~icefox/cf_issues#26: 
Ponder how to make this a business?

Basically... can we open source this code? I want to that do for many reasons, but the most pressing ones are trustworthiness and reproducability.

If we keep the code closed source, how could we make a living off of it, without doing promotions or making parts of the data non-public?

  • Sell specific analysis -- basically, sell my analysis services
  • Sell privilieged access -- basically, sell more-raw derived data or raw data that is, on the website, only available indirectly
  • Sell platform customizations -- if someone wants the website to do X, they can sponsor it, and everyone gets the results
  • Sell platform infrastructure -- if someone wants a version that runs against, say, Python code, they can pay for it to be bought and run.

None of these seem terribly hopeful. I'm wanting something like what http://contribsys.com/ does with Sidekiq, which seems to be "free accounts get open-source software to do X, or you can buy the closed-source version which does X+N". But we're not producing tools, we're producing information. Maybe selling people accounts that grant access to more information is the way to go. :-/

Status
REPORTED
Submitter
~icefox
Assigned to
No-one
Submitted
6 years ago
Updated
6 years ago
Labels
AREA-Infrastructure TYPE-Design research

~icefox added TYPE-Design research 6 years ago

~icefox added AREA-Infrastructure 6 years ago

~icefox 6 years ago

Maybe we can do something regarding code review services? In that case basically I (and probably others) form a company for providing security consulting, and use cargofox as a tool for it.

~icefox 6 years ago

Another other way would be to provide cargofox as a tool for people to perform and register code reviews, post and accept bounties on them, and so on. So someone could look at a crate, say "this is reviewed poorly" and post a bounty to either review it or improve it. Then we either take a cut, or offer some sort of escrow services, or people pay for an account that can see/work with/submit bounties, something like that.

This is more desirable because other people do the work and we run the infrastructure. :-P But it also means that a) all the analysis stays free, b) all the important code can be open-sourced and thus peer-reviewed.

But, I don't know much about this sort of market. Talk to Julianne and/or Crichton about it? Or go find some places that already do this and collect some bounties, and see how it goes.

~icefox 6 years ago

Or just do patreon. Meh.

~icefox 6 years ago

Good suggestions in #45. Takeaways:

  • There are multiple services that do similar things to this already, on a paid basis, and they presumably make a living off of it.
  • Nobody's going to trust the code if it stays closed-source
  • Companies should theoretically donate to this if they find the information useful. But I have little faith that they will.
  • I don't want to sell privileged access or early access to tools, and that isn't really feasible with open-source development anyway. But what I can do is sell privileged availability and notification. Doing this stuff routinely is going to take significant amounts of storage and compute power, and so even if it's open source, selling notifications and faster turnaround time seems to be the most hopeful prospect.
Register here or Log in to comment, or comment via email.