Meta pixel

💭 Why this way?

At Fleet, we rarely label ideas as drafts or theories. Everything is always in draft and subject to change in future iterations.

To increase clarity and encourage teams to make decisions quickly, leaders and DRIs sometimes need to explicitly mention when they are voicing an opinion or a decision. When an opinion is voiced, there's space for near-term debate. When a decision is voiced, team commitment is required.

Any past decision is open to questioning in a future iteration, as long as you act in accordance with it until it is changed. When you want to reopen a conversation about a past decision, communicate with the DRI (directly responsible individual) who can change the decision instead of someone who can't. Show your argument is informed by previous conversations, and assume the original decision was made with the best intent.

Here are some of Fleet's decisions about the best way to work, and the reasoning for them.


Why open source?

Fleet's source code, website, documentation, company handbook, and internal tools are public and accessible to everyone, including engineers, executives, and end users. (Even paid features are source-available.)

Meanwhile, the company behind Fleet is built on the open-core business model. Openness is one of our core values, and everything we do is public by default. Even the company handbook is open to the world.

Is open-source collaboration all that? Is it any good?

Here are some of the reasons we build in the open:

  • Transparency. You are not dealing with a black box. Anyone can read the code and confirm it does what it's supposed to. When it comes to security and device management, great power should come with great openness.
  • Modifiability. You are not stuck. Anybody can make changes to the code at any time. Plugins and configuration settings you need may already exist. If not, you can add them.
  • Community. You are not alone. Open source contributors are real people who love solving real problems and sharing solutions. All bugs and feature requests are public. You can search and weigh in on any of them with your GitHub account, or in Slack.
  • Less waste. You are not redundant. Contributing back to open source benefits everybody: Instead of other organizations and individuals wasting time rediscovering bug fixes and reinventing the same new features in a vacuum, everybody can just upgrade.
  • Perspective. You are not siloed. Anyone can contribute. That means startups, enterprises, and humans all over the world push fixes, add features, and influence the roadmap. Instead of waiting months to discover rare edge cases, or last-minute gaps in "enterprise-readiness", or how that cool new unsupported networking protocol your CISO wants to use isn't supported yet, you get to take advantage of the investment from the last contributor who had the same problem.
  • Sustainability. You are not the only contributor. Open-source software is public and highly visible. Projects like osquery and Fleet have an incentive to be proactive about code reviews, semantic versioning, release notes, vulnerabilities, documentation, and other secure development best practices. For example, anybody in the community can suggest and review changes, but only maintainers with appropriate subject matter expertise can merge them.
  • Accessibility. You are smart and cool enough. Open source isn't just the Free Software movement anymore. Today, there are many other reasons to contribute and opportunities to contribute, even if you don't yet know how to write code. (For example, try clicking "Edit this page" to make an improvement to this page of Fleet's handbook.)
  • More timeless. You are not doomed to disappear forever when you change jobs. Why should your code? In most jobs, most of the work you do becomes inaccessible when you quit. But open source is forever.

Why handbook-first strategy?

The Fleet handbook provides team members with up-to-date information about how to do things in the company.

At Fleet, we make changes to the handbook first. That means, before any change to how we run the business is "live" or "official", it is first changed in the relevant handbook pages and issue templates.

Making changes to the handbook first encourages a culture of self-reliance, which is essential for daily asynchronous work as part of an all-remote team. It keeps everyone in sync across the all-remote team in different timezones, avoids miscommunications, and ensures the right people have reviewed every change.

An icon indicating that this section has important information

The Fleet handbook is inspired by the GitLab team handbook. It shares the same advantages and will probably undergo a similar evolution.

To contribute to the handbook, click "Edit this page" and make your edits in Markdown.

Why read documentation?

There are three reasons for visiting the docs:

  • Tire-kicking: "I think this is cool, now is it something that I could ACTUALLY use? Does it ACTUALLY work? What all's in it? What links can I share with my colleagues to help them see what I'm seeing?"
  • Committed learning: "I've decided to learn this. I need a curriculum to get me there; with content that makes it as easy as possible, surface-level as possible. I want to learn how Fleet works and how to do all the things."
  • Quick reference: "Is this thing broken or am I using it right? How do I use this?" Whether they just stumbled in from a search engine, an on-site search, or through the Fleet website navigation, visitors interested in quick reference are interested in getting to the correct answer quickly. Quick referencers search for REST API pages, the config surface of the Fleet server, agent options, how to build YAML for fleetctl apply, the built-in MDM profiles, the table schema, the built-in queries, reference architectures and cost calculators for deploying your own Fleet instance.
An icon indicating that this section has important information

Currently, Fleet only adds new "Quick reference" content to the docs. New "Committed learning" docs should be written as articles. Why? The docs surface area is large and Fleet iterates on features more quickly than we can update extensive how-tos. We've learned that users are more forgiving when articles are out-of-date. But, reference documentation always needs to be correct.

Everyone can contribute to Fleet's documentation. Here are a few principles to keep in mind:

  • 🚪 Start simple. It's easier to learn when you aren't overwhelmed. Good documentation pages and sections start prescriptive, brief, and clear; ideally with a short example. You can always hedge and caveat further down the page. This makes the docs more accessible and outsider-friendly. For example, notice how this page gets more complicated as you scroll down, or how both of these sections start simple, with caveats pushed down to the end.
  • 🪟 Write it once. Deduplicate content more than you think you need to. Use links instead. Decorate relevant bits of text, don’t put full URLs. Think of SEO: the link text matters.
  • 🚪 Don’t break links. Whenever practical, maintain a path to documentation. Even if it's an outdated rough draft.
  • 🔌 Document the rough bits. Just do it at the bottom of the page/section so that most people can skip over it, but the quick referencer who really needs it can find it. Docs are the requirements. If it doesn’t work as documented, it’s a bug.
  • 🪟 Some people read the docs as text on GitHub. It’s a small audience and we can’t afford to optimize for this use case. But it’s worth remembering. For example, someone from Iran needed help from Mike in 2013 to access content from unencrypted when https:// was banned in her country.

Why the emphasis on training?

Investing in people and providing generous, prioritized training, especially up front, helps contributors understand what is going on at Fleet. By making training a prerequisite at Fleet, we can:

  • help team members feel confident in the better decisions they make at work.
  • create a culture of helping others, which results in team members feeling more comfortable even if they aren’t familiar with the osquery, security, startup, or IT space.

Here are a few examples of how Fleet prioritizes training:

  • the first 3 days at the company for every new team member are reserved for working on the tasks and training in their onboarding issue.
  • during the first 2 weeks at the company, every new fleetie joins a daily 1:1 meeting with their manager to check in and see how they're doing, and if they have any questions or blockers. If the manager is not available for this meeting, the CEO (pending availability) or the Head of Business Operations will join this short daily meeting with them instead.
  • In their first few days, every new fleetie joins:
    • hands-on contributor experience training session with the Head of Business Operations where they share their screen, check the configuration of their tools, complete any remaining setup, and discuss best practices.
    • a short sightseeing tour with the Head of Business Operations and (pending availability) Fleet's CEO to show them around and welcome them to the company.

Why direct responsibility?

Like Apple and GitLab, Fleet uses the concept of directly responsible individuals (DRIs) to know who is responsible for what.

DRIs help us collaborate efficiently by knowing exactly who is responsible and can make decisions about the work they're doing. This saves time by eliminating a requirement for consensus decisions or political presenteeism, enables faster decision-making, and ensures a single individual is aware of what to do next.

  • What is a DRI?: A DRI is a person who is singularly responsible for a given aspect of the open-source project, the product, or the company. A DRI is responsible for making decisions, accomplishing goals, and getting any resources necessary to make a given area of Fleet successful. For example, every department maintains its own dedicated handbook page which is kept up to date with accurate, current information, including the group's kanban board, Slack channels, and recurring tasks ("rituals").
  • Change control: In keeping with Fleet's handbook-first philosophy and value of writing things down, changes are always approved by the DRI first, before they become real. Fleet aims to make picking the right reviewer for your change as easy and automatic as possible.
  • Picking a reviewer: In most cases, you won't need to select a particular reviewer for your pull request. (It will just happen automatically.) Automatic PR review requests are driven by a combination of custom repo automation and CODEOWNERS files. When in doubt, refer to the roles in the company's cross-functional product groups, and (to a lesser degree) the job titles and reporting structure indicated by the company's organizational chart.
  • "Maintained by" photo: For handbook pages and articles, the "Maintained by" photo displayed on the website corresponds with the name="maintainedBy" tags at the very bottom of the raw markdown source for each page. This photo should match the DRI who is auto-requested to approve changes. (It is determined by the person's GitHub profile picture.)
  • Multiple maintainers: In some cases, multiple subject-matter experts called "maintainers" can merge changes to certain file paths, even though there is already a dedicated DRI configured as the "CODEOWNER". For examples of this, see the auto-approval flows configured as sails.config.custom.githubRepoMaintainersByPath and related configuration in website/config/custom.js.

Why do we use a wireframe-first approach?

Wireframing (usually as part of what Fleet calls "drafting") provides a clear overview of page layout, information architecture, user flow, and functionality. The wireframe-first approach extends beyond what users see on their screens. Wireframe-first is also excellent for drafting APIs, config settings, CLI options, and even business processes.

It's design thinking, applied to software development.

Here's why Fleet uses a wireframe-first approach:

  • We create a wireframe for every change we make and favor small, iterative changes to deliver value quickly.
  • We can think through the functionality and user experience more deeply by wireframing before committing any code. As a result, our coding decisions are clearer, and our code is cleaner and easier to maintain.
  • Content hierarchy, messaging, error states, interactions, URLs, API parameters, and API response data are all considered during the wireframing process (often with several rounds of review). This initial quality assurance means engineers can focus on their code and confidently catch any potential edge-cases or issues along the way.
  • Wireframing is accessible to people who understand our users but are not necessarily code-literate. So anyone can contribute a suggestion (at any level of fidelity). At the very least, you'll need a napkin and a pen, although we prefer to use Figma.
  • Wireframes can be shown to customers and other users in the community for feedback.
  • Designing from the "outside, in" gives us the opportunity to obsess over details in the interaction design. An undefined "what" exposes the results to the chaos of unplanned extra work and context shifting for engineers. This way, every engineer doesn't have to personally spend the time to get and stay up to speed with:
    • the latest reactions from users
    • all of the motivations and discussions from the previous rounds of wireframe revisions that were thrown away
    • how the UI has evolved in previous releases to better serve the people using and building it
  • Wireframing is important for both maintaining the quality of our work and outlining what work needs to be done.
  • With Figma, thanks to its powerful component and auto-layout features, we can create high-fidelity wireframes - fast. We can iterate quickly without costing more work and less sunk-cost fallacy.
  • But wireframes don't have to be high fidelity. It is OK to communicate ideas for changes using ugly, marked-up screenshots, a photo of a piece of paper. Fleet's drafting process helps turn these rough wireframes into product changes that can be implemented quickly with minimal UX and technical debt.
  • Wireframes created to describe individual changes are disposable and may have slight stylistic inconsistencies. Fleet's user interface styleguide in Figma is the source of truth for overarching design decisions like spacing, typography, and colors.
  • While the "wireframe first" practice is still sometimes misunderstood, today many modern high-performing teams now use a wireframe-first methodology, including startups and publicly-traded companies.

Why do we use one repo?

At Fleet, we keep everything in one repo (fleetdm/fleet). Here's why:

  • One repo is easier to manage. It has less surface area for keeping content up to date and reduces the risk of things getting lost and forgotten.
  • Our work is more visible and accessible to the community when all project pieces are available in one repo.
  • One repo pools GitHub stars and more accurately reflects Fleet’s presence.
  • One repo means one set of automations and labels to manage, resulting in a consistent GitHub experience that is easier to keep organized.

The only exceptions are:

  1. Other open-source projects: When we contribute to open-source projects owned by other people and organizations, we contribute to those outside repositories. For example, Fleet contributes to osquery, Sails.js, and other open-source projects.
  2. Non-public matters: Since GitHub does not allow non-public issues inside public repos, we have to use separate repositories to track non-public issues. Sometimes it is also useful to contribute files to a non-public repository, such as when they mention customer relationships that are under non-disclosure agreements. When we work on something non-public, we contribute to the repository with the appropriate level of confidentiality:
  3. GitHub Actions: Since GitHub requires GitHub Actions to live in dedicated repositories in order to submit them to the marketplace, Fleet uses a separate repo for publishing GitHub Actions designed for other people to deploy and use (and/or fork).
  4. Software vulnerabilities: Since GitHub only allows one latest release per repository, we currently maintain two repositories to host our CVE/CPE database releases:

Besides the exceptions above, Fleet does not use any other repositories. Other GitHub repositories in fleetdm should be archived and made private.

An icon indicating that this section has important information

Tip: Did you know that you can search through issues from all public and non-public Fleet repos at the same time?

Tip: In addition to the built-in search available for the public handbook on, you can also search any public AND non-public content, including issue templates, at the same time.

Why not continuously generate REST API reference docs from javadoc-style code comments?

Here are a few of the drawbacks that we have experienced when generating docs via tools like Swagger or OpenAPI, and some of the advantages of doing it by hand with Markdown.

  • Markdown gives us more control over how the docs are compiled, what annotations we can include, and how we present the information to the end-user.
  • Markdown is more accessible. Anyone can edit Fleet's docs directly from our website without needing coding experience.
  • A single Markdown file reduces the amount of surface area to manage that comes from spreading code comments across multiple files throughout the codebase. (see "Why do we use one repo?").
  • Autogenerated docs can become just as outdated as handmade docs, except since they are siloed, they require more skills to edit.
  • When docs live at separate repo paths from source code, we are able to automate approval processes that allow contributors to make small improvements and notes, directly from the website. This leads to more contributions, since it lowers the barrier of entry for becoming a contributor.
  • Autogenerated docs are typically hosted on a subdomain. This means we have less control over a user's journey through our website and lose the SEO benefits of self-hosted documentation.
  • Autogenerating docs from code comments is not always the best way to make sure reference docs accurately reflect the API.
  • As the Fleet REST API, documentation, and tools mature, a more declarative format such as OpenAPI might become the source of truth, but only after investing in a format and processes to make it continually accurate as well as visible, accessible, and modifiable for all contributors.

Why group Slack channels?

Groups (g-*) are organized around goals. Connecting people with the same goals helps them produce better results by fostering freer communication. Some groups align with teams in the org chart. Other groups, such as product groups, are cross-functional, with some group members who do not report to the same manager.

Every group at Fleet maintains their own Slack channel, which all group members join and keep unmuted. Everyone else at Fleet is encouraged to mute these channels, using them only as needed. Each channel has a directly responsible individual responsible for keeping up with all new messages, even if they aren't explicitly mentioned (@).

Why make work visible?

Work is tracked in GitHub issues.

Every department organizes their work into team-based kanban boards. This provides a consistent framework for how every team works, plans, and requests things from each other.

  1. Intake: Give people from anywhere in the world the ability to request something from a particular team, and give that team the ability to see and respond quickly to new requests.
  2. Planning: Give the team's manager and other team members a way to plan the next three-week iteration of what the team is working on. Provide a world (the kanban board) where the team has clarity, and the appropriate DRI can confidently prioritize and plan changes with enough context to make the right decisions.
  3. Shared to-do list: What should I work on next? Who needs help? What important work is blocked? Is that bug fix merged yet? When will it be released? When will that new feature ship? What did I do yesterday?

Why agile?

Releasing software 🟢iteratively gets changes and improvements into the hands of users faster and generally results in 🔵software that works. This makes contributors fitter, happier, and more productive.

We apply the twelve principles of agile to Fleet's development process:

  1. Our highest priority is to 🔴satisfy the customer through early and continuous delivery of valuable software.
  2. Welcome changing requirements, even late in development. Agile processes harness change for the customer's competitive advantage.
  3. Deliver working software frequently, from a couple of weeks to a couple of months, with a preference to the shorter timescale.
  4. Business people and developers must work together daily throughout the project.
  5. Build projects around motivated individuals. Give them the environment and support they need, and trust them to get the job done.
  6. The most efficient and effective method of conveying information to and within a development team is face-to-face conversation.
  7. Working software is the primary measure of progress.
  8. Agile processes promote sustainable development. The sponsors, developers, and users should be able to maintain a constant pace indefinitely.
  9. Continuous attention to technical excellence and good design enhances agility.
  10. Simplicity--the art of maximizing the amount of work not done--is essential.
  11. The best architectures, requirements, and designs emerge from self-organizing teams with an effective process.
  12. At regular intervals, the team reflects on how to become more effective, then tunes and adjusts its behavior accordingly.

Why scrum?

Scrum is an agile framework for software development that helps teams deliver high quality software faster. It emphasizes teamwork, collaboration, and continuous improvement to achieve business objectives. Here are some of the key reasons why we use scrum at Fleet):

  • Improved collaboration and communication: Scrum emphasizes teamwork and collaboration, which leads to better communication between team members and stakeholders. This helps ensure that everyone is aligned and working towards the same goals.
  • Flexibility and adaptability: Scrum allows teams to respond quickly to changing requirements and market conditions. By working in short sprints, teams can continuously adapt to new information and feedback, and adjust their approach as needed.
  • Continuous improvement: Scrum encourages teams to reflect on their processes and identify areas for improvement. The regular sprint retrospective meetings provide a forum for the team to discuss what went well and what could be improved, and to make changes to their processes accordingly.
  • Faster delivery of working software: Scrum helps teams deliver working software faster by breaking down the development process into manageable chunks that can be completed within a sprint. Stakeholders can see progress and provide feedback more quickly, which helps ensure the final product meets their needs.
  • Higher quality software: Scrum includes regular testing and quality assurance activities, which help ensure that the software being developed is of high quality and meets the required standards.

Why lean software development?

Lean software development is an iterative and incremental approach to software development that aims to eliminate waste and deliver value to customers quickly. It is based on the principles of lean manufacturing and emphasizes continuous improvement, collaboration, and customer focus.

Lean development can be summarized by its seven principles:

  1. Eliminate waste: Eliminate anything that doesn't add value to the customer, such as unnecessary features, extra processing, and waiting times.
  2. Amplify learning: Share knowledge and expertise across the team to continuously improve the process and increase efficiency.
  3. Decide as late as possible: Defer major decisions and commitments until the last possible moment to enable more informed and optimal decisions.
  4. Deliver as fast as possible: Deliver value to customers as quickly as possible to ensure their needs are met and to receive feedback for continuous improvement.
  5. Empower the team: Respect and empower the team, including customers, stakeholders, and developers, by providing a supportive environment and clear communication.
  6. Build integrity in: Build quality into the software by continuously testing, reviewing, and improving the code throughout the development process.
  7. Optimize the whole: Optimize the entire process and focus on the system's overall performance rather than just individual parts to ensure the most efficient and effective use of resources.

Why a three-week cadence?

The Fleet product is released every three weeks. By syncing the whole company to this schedule, we can:

  • Keep all team members (especially those who aren't directly involved with the core product) aware of the current version of Fleet and when the next release is shipping.
  • Align project planning and milestones across all teams, which helps us schedule our content calendar and manage company-wide goals.

Why spend so much energy responding to every potential production incident?

At Fleet, every 5xx response, timed-out request, and failed scheduled job is a P1 outage.

As soon as the outage is detected in any production environment (including, hosted customer environments, TUF, and others), we create an outage issue immediately: before we know for sure whether any real users are affected, and even before we know what the error message says.

Then, we determine impact quickly. We take a close look right away, even if we think it might not matter. If there is any chance of it affecting even one user, we keep digging. We reach out to affected users to acknowledge their problem, provide them with a workaround or some other way to make their day less painful.

Finally, we determine the root cause, and we make sure a resolution for it is filed as a bug, with attention from the appropriate contributors. Then, we close the issue.

Why bother with all that? And why do it in this particular order?

  • Avoids slip-ups. When every outage is visible, information about production problems flows more freely. It is harder to accidentally overlook a production issue, or accidentally deprioritize a major issue. You never know whether an error like this is a real issue until you take a close look. Even if you think it probably isn't.
  • Faster diagnosis. Prioritizing outages gets everyone on the same page about exactly what errors are happening as soon as possible, and gets subject matter experts involved faster.
  • Helps us measure. When outage issues are created as soon as the outage occured, the time of issue creation and closing give us useful metrics about the outage, with minimal extra effort.
  • Better customer experience. Understanding the impact of every production issue means we can reach out to affected users ASAP and acknowledge their challenge, showing them that Fleet takes quality and stability seriously. This kind of customer support is rare and memorable.
  • It helps us prevent future outages. By finding outages sooner, we incentivize ourselves to fix the root cause sooner. And by fixing bugs sooner, we prevent them from stacking and bleeding into one another, and we prevent ourselves from implementing future fixes and improvements on top of shaky foundations. This makes contributions less risky and reduces the number of outages.

Why make it obvious when stuff breaks?

At Fleet, we detect and fix bugs as quickly as possible.

Breaking loudly means we can fix the break sooner and improve how fast and certain we are about making future changes. Especially in an all-remote environment, this provides contributors with discipline around quality and stability of the main branch. This is "good annoying".

When contributing to Fleet, for every PR, the person submitting the PR tests it by hand before it is merged, regardless who else tested it, or who else reviewed the code. Thanks to this, we should normally never end up in a situation where a merged PR causes a broken contributor experience, because the person submitting it would have experienced that broken contributor experience when testing.

If that happens by mistake, first priority is merging a fix, then notifying the contributor who made the mistake so they're aware for future changes. (This is not about blame; it's about clarity.) We always prioritize fixing bugs, because bugs are the best early sign of misunderstandings, stale assumptions, and impactful coding mistakes that can fundamentally damage Fleet's long-term development speed, contributor experience, and code base complexity.

An icon indicating that this section has important information

Here is an example of a deliberate decision to make broken images in Fleet fail more loudly so that they can't be overlooked, even though this might slow down short-term development.

Why keep issue templates simple?

At Fleet, we optimize for the person submitting the issue, not the person receiving it.

We avoid making the submitter read anything. We prompt for as little information as possible. Why?

  • When someone is submitting an issue, they are usually in a hurry. They might not even work here. Even short issue templates can cause confusion, lead to mistakes, and discourage future submissions.
  • The person receiving an issue has more context, and so will have an easier time filling in the gaps and, if necessary, following up to better understand.
  • This encourages everyone to contribute, and keep contributing.

For example, here is the philosophy behind Fleet's bug report template.

Why spend less?

  • Default to efficiency. Reward richly. At Fleet, we celebrate success and reward hard work. But we do everyday things cheap. And that is very important, because it shapes the kind of people we hire, and the kind of expectations we set for the team about what "comfortable" feels like.
  • Offsites are not rewards. Day to day, Fleet does not look rich. Rich !== welcoming. The company is open, not closed. Work here means flexible collaboration, accessible people, and clear expectations. And a rich, exciting future worth working for. Not a rich, complacent baseline worth coasting for.
  • Minimally viable comfort. We stay at La Quintas by the train tracks every single time unless customers are coming into the room and we need more space. Even then, we accommodate in the spirit of hospitality, not to show off how well Fleet is doing. They'll know how well we're doing by how great the product is, how great the support is, and how that makes them feel. They'll remember openness, flexibility, accessibility, and clarity in all of their interactions with the brand. Not the view from our hotel rooms.
  • Everyday efficiency. Fleet isn't the place you work for the everyday amenities. Like Southwest Airlines, Fleet is egalitarian and outsider-friendly. We lift people up, but we remember where we came from. The company is efficient and friendly, more than it is polished or formal. Never show off. Look smart and real. Make Fleet look easy and welcoming, never slick. And rarely fancy.

Why don't we sell like everyone else?

Many companies encourage salespeople to "spray and pray" email blasts, and to do whatever it takes to close deals. This can sometimes be temporarily effective. But Fleet takes a 🟠longer-term approach:

  • No spam. Fleet is deliberate and thoughtful in the way we do outreach, whether that's for community-building, education, or 🧊 conversation-starting.
  • Be a helper. We focus on 🔴being helpers. Always be depositing value. This is how we create a virtuous cycle. (That doesn't mean sharing a random article; it means genuinely hearing, doing whatever it takes to fully understand, and offering only advice or links that we would actually want.) We are genuinely curious and desperate to help, because creating real value for people is the way we win.
  • Engineers first. We always talk to engineers first, and learn how it's going. Security and IT engineers are the people closest to the work, and the people best positioned to know what their organizations need.
  • Fewer words. Fewer pings. People are busy. We don't waste their time. Avoid dumping work on prospect's plates at all costs. Light touches, no asks. Every notification from Fleet is a ping they have to deal with. We don't overload people with words and links. We 🟢keep things simple and write briefly.
  • Community-first. We go to conferences. We write docs. We are participants, not sponsors. We don't write spammy articles and landing pages. We want people who choose Fleet to be successful, whether they are paying customers or not. We are not pushy. We are only as commercial as we have to be to help people out.
  • Be genuine. No puffery. No impressive-sounding words. We are 🟣open and outsider friendly. We expand acronyms, and insist on using simple language that lets everyone understand and contribute. We help the people we work with grow in their careers and learn from each other. We are sincere, curious, and 🔵fair to competitors.
  • Step up. We look at the 🟠big picture. The goal is for the organization using Fleet to be successful, as well as the individuals who decide to use or buy the product. There are multiple versions of Fleet, and so many ways to "do" open-source security and IT. It is in the company's best interest to help engineers pick the right one; even if that's Fleet Free, or another solution altogether. We think about our customer's needs like they are our own.

Why don't we track leads differently?

There are about as many "MQL" definitions as there are sales orgs in the world. Exaggerating here, but only somewhat.

Fleet documents all KPI's with clear definitions that are simple to evaluate, easy to track, and highly iterable.

  • Lead == A "Lead" row in Salesforce.

  • MQL == a human from an in-ICP organization that meets these parameters when the lead is created:

    • Their organization is not already a Fleet customer
    • Their organization is not already considering buying Fleet as part of a qualified, mutually beneficial opportunity
    • Our friend, the human, has chosen to open or widen their line of communication with the company. This could come from an event or or sending a contact form message requesting a call.
      • Attendees at events are considered MQLs if they have done any of the following:
        • Had a 5+ minute conversation or a badge scan at a physical event.
        • RSVPed yes to extracurricular in-person side event (e.g. dinner or activity) OR attended the in-person side event and a Fleetie was able to track their attendance.
        • RSVPed yes to a virtual event OR indicated intent by sending a follow-up email.
    • Multiple people from the same org each count as separate MQLs.
    • When an account converts to an opportunity, all subsequent new leads created for that account are NOT MQLs (i.e. do not count towards "MQLs created".). If an opportunity is marked "closed lost", then it is no longer open, so subsequent new leads associated with the prospective customer are considered MQLs again.
  • Open MQL == An MQL whose lead status is neither "disqualified" nor "converted".

  • SQL == An MQL whose lead status in Salesforce has exceeded a certain threshold, for any reason, from any source (threshold TBD: we aren't reporting these yet in KPIs)

  • Lead source == where a lead came from. To determine attribution, we will consider the lead source. (e.g. sales-sourced vs. marketing-sourced vs. misc-sourced leads can be determined by looking at the lead source. No need to establish any other *QL or change these.)

    • Instead of saying "outbound lead" or "inbound lead", you can say "a lead from a badge scan at an event" or "a lead from a customer referral" or "a lead from the website".
  • Opportunity == A "Opportunity" row in Salesforce.

  • Open opportunity == An opportunity whose stats is not "closed lost" nor "closed won".

Why does Fleet support query packs?

As originally envisioned by Zach Wasserman and the team when creating osquery, packs are a way to import and export queries into (and out of!) any platform that speaks osquery, whether that's Fleet, Security Onion, an EDR, or even Rapid7. Queries should be portable to minimize lock-in to particular tools.

The "Packs" section of the UI that began in kolide/fleet c. 2017 was an early attempt to segment and target formations of hosts that share certain characteristics. This came with some difficulties with debugging and collaboration, since it could be hard to tell which queries were running on which hosts. It also made it harder to understand what performance impact running all those queries might cause.

Eventually, when working on some related improvements, it became clear that Fleet needed a better way to organize hosts, controls, reports, and configuration that wasn't tied exclusively to data collection in Splunk. It was time to learn from the original design and come up with a smarter way to group hosts.

The first step was to add a simpler way to schedule queries, and tuck away the legacy feature called "Packs", so that "packs" refer to what they were originally: a portable way to import and export queries.

Packs will always be supported in Fleet.

Why does Fleet use sentence case?

Fleet uses sentence case capitalization for all headings, subheadings, button text in the Fleet product,, the documentation, the handbook, marketing material, direct emails, in Slack, and in every other conceivable situation.

In sentence case, we write and capitalize words as if they were in sentences:

An icon indicating that this section has important information

Ask questions about your servers, containers, and laptops running Linux, Windows, and macOS

As we use sentence case, only the first word is capitalized. But, if a word would normally be capitalized in the sentence (e.g., a proper noun, an acronym, or a stylization) it should remain capitalized. User roles (e.g., "observer" or "maintainer") and features (e.g. "automations") in the Fleet product aren't treated as proper nouns and shouldn't be capitalized.

The reason for sentence case at Fleet is that everyone capitalizes differently in English, and capitalization conventions have not been taught very consistently in schools. Sentence case simplifies capitalization rules so that contributors can deliver more natural, even-looking content with a voice that feels similar no matter where you're reading it.

Why not use superlatives?

A superlative is an adjective or adverb that expresses the degree of a quality, such as "best," "worst," or "most beautiful."

A superlative is a judgment or evaluation, which only the customer can decide.


Avoid using too many unnecessary words or superlatives, so your writing is shorter and easier to understand.


There exists an exceptionally significant rationale that unequivocally warrants refraining from the utilization of an exceptionally vast multitude of gratuitous, superfluous, surplus verbiage, or excessive superlatives when one is tasked with the composition of official documentation that is destined for perusal and comprehension by our distinguished and highly regarded clientele. When the writer in question opts to employ an excessively copious quantity, or even a modicum of superfluous verbiage that, in truth, does not contribute substantively to the essence and signification of the text, it invariably leads to an undue lengthening of the document and an exponentially augmented level of complexity in terms of comprehensibility.

Why does Fleet use "MDM on/off" instead of "MDM enrolled/unenrolled"?

MDM should be a capability, not a product category.

In Fleet, the word "enrolled" means "the host shows up in the dashboard and API".

When some tools like Workspace ONE say a host is "enrolled", they mean that data is being collected and enforcement features are activated on that host.

Since Fleet is more than MDM, you can collect logs and health data on any computer. You can also enforce OS settings on any computer. But you don't have to enable both: for example, you can build an installer that only collects data, without enabling enforcement features like MDM protocol support and script execution.

That means you can collect logs from Linux servers or Windows factory workstations without enabling remote script execution on those computers, even if you're using script execution on your Macs.

Why not mention the CEO in Slack threads?

Everyone else who works at Fleet is expected to read (and reply or acknowledge with an emoji reaction) every time they're mentioned in Slack, even deep inside long threads.

Now that the company has grown, the CEO gets mentioned in threads too often to keep up with thread replies, even for threads he participates in.

From Mike:

Staying on top of your Slack mentions (including in threads!) is very important. Please use them. But now that the company has grown, in my role as CEO, I get mentioned in Slack very often.

I held on as long as I could. But due to volume, in late 2022, I made the decision to no longer read Slack threads where I am mentioned.

What do I still read?

  • If you mention me in a top-level channel message, I'll see and read it in 1 business day.
  • If you send me a direct message, I'll see and read that ASAP.

Keep in mind I am often in meetings all day, and may not be able to reply promptly.

When in doubt, you can look at my calendar and join whatever meeting I'm in. If none of that works, and there is an emergency where you need my immediate attention, get help from Sam Pfluger. Thank you so much!" 🙇


The following stubs are included only so that old links continue to work (for backwards compatibility.)

Reporting structure

Please see handbook/company/why-this-way#why-direct-responsibility.


Please see handbook/company/why-this-way#why-direct-responsibility.

What is a P1?

Please see handbook/company/why-this-way#why-spend-so-much-energy-responding-to-every-potential-production-incident.

An arrow pointing upBack to top