheduling Software for Online Bookings

Cal.com goes closed source after 5 years. Here’s why rising AI-driven security risks and vulnerability discovery are forcing us to protect customer data.

favicon

(cal.com)

]]>https://board.circlewithadot.net/topic/8d51990e-630a-4676-86dc-c3623ab1011b/open-source-calendar-platform-goes-proprietary-under-the-delusion-that-ai-means-keeping-their-code-secret-leads-to-more-secure-software.RSS for NodeThu, 30 Apr 2026 17:40:31 GMTWed, 15 Apr 2026 15:48:45 GMT60<![CDATA[Reply to Open Source calendar platform goes proprietary under the delusion that "AI" means keeping their code secret leads to more secure software. on Wed, 15 Apr 2026 19:35:45 GMT]]>@downey this is especially stupid because prior versions of the code, with the same vulnerabilities, will continue to publicly exist. Welcome to the worst of all worlds!

]]>https://board.circlewithadot.net/post/https://raphus.social/ap/users/116366479330331657/statuses/116410400500338552https://board.circlewithadot.net/post/https://raphus.social/ap/users/116366479330331657/statuses/116410400500338552Wed, 15 Apr 2026 19:35:45 GMT<![CDATA[Reply to Open Source calendar platform goes proprietary under the delusion that "AI" means keeping their code secret leads to more secure software. on Wed, 15 Apr 2026 16:19:43 GMT]]>@dvshkn blaming open source as cover for bad business decisions is nothing new

and of course "ai" (llm) excuses are now taking some of that share of obvious (and just as untrue) scapegoat& misinformation

]]>https://board.circlewithadot.net/post/https://floss.social/users/downey/statuses/116409629669025859https://board.circlewithadot.net/post/https://floss.social/users/downey/statuses/116409629669025859Wed, 15 Apr 2026 16:19:43 GMT<![CDATA[Reply to Open Source calendar platform goes proprietary under the delusion that "AI" means keeping their code secret leads to more secure software. on Wed, 15 Apr 2026 16:16:11 GMT]]>@downey The part left unsaid is that SaaS companies like this are also afraid of younger startups vibe-copying all of their stuff. AI might be ending the VC-backed "open core" open source model, but I don't really see community driven "FOSS" open source going away. We might be witnessing a bifurcation.

]]>https://board.circlewithadot.net/post/https://social.treehouse.systems/users/dvshkn/statuses/116409615756364550https://board.circlewithadot.net/post/https://social.treehouse.systems/users/dvshkn/statuses/116409615756364550Wed, 15 Apr 2026 16:16:11 GMT<![CDATA[Reply to Open Source calendar platform goes proprietary under the delusion that "AI" means keeping their code secret leads to more secure software. on Wed, 15 Apr 2026 16:09:19 GMT]]>Obscurity is not and will never be security.

]]>https://board.circlewithadot.net/post/https://floss.social/users/downey/statuses/116409588716776636https://board.circlewithadot.net/post/https://floss.social/users/downey/statuses/116409588716776636Wed, 15 Apr 2026 16:09:19 GMT<![CDATA[Reply to Open Source calendar platform goes proprietary under the delusion that "AI" means keeping their code secret leads to more secure software. on Wed, 15 Apr 2026 16:07:22 GMT]]>@downey@floss.social @relay@relay.infosec.exchange As much as I wish this were true, it’s not. Obscurity is a valid security layer and open source software with exposed source code _does_ make it easier for attackers to find attack vectors.

Without access to source code an attacker has to infer vulnerabilities by hitting the code. Those recon hits are visible in security tools like SIEMs.

Open source vulnerabilities can be discovered directly from the source and the attacker can craft the perfect exploit without ever touching production code. Then hit it once very effectively, probably escaping detection because there’s no recon signals.

The days of being used for actual critical applications drawing to a close.


]]>https://board.circlewithadot.net/post/https://foostang.xyz/mrfoostang/p/1776269242.126561https://board.circlewithadot.net/post/https://foostang.xyz/mrfoostang/p/1776269242.126561Wed, 15 Apr 2026 16:07:22 GMT<![CDATA[Reply to Open Source calendar platform goes proprietary under the delusion that "AI" means keeping their code secret leads to more secure software. on Wed, 15 Apr 2026 15:53:12 GMT]]>@downey

]]>https://board.circlewithadot.net/post/https://c.im/ap/users/115691859295411580/statuses/116409525379684588https://board.circlewithadot.net/post/https://c.im/ap/users/115691859295411580/statuses/116409525379684588Wed, 15 Apr 2026 15:53:12 GMT