Open Source Isn't Dead. Cal.com Just Learned the Wrong Lesson

📝 Discussion Summary (Click to expand)

Prevalent Themes in the Discussion

Closing source is being used as an excuse rather than a genuine security necessity

“Spineless bullshit excuse instead of owning your choices.” – funvill
“Blaming AI here feels like cover.” – ahmedallam2
AI‑driven vulnerability discovery changes the security calculus

“Given what the clankers can do unassisted and what more they can do when you give them ghidra, no software is ‘closed source’ anymore.” – baq
Business viability drives the licensing shift; open‑core is no longer sustainable

“Separating codebase and leaving ‘cal.diy’ for hobbyists is pretty much the classic open‑core path. The community phase is over and they need to protect their enterprise revenue.” – p_stuart82

🚀 Project Ideas

Generating project ideas…

Continuous automated AI security scanning for open‑source and private repositories, delivering real‑time vulnerability reports and remediation guidance.
Gives maintainers a transparent security posture they can publish, addressing the “excuse to close source” frustration.

Key	Value
Target Audience	Open‑source maintainers, DevOps teams, security engineers
Core Feature	AI‑driven code and binary analysis, continuous integration alerts, public security dashboard
Tech Stack	Backend: Python, FastAPI; Scanning: Ghidra + LLM embeddings; Frontend: React; DB: PostgreSQL; CI: GitHub Actions
Difficulty	Medium
Monetization	Revenue-ready: $19 per month per repository

HN commenters repeatedly mention AI scanners as a looming threat; this tool turns that into a proactive service.
Low friction for projects to publish their audit results, fostering trust without closing source.

A lightweight SaaS marketplace that lets open‑source projects monetize premium services (support, hosting, custom features) while keeping the core code fully open.
Solves the “can’t make money without closing” dilemma highlighted by Cal.com’s CEO.

Key	Value
Target Audience	Open‑source maintainers, small SaaS startups, indie developers
Core Feature	Subscription tiers, revenue split, licensing badge, community governance dashboard
Tech Stack	Full‑stack: Node.js/Express, GraphQL, Redis; DB: MongoDB; Auth: OAuth; Frontend: Vue
Difficulty	Low
Monetization	Revenue-ready: 5% transaction fee on each payment

Directly addresses comments like “blaming AI here feels like cover” by providing a legit monetization path.
Enables community to support projects without forcing a license change, preserving the “many eyes” benefit.

Upload compiled binaries (e.g., ELF, PE) and receive AI‑generated high‑level source‑like representations plus automated vulnerability highlights, bridging the gap for closed‑source security audits.
Turns the “AI can’t find vulnerabilities without source” argument into a useful service.

Key	Value
Target Audience	Security researchers, closed‑source vendors, reverse‑engineers, bug‑bounty platforms
Core Feature	Binary disassembly + LLM reconstruction, CWE mapping, exportable report
Tech Stack	Backend: Rust + Capstone + Tiktoken‑based LLM pipeline; Frontend: Next.js; Storage: S3
Difficulty	High
Monetization	Revenue-ready: $0.01 per MB of binary processed

Frequently discussed in HN as “AI can read binaries, making source unnecessary”; this product formalizes that capability.
Provides a tangible alternative to closing source, letting companies keep IP while still offering security transparency.