Overview
- Cal.com said it is moving its production code into a closed repository, pointing to AI tools like Anthropic's Mythos that can find and exploit bugs, including a 27-year-old flaw in OpenBSD.
- The company released Cal.diy under the permissive MIT license as a self-hostable core that keeps scheduling and booking but drops team management, workflows, analytics, and enterprise authentication.
- Executives said open visibility lowers the cost to hack and noted they had already rebuilt sensitive parts, including authentication and data handling, outside the public codebase.
- Current self-hosting customers will receive access to a private, on-premise GitHub repository to keep running the product, while hobbyists can use Cal.diy without enterprise features.
- The move formalizes a split between community code and commercial features that is common in open source businesses and may spur other firms to reevaluate how much code they expose to protect customer data.