Discourse co-founder Sam Saffron responds to Cal.com's decision to close their source code, arguing that open source remains the stronger security posture even in an AI-accelerated threat environment. He contends that closed source only reduces defensive capacity while attackers can still probe running systems via APIs, JavaScript, and binaries. Discourse's approach involves running AI vulnerability scanners (GPT-5.4, Claude Opus) in multi-day deep scans every release cycle, using agents to validate findings with failing tests before escalating to humans. Saffron also suggests Cal.com's real motivations are competitive pressure and governance friction rather than genuine security concerns, and reaffirms Discourse's commitment to GPLv2 open source after 13 years.
Table of contents
Why companies go closed sourceHow we handle security in 2026What we owe the ecosystemSort: