When open source is done right, the sky's the limit

We built Mattermost for ourselves — we were originally a video game company, and we were frustrated with the SaaS messaging platform that we were using, which was failing. It was bought by a larger company and was somewhat neglected. It would crash, it would lose data, and we couldn’t use it. We couldn’t export our data and felt trapped. So we decided to solve our own problem and built an open source messaging platform for ourselves that we could trust. We could trust it because we had the source code and we ran it ourselves.

When we released it, we didn’t say “here’s a platform that can do a million different things.” It was just focused on our own use case–a messaging platform we could fully control and trust– but we welcomed feedback from the community, and it grew from there.

The market seems to have moved to open core as the defacto approach to building a commercial open source business. HashiCorp and GitLab are some examples of the model working really well. 

The key is to have the open source and commercial editions clearly intended for different audiences and different use cases.

When you get the balance right, you have one group of users driving adoption of open source getting a lot of value - in our case developers wanting to collaborate more productively - with a second group with different priorities purchasing the commercial version--in our case managers and IT administrators in enterprises wanting sophisticated tools to control and administer their end user communities at scale, who are getting so much value from the offering. 

With open core done correctly you deliver value and earn the trust of the customer with your open source offerings that when it’s time to buy the commercial pieces, it’s a straightforward decision that’s often made before they even talk to us.

There’s three key pillars that differentiate us in the market. 

The first is trust, and the ability for customers to read our entire code base, understand our quality and security processes and assurances, and find word-of-mouth assurances of our product success in some of the most security, mission critical organizations in the world.

This also includes data security and sovereignty with the ability to choose between self-hosting or using Mattermost’s SaaS service. Mattermost wants to give customers control and choice over the stewardship of their data. 

The second is developer-centricity, and having a collaboration platform that is authentic to software builders, with layered extensibility from a wide array of end user customization options, a powerful plug-in framework capable of adapting the user experience to the needs of power users, and full access to the system source code. 

The third is having a truly open platform with innovation downstream and upstream. More than ever enterprise CIOs want to have visibility and influence over the future of their collaboration tools. Not only can customers see what new features and improvements are coming through Mattermost’s open source codebase, they can even contribute code to their own platform to accelerate the roadmap.

We’re a highly customer-focused company, and growing our customer success leadership and teams was vitally important during a period of rapid change. 

Many of our customers work in high security environments and they have challenges that are both unique to their segment and confidential, such as urgently needing to address compliance requirements for sharing classified data when they can’t access the physical environments where the conversations have typically happened.

Our customer success organization has played a pivotal role in supporting solution sharing among customers, providing opt-in customer roundtables and working with professionals who choose to contribute what they’ve learned to the broader community through anonymous attribution in articles and blog posts.

As a concrete example, we had one customer anonymously share about how they moved to a zero-trust mobility architecture with Mattermost during the pandemic, and how they did it was really smart and simple, and a game-changer for highly regulated companies as an alternative to more traditional mobile-VPN solutions that can be both complicated to deploy and battery draining for the end user’s mobile device.

We have extensive processes around security review, responsibility disclosure policy, security patching protocols, and 3rd party security review and penetration testing to continually ensure we earn trust from our communities and customers. 

We participate in responsibility in the global security community and have been recognized broadly for our contributions. As one example, in 2020 we discovered three material vulnerabilities in the Golang programming language that would expose downstream applications to SAML authentication bypass, and worked with Google, downstream libraries and key downstream applications to responsibly disclose the issue and mitigate its resolution.

Moreover, we’ve joined Red Hat, GitHub, Google and 130 of the world’s leading security organizations to be authorized as a Common Vulnerabilities and Exposures Numbering Authority (CNA).

I’m quite proud of hashtags in Mattermost. They work similar to Twitter to bring up all posts containing the same hashtag.

We have a weekly meeting called Customer Obsession Meeting or “COM” for short. There’s a lot of logistics and prep for it and we use the #COM hashtag to get a quick summary of all the recent conversations on the topic in one click--where the deck is, what questions came in from the last survey, any last minute additions, etc. It’s really invaluable to track conversations across channels.

It’s hard to go back once you start using it.

We’ve been a very customer and product-focused company and have lagged in marketing and awareness relative to other companies with our scale of usage and customers. 

We’re addressing that with an amazing marketing leader who started this year, who is rapidly scaling a team so you should be hearing a lot more from Mattermost soon.

We’re working on a new way to thread conversations within a channel that I’m excited about. Years ago, we actually shipped a way to reply to messages in a channel almost a year before Slack shipped their version which was nearly identical. Slack’s iterated a few times since then and are a bit ahead now, but we’re about to release our latest version and excited to see it land. Changes to threading and the core messaging functionality is a big deal because it affects so many people, but based on early usage we think our community will respond well to our next iteration. 

We are in the early days of remote work. The potential for collaboration and productivity is enormously high, and we are excited to see organizations start to take more scalable approaches to support a distributed employee base. As company postures change and collaboration workflows become mission-critical, it is vital to prioritize transparency. The goal of replacing band-aid solutions with longer-term strategies is, ultimately, to ensure ongoing transparency for the entire organization. We have been a fully remote company from day one, and I hope our experiences can support and inspire the next generation of fully remote and remote-friendly companies.