Qubes OS is well-known in the security community, but can you build a business around it? In this talk, I share my perspective on seven practical opportunities for monetising Qubes OS —- from consulting and training to maintaining and providing the software.
While Qubes OS itself is open source, there are real ways to create value around it—but that’s only half the story.
The other half is regulation. With the EU Cyber Resilience Act (CRA) coming into force, even small developers face new obligations when distributing software in the European market. The discussion will explore this throughs and a concrete example: a Qubes-compatible backup tool. We’ll look at how such a tool fits CRA definitions, what compliance requires (secure development, vulnerability handling, CE marking), and how developers can meet these obligations with minimal overhead.
This talk aims to spark discussion on turning open-source security work into sustainable practice—while staying compliant in an increasingly regulated digital landscape.