[thothamon]

In practice, if something was truly open-source, there'd be nothing to prevent someone who didn't like you from building your app with each new release and putting on a web site for anyone to download for free. You might be the kind of guy who would pay $40 for good software, but a lot of people would get the free version and not pay. This is the eternal conundrum of open source.

Here's a modified idea, perhaps still not good enough but hopefully a step down the path. When you purchase the product, you receive access to the source code for the version that was then-current one year ago. Granted, you are not sure the current code doesn't have malware. But you can be confident, based on the history of the product, that it did not have malware for a long time. (And were you really going to scan the diffs for each release for malware anyway?) You could also allow trusted third-parties under NDA to review all diffs for the current code base and certify that they didn't see anything malicious.

This also ensures that should your company disappear, at the very worst, the user community will have a not-too-old version of the software to fall back on.