RiskyTrees is now Functional Source Licensed

On Parties

This is not going to be a glamorous post. I can think of perhaps no worse conversation starter than “So: what do you think about software licenses?” But let’s do it anyway.

RiskyTrees builds security products for security teams. While of course we’d prefer not to actively burn money while doing so, we are much more concerned with advancing our mission than the money-making aspect of the business.

As such, we could not in good faith continue operating our core services without making our source code available.

On Source Code

Making your source code available to the public certainly seems intimidating to many organizations, but from a security perspective, the benefits outweigh the costs. Assuming you enable security reporting, being able get thousands of eyes from across the globe appears to assist ensuring the security bar of software remains high.

We want anyone who uses RiskyTrees to know it is not one of the pieces of your software collection you need to worry about. You should be able to see what it does (and, just as importantly, what it doesn’t do), and deploy it yourself if that is preferable given your risk appetite.

On Licensing

So here’s the punchline:

RiskyTrees is now available for you to read, audit, deploy, and run yourself, completely for free.

After much research, we have landed on licensing our code with the Functional Source License, Version 1.1, MIT Future License. This is quite elegant and can be summarized as: you can read, run, and even copy the source assuming you don’t build a competing company. Further, any code that’s been around for 2 years becomes MIT licensed.

We hope this encourages confidence in our software, as well enabling communities to form along side us. Risk analysis is something we all need to get better at, and doing it alone is certain to result in failure.

So join us: https://github.com/riskytrees