COSS Community 🌱

Cover image for OCS 2023 Panel: Open Source Security Products, Go-to-Market Challenges and Opportunities
Joseph (JJ) Jacks for COSS Community

Posted on

OCS 2023 Panel: Open Source Security Products, Go-to-Market Challenges and Opportunities

Clint Smith is the Chief Legal Officer at Discord. Clint has previously served as a board member for Boku, Inc. and the Software Alliance. Clint was also the Vice President, General Counsel, & Corporate Secretary for TrialPay and MySQL.

Prachi Gupta is the VP of Engineering at Discord. Prachi was previously the Director of Engineering at LinkedIn from May 2010 to July 2020. Prachi was recognized by Business Insider as one of the most powerful female engineers in Tech in 2018.

Dave Cole is the CEO & Co-Founder at Open Raven. Former CPO CrowdStrike, Tenable. VP Product at Symantec, Foundstone. Co-host/founder, Security Voices podcast. Board of Directors, Inspectiv.

Gary Orenstein is the Chief Customer Officer at Bitwarden. Along with his work at Bitwarden, Gary is author of IP Storage Networking, a book on the value of storage and backups. Before Bitwarden, Gary served in executive marketing and product roles at enterprise infrastructure companies Yellowbrick Data and MemSQL, and flash memory pioneer, Fusion-io which went public during his tenure there. Earlier in his career, he led marketing at Compellent which after its IPO was acquired by Dell.

Clint discusses joining MySQL - 0:00

Is it better to develop your security through obscurity, or to develop and distribute it in the open? - 0:54

“This panel today will help answer that question.” Clint introduces the panel, including Prachi Gupta (VP of Engineering, Discord), Dave Cole (CEO & Co-Founder, Open Raven), Gary Orenstein (Chief Customer Officer, Bitwarden) - 1:18

For open-source security, is it better to be open source or not? - 2:05

Clint asks Gary about the origins of Bitwarden and the company, size, details. - 2:16

Clint asks Dave if they were thinking open source from the beginning, and the origins of OpenRaven. - 3:38

Prachi, how does Discord use open source? - 5:30

Gary, how important is open source to your go-to-market? - 6:45

Dave, what does the open-ness message mean in your marketing? - 8:16

Prachi: The reason we prefer open-source is because we can look under the covers, because we might be the only people running the software at that scale. - 10:54

Gary: Every once in awhile, you get blown away with how someone is using your product, something you’ve never seen before. You can’t do that with proprietary products. - 11:45

Prachi, if there’s an engineer on your team whose engaging with open source, when and why would you tell the engineer to go and talk with that team or the people behind the open source project - 12:50

Gary: It’s important to pay for professional audits, and that’s so much easier for open-source. - 14:36

Clint: In your sales motion and close to a sale, do you stop talking about open source because you don’t want to hype in the free option and them rolling their own? Or do you keep pushing it? - 15:10

Dave: If you’re anything less than obsessed with the customer’s problem, you’ve lost the plot. We try to steer our conversations towards that, what’s the customers problem? - 15:45

Gary, from the password management side, there are proprietary vendors. How is the sales process different for you? - 17:45

Prachi, Discord has no data centers. Everything is cloud, with a big cloud commitment, and we’re looking for ways to draw down that dollar commitment. When you’re evaluating technology options, are you first looking from our own vendors, to draw down those dollars? How do you think about the public cloud partner and our commitment to that? - 19:35

Dave, I’d love to hear about the channel distribution strategy for OpenRaven and channel partners. - 21:33

Tell me more about the comparison between AWS and Google and partnering with them, working with them. - 23:30

Gary shares thoughts on channel partners. It’s important to identify fulfillment. Have the full data model of the sale mapped from the beginning, it will save you time later on. - 25:18

Gary, procuring a new tech often gets hung up on security review. Does open source give you a pass there? - 26:30

Dave, are you running into this too, selling to CSOs? - 27:50

Prachi shares thoughts on security theatre from a client perspective. - 29:90

Prachi, what rules do you set for engaging with an open source community? Encouraged, discouraged, what rules? - 30:30

Dave, relevance and importance of community to OpenRaven? - 32:10

Bitwarden community, are they building features, forking code? - 33:25

Turning to talent, Prachi, do you see that the best people want their work put in open source and shared with the world? - 34:34

Dave, on the talent side, does open source help you get and retain talent? - 36:40

Gary, on the talent question for Bitwarden? - 37:37

Final thoughts on open source security products. - 38:38

Top comments (0)