Qubes OS to offer commercial editions to raise funds

Qubes OS looking to raise funds to expand development team

Qubes OS, the security-focused operating system that's been praised by Edward Snowden, is to offer commercial editions in order to raise funds.

Up until now the open-source Qubes OS has been largely self-supported by the developers themselves or by grants from the Open Technology Fund.

Writing on the Qubes OS website lead developer Joanna Rutkowska explains the decision.

"In order to continue to deliver on its promise of strong desktop security, Qubes must retain and expand its core team, and this requires substantial funding" she writes.

"At this point, we believe the only realistic way to achieve this is through commercialisation, supplemented by community funding."

Qubes OS provides security by isolation. Based on the hypervisor Xen it supports multiple self-contained virtual machines, which are ‘unaware' of the existence of the others and cannot control the hypervisor layer. Thus it is possible to have a dedicated VM for banking for example, or one for email, or a vault VM for storing passwords and encryption keys that has no connection to the internet. The Whonix Tor distribution is also installed by default.

Another feature is disposable VMs for opening untrusted documents or running software of unknown origin, with no risk of contaminating the wider system. While most VM templates are Linux-based, it is possible to run Windows from within Qubes OS too.

The new commercial editions will be tweaked in collaboration with customers who have special use case in mind.

"Commercial editions of Qubes OS will be customised to meet special corporate requirements," Rutkowska writes.

"For example, two features that might be particularly attractive to corporate customers are (1) ‘locking down' dom0 [the Xen hypervisor admin domain] in order to separate the user and administrator roles and (2) integrating our local management stack with a corporation's remote management infrastructure."

The Qubes OS team plans to pilot the idea with a handful of large corporate partners next year before making it more generally available to smaller businesses.

Qubes OS cannot be networked. It only runs on a single machine and would therefore be most suitable for business people and others with valuable IP such as commercial secrets, particularly when those secrets need to be carried on a laptop through customs, or where espionage is a real threat.

"We're not considering 'Qubes Server Edition' anytime soon," Rutkowska told Computing. "We are, however, considering allowing remote network management of client Qubes machines for the corporate customers."

One money-raising idea that the Qubes team rejected was creating their own laptop.

"There are a number of challenges here, both in terms of making the hardware trustworthy enough to merit our 'seal of approval', and from a business and logistics perspective. For these reasons, we don't plan to pursue this option in the immediate future."

Rutkowska has previously pointed out that it is difficult to trust commonly used hardware such as processors and controllers because much of their workings are impenetrable, arguing for more efforts to be put into open source hardware. However, Qubes OS is already available on security enhanced laptops from the vendor Purism.

In spite of the push for commercialisation, Rutkowska says Qubes OS will remain open source.

"In the event that any corporate features require reworking the core Qubes code, that new code will remain open source," she writes.

Qubes OS has also launched a fundraising drive through Open Collective.