Last week we finally released the open-source community edition (CE) of KIProtect on Github! Like most software projects this one took us longer than we thought. Therefore we're really happy that it's out in the open! Open sourcing our core toolkit was important to us. Therefore, we were quite excited to finally flip the visibility switch of our Github repo to "public" and make it open-source.

Why did we do this?

We open-sourced our core software stack mainly for two reasons:

• Transparency: We want to make it easy for everyone to understand how our algorithms and methods work, and to verify that they are implemented correctly following security & privacy best practices. We believe open-sourcing or core software stack is the best way to ensure this.
• Community: By open-sourcing our software we want to empower contributors to extend and improve KIProtect for everyone by writing new integrations, transformations and extensions.

So how are we going to make money if we give away our software for free? Well, first of all, we won't open-source everthing: Certain features, like SQL-backed model and paramter stores or advanced aggregation and discovery methods will remain in our proprietary enterprise edition (EE) for now, which we offer commercially to clients. The features that we retain are not essential but make life much easier when using KIProtect in an enterprise environment, so we think it's a no-brainer to buy them. Smaller organizations can still rely on the community-edition, which is fully functional and useful by itself. As we continue developing, we will migrate more and more features from the enterprise edition to the community edition, making sure that our open-source community can also benefit from them eventually.

Which license did we chose?

After a long deliberation process we finally decided to license KIProtect CE under the Affero GPL (AGPL 3.0) license. We did this for three reasons:

• KIProtect is a tool that can be used from the command line like any other Linux/Unix tool. It is not necessary to integrate KIProtect as a library into a software project or other toolchain. Hence, there is little risk for "contaminating" other software projects by simply using KIProtect (which is them main argument against using a strong copyleft license like the AGPL).
• We want improvements that organizations or individual contributors make to KIProtect to be available to the entire community. Licensing it under the AGPL ensures this.
• We want to ensure that we can derive fair value from our development efforts and therefore want to make it difficult for competitors to piggypack on our open-source work. Again, the AGPL ensures this better than most other licenses.

We are aware that choosing the AGPL might make it difficult for some organizations to integrate KIProtect into their own codebase. In these cases we are willing to provide KIProtect under a commercial license that allows integration and use without contaminating the integrating codebase. The revenue that we (hopefully) will generate from such licenses will go back into the development of the open-source software, so that again the whole community will benefit. This is new again.

So what's next?

Right now KIProtect CE is still a pretty simple tool with limited functionality, so we plan to add many more features in the coming weeks. The following things are on our list:

• Anonymization of data using differentially private aggregations.
• Discovery of sensitive information using regex and statistical techniques.
• Management of user consent and processing purposes.
• Validation, analysis and enforcement of data schemas.
• More data sources and destinations.
• Better logging and monitoring.

Any feedback?

Are you interested to use KIProtect, do you have any feedback, ideas or feature requests for us? Then please visit us on Github and become part of the community, we're happy to hear from you!