konklone

If you open source your Android app, I'd be happy to contribute a fix for the issue.

In Nate's talk at Google, he mentioned that he'd probably benefit from using R sometimes, but the friction of switching tools makes it hard to do.

Hey CapitolBells: time for the tough questions! You've described in this AMA that your main reason for operating as a for-profit and not a non-profit is to avoid legal problems that come with advocacy and non-profit law.

In that case, why not open source your work?

If it's because you're concerned about your code looking bad or amateur, please don't let that be a blocker -- everyone's code is terrible, mine and yours are no exception. :) Better to have it out there.

Great job running this AMA, and for hitting the front page!

I think the best thing you could do for your web site's and mobile app's security is open its source code, so we can all help you find mistakes and fix them. It also forces you to design your system with the expectation that your methods are public record.

To be blunt, any security decisions you make that depend on the code being unavailable for public viewing are going to be bad ones. There are too many automated tools and heuristics for finding and exploiting vulnerabilities for code secrecy to be an effective measure.

Just go for it, and if there are any areas you're worried about, open an issue on Github on the open source repo, talk about it and ask for input. Feel free to cc my Github handle (@konklone) on any ticket to trigger an email in my inbox, and to do the same with anyone else whose input you want.

And on that note, would you consider publishing the source code to some of your older commercial games, like SpaceChem, at some point? I doubt they'd eat into sales much at this point, and could be really interesting for a[n admittedly small but enthusiastic] group of people.