The Qubes OS team announced that the project will start to prioritize enterprise contracts to reach financial sustainability. It also announced a community fund that makes it easier for individuals to donate.
Qubes OS was first launched in 2010, and since then it’s been mainly funded through consulting and R&D contracts obtained by the project creators’ security company, Invisible Things Labs. Since 2014, the Qubes OS project has also received grants from the Open Technology Fund. The OTF has also funded projects such as the end-to-end encrypted Signal app and Subgraph OS, another privacy and security-focused operating system.
The Qubes OS team also tried to make some money from selling support for “Windows AppVMs,” but that idea ultimately failed. It also pursued a licensing avenue with notebook manufacturers, but ultimately the team decided to postpone that idea until it can ensure that notebook hardware can be guaranteed to be secure.
One of the biggest obstacles standing in the way of that right now are Intel’s Management Engine and AMD’s “Platform Security Processor.” The worry is that both could enable remote access for unauthorized users such as Intel or AMD themselves or, more worryingly, intelligence agencies.
Although Qubes OS’ user base has grown to about 20,000 active users, and it keeps growing, it’s still relatively small. Many of those users may not be able to donate too much on a recurring basis to keep the project alive. However, the Qubes OS team has partnered with Open Collective, a platform for funding open source projects, to make it easier for individuals to support the project.
In order to be able to significantly expand the team and accelerate the development for the Qubes platform, the team also decided to sell custom support to several big companies. The first pilot with at least one large company should begin in the first half of 2017. After it has been successfully completed, the team aims to expand support for more companies, both large and small.
As Edward Snowden’s operating system of choice due to its focus on security through VM isolation, and after so many data breaches making headlines lately, Qubes OS is likely to find some success with companies that want to prioritize strong end-point security.
The team wanted to note that Qubes OS will always remain open source, even if some features will need to be reworked to fit some enterprise customers’ needs. The new code would also be made open source.
