int3.cc

Many people skip the INT3 "About" page and formulate opinions without understanding what is going on here. Please read that to understand why just because a project is "Open Source hardware" doesn't mean it is any more accessible. INT3 is basically an attempt at a "security research hardware CO-OP" with Xipiter providing the "seed funds" for products and using its staff to help out: fulfilling orders and running the backend. 

In computer science, "naming things" is one of the hardest problems. In economics, pricing things is apparently one of the hardest things to do.  We had no idea about this until we experienced it first hand. Most of us don't think about what goes into the price of a thing. This became evident in a heated twitter discussion yesterday after work. Here is a PDF of screencaps taken before one of the other folks blocked.

As we all know, economies of scale are a huge part of manufacturing electronics (i.e. the more you order, the cheaper the per-unit cost). This is a simple concept to grasp. What is less simpler (and obvious) is building your "risk" and other variables into your costs.

Many don't know that the assembly cost of electronics (the human labor to run the pick-and-place robots, flying probe testers, etc.) dwarf the cost of actual components. Some EE folks try to use some basic rules, but it isn't perfect. The bright-side is that if your design remains constant (and you have a good relationship with a factory) this cost decreases and then eventually plateaus.

For the SyncStop (for example) we have FIVE manufacturers in the supply chain. (That's a discussion for another post. The age-old "surprising economics of a pencil" are definitely at play here. And there were lots of small hiccups for such a stupid-simple device. You can get a glean a bit of this in our designer's journal and in some notes we took during one recent mishap. Also, in late 2013 a power-to-ground manufacturing error caused by a incorrect spec sheet cost us ~$9,500. A hard lesson learned.)

Unfortunate things that you can't account for are evident in our designer's journal and some notes we took during one recent mishap.)

So for INT3 we have to place large orders for product (usually between $2.5k and $7.5k worth of product). Let's assume you've gotten past the stage of worrying if a device will be popular enough to sell and you decide to move forward. So as to not be predatory you stick to your "hacker ideals" and price the product so that you break completely even by the final sale (i.e. no profit). Let's deconstruct this:

Even with this model you are in a constant state of deficit until the products sell. You'd probably find that (like us) you begin to dread when stock gets low because it means you have to prepare another chunk of money to pay for restock. Since INT3 is not financially independent this means paying out of pocket. So let's deconstruct further. Some other things become apparent from your first sales:

  1. The last batch of a product took a few months to "break even". So maybe this time you'd like to "break even" sooner.
  2. As a separate issue, perhaps you'd also like to not be in deficit for restocking new orders of that single product and instead (by the end) have the product pay for part (not all) of the restocking of the next batch.
  3. Perhaps you'd also like sales of regular products to finance (in part) creation of new products.

 

 Keep in mind for all of the above you STILL haven't factored in profit or "what you get to take home". Nor have you factored in reimbursement for other things:

  1. Costs of labor for shipping/fulfillment/email responses
  2. Costs of assisting with launch of a new product (coordination with factories, testing, conference calls, etc.)
  3. Any operating costs (FedEx/UPS/USPS accounts, E-commerce charges, Credit Card processors, boxes/packaging, international shipping paperwork, etc.)
  4. Also, all INT3 products are MADE IN AMERICA. That costs extra. We could ship this work overseas. BUT WE DONT! (It's just cheaper to not have certain ethics.) 
  5. You or your staff's time? (How do you quantify that? Have people complete time sheets? If you do time sheets, someone still has to review them and itemize bill rates to quantify cost.) 

 

Let's assume you ignore all of these five points above and instead want to address the first three pricing issues? How would you price a single product? Raw material costs times 1.5? Times two? Times three? 

EVERYTHING has a cost (even taking time to regularly publish financials: I write this because we considered this early on as a way to be "transparent", but our accountant was already at wit's end with tracking INT3 financials, and didn't want to add more work for them). It's not just about the cost of the BOM or even the cost of the labor, tooling, and assembly. There is always more to the story.

This is why pricing things is difficult. There is never a perfect formula. And even if you think you've found one and arrived at a perfect price, it may not be compatible with the perceived utility the purchaser feels they are receiving. Even without including profit (BTW: we don't make profit on anything at INT3, we barely break even) there is never a perfect answer. 

And to further 'do the right thing', INT3 is set up so that all creators/collaborators of a product on INT3 get visibility into all orders, shipments, and financials by logging directly into our e-commerce backend as a vendor. In fact, they're responsible for pricing their own products. In many cases we have to walk through through the above scenarios with them and (in one case) even talk the price down ;-)

At the end of the day, researchers need tools that they can use to quickly get to work. Embedded and hardware security isn't just a hobby, it's a profession. Folks have real operational needs. Real customers, and real deadlines. At the end of the day we still ask ourselves for every product:

"If INT3 didn't exist, and we needed a tool for a project, would we be willing to pay $__.__ for it to show up ready to use?" 

If the answer is "yes", then we usually go ahead.

This idea is after all (if you read the About page) exactly why we started this whole site. 

Written by Stephen Ridley — May 04, 2015

Why pricing things is hard...

Many people skip the INT3 "About" page and formulate opinions without understanding what is going on here. Please read that to understand why just because a project is "Open Source hardware" doesn't mean...

Learn to reverse engineer and exploit mobiles, IoT, and Embedded systems. (Public Trainings Announced)

We've announced our public EU and US trainings for 2015. Sign up today!  

Using the Shikra to Attack Embedded Systems: Getting Started

The blog system on this e-commerce platform is awful. This blogpost has been prettified and moved to Xipiter's main blog here:  http://www.xipiter.com/musings/using-the-shikra-to-attack-embedded-systems-getting-started