Cal.com Closes Codebase, Discourse Stands Firm on Open-Source
Cal.com has announced they're shutting down their codebase, citing concerns that open-source transparency is now a liability in the face of AI-powered attacks. However, Discourse's founder disagrees, arguing that openness actually increases security.
According to Cal.com, AI has made it too easy for attackers to exploit vulnerabilities in open-source code. They claim that closing their codebase will give them "buy time" to patch issues before attackers find them. However, Discourse's founder points out that this approach is flawed, as AI-powered scanning tools can still identify vulnerabilities even without access to the source code.
Discourse has been an open-source project for over a decade and has seen no decrease in security despite its transparency. In fact, the company credits openness with increasing their defensive capacity, allowing them to catch issues early and patch them quickly.
The industry is changing rapidly, with new AI-powered tools emerging regularly. While this presents challenges for security, Discourse's founder believes that openness is still the best defense against AI-powered attacks. The company plans to continue using AI-powered scanning tools to identify vulnerabilities and will not be closing its codebase.
AI-Powered Scanning Tools: A Game-Changer in Security
The use of AI-powered scanning tools has dramatically increased the speed at which vulnerabilities can be discovered. In one example, OpenAI's Codex Security scanned over 1.2 million commits across external repositories in a 30-day period and identified over 10,000 high-severity findings.
Discourse is already using these tools to scan its codebase regularly, with impressive results. The company has found and patched over 50 security issues in the past month alone.
Competitive Pressure and Governance Concerns
Cal.com's decision to close their codebase may be motivated by more than just security concerns. The founder suggests that competitive pressure and governance challenges are also at play, citing the need for companies to protect their intellectual property and maintain control over their architecture.
However, Discourse's founder argues that these concerns should not be used as an excuse to abandon openness. Instead, companies should focus on building robust security practices and engaging with the open-source community to strengthen their defenses.
The Future of Security in 2026
As AI-powered attacks continue to evolve, it's clear that traditional security approaches will no longer suffice. Discourse is embracing this change, using AI-powered scanning tools to stay ahead of potential threats.
With prices for these tools expected to drop and quality improving, it's likely that more companies will follow suit. However, Discourse remains committed to its open-source approach, believing that transparency and collaboration are key to building a secure online community.
