The Case for Steward Ownership and Open Source with Melanie Rieback

In this episode of The Secure Developer, Danny Allan, CTO at Snyk, interviews Dr. Melanie Rieback, founder of Radically Open Security, a non-profit cybersecurity company. Melanie shares her journey in computer security, her experience as an adjunct professor at the Free University of Amsterdam, and her commitment to more ethical and sustainable business models. Melanie explains that Radically Open Security is structured to donate 90% of its profits to the NLnet Foundation, a charitable organization that supports open source projects and digital rights initiatives. This approach allows the company to remain competitive while positively contributing to the open source community. Melanie emphasizes that this model is particularly relevant in the current context where technologies are evolving rapidly and it is crucial to support digital commons. One of the key points of the discussion is the importance of "steward ownership" and its natural alignment with open source. Melanie mentions that companies like Signal, Proton, and Mastodon have adopted this model, showing a growing trend towards more responsible business structures. Steward ownership separates profit rights from voting rights, allowing profits to be reinvested in the company rather than distributed to shareholders. Melanie also addresses the issue of corporate culture and talent management in a non-profit model. She explains that Radically Open Security operates primarily with contractors, allowing for flexibility and organic growth. She stresses the importance of transparency and ethics in the cybersecurity sector, criticizing the practices of some companies that sell surveillance tools to authoritarian regimes. The discussion then turns to the challenges of corporate culture and how to create a work environment aligned with ethical values. Melanie shares her experiences and mistakes, emphasizing the importance of example and open communication. She also mentions the importance of horizontality in the organization and methodologies like holacracy to foster a healthy corporate culture. Melanie talks about her course "Post Growth Entrepreneurship" at the University of Amsterdam, where she teaches non-extractive business models and alternatives to the Silicon Valley model. She encourages young entrepreneurs to explore these models, although she acknowledges that experience and maturity can be valuable assets. Finally, Melanie and Danny discuss examples of organizations that have successfully adopted ethical and sustainable models, such as Mozilla. They highlight the importance of governance and ownership in the context of national sovereignty and the security of critical infrastructures. Melanie expresses her optimism about the future, seeing a growing awareness of the importance of these models and legislative initiatives in Europe to promote them. For more information on non-profit business models and steward ownership, Melanie recommends consulting the resources of Nonprofit Ventures and watching her online courses on YouTube. These resources provide an in-depth understanding of financial mechanisms and ethical business models.