• I Received a Virtru Email

Virtru’s Open Source Strategy

Our browser extensions run on open source browsers like Google Chrome and Mozilla Firefox. Our JavaScript applications are based on ComponentJS and high-quality Javascript frameworks that the web has come to depend on such as JQuery. Our server-side systems rely on Linux, nginx, CouchDB, Redis, and more.

While we depend on open source, we also understand that just using open source isn’t enough. To ensure that the open source ecosystems we depend on are sustainable, our engineering team is participating in and contributing to the projects we rely on. We participate and contribute every chance we get, because ensuring the success of the projects we depend on it is as critical to our own success as the code we write for Virtru itself.

Virtru needs to become more than just a good open source “citizen” – it must be an active consumer and participant. As a company creating tools focused on security, we fully understand that releasing our code as open source is a given for many in the security community. Proprietary code is far less secure than its open source alternative. Our long-term strategy at Virtru involves open sourcing the following components:

  • Our TDF implementations, including TDF.js under an open source license in the coming months.

  • Client-libraries that interact with TDF.js and our key management services.

  • Server-side libraries to help make third-party key management services freely available.

That last item is critical. We want independent developers to be able to stand up their own key servers. This technology is too important to hide behind a proprietary license.

At Virtru, we think that securing email and attachments with TDF is just the first step. We’d like other companies, software vendors, and open source projects to start incorporating the core technology into their software, and we’re convinced that a standard like TDF will become as important and ubiquitous as SSH is for interactive logins and SSL for web sites.

If you are wondering why these technologies are not yet open source, the answer is that it takes time to get all the details in order. We have to work with our legal advisors and work through licensing before Virtru releases more open source components. Meanwhile, we need to make sure that we don’t just do a “code drop” without creating the appropriate structures for community and external contribution. Yes, we could just flip a switch and make TDF.js public today, but we’re more interested in creating a sustainable community.

We’ve already made a small number of Apache-licensed open source libraries public via GitHub. At this point, if you are a ComponentJS developer or if you write Javascript, you’ll find a handful of utilities. You can find out more about the collection of open source components we’ve already released under open source licenses at https://github.com/virtru.

To reiterate, open source plays a critical role in the long-term success of both Virtru and the TDF format.