The developers of the automation platform for meeting scheduling and scheduling management Cal.com announced that they have stopped publishing the source code of the full version of the product and providing a stripped-down fork of cal.diy, translated from AGPLv3.0 to the MIT license. The reason for changing the approach to development is the increase in risks associated with ensuring the security of the SaS platform, given the breakthrough of AI models in the field of searching for vulnerabilities and writing exploits.
If previously identifying vulnerabilities and creating exploits took a lot of time and was the job of professionals with many years of experience, now, thanks to AI, even a beginner can create an exploit for a new vulnerability faster than developers will spend time writing a fix. To protect the data of the cloud service built on the Cal.com platform and reduce the risk of compromise, it was decided to stop publishing the source code of new releases.
For those who care about the availability of the source code, a fork cal.diy has been created, which will be maintained by the community. The fork contains only basic functionality suitable for running a meeting scheduling platform on your server, but lacks features offered in the full enterprise version, such as an SSO/SAML analytics dashboard, support for teams, organizations and workflows. In addition, many key subsystems have been rewritten in the proprietary version, including authentication and data processing.