

Why your company should have a very permissive open source policy - nathanmarz
http://nathanmarz.com/blog/open-source-policies/

======
m0nastic
I found this article particularly prescient as I work for a large company that
has an especially draconian open source policy.

We're not allowed to contribute to any open source projects, post about
software, speak publicly, or report security vulnerabilities (either to the
security community at large or even to the vendors).

I was part of a small (approximately 200 person) security company who got
swallowed up by a large company about 4 years ago (who has since been acquired
by an even larger company) and the intellectual property agreement we were
made to sign after the acquisition was particularly heinous. In fact, it led
directly to the resignation of my entire 12-person team (all except for me).

The consequence has been that we now operate as a sort of parasite in the
security community. We make direct financial use of the efforts of the
security community, but in no way give back anything. I most certainly
wouldn't move to company with as restrictive an open-source policy as where I
work now; if I were a more principled person, I'd probably have quit over it.

~~~
callahad
_if I were a more principled person, I'd probably have quit over it._

There's a middle ground: Fight to change it. I've had sufficient personal
success in a large corporation (50,000+ employees) to convince me to stick
around and keep pushing. But then again, I am in a position to head elsewhere
should progress stall. Having that degree of security has been important in
being able to speak dispassionately to the issues with our previous policy.

~~~
m0nastic
I'm envious that you were able to effect change in a company that large (we're
some measure larger or smaller than that); and I wish I could say I had the
optimism to continue giving it a go.

 _edit: vague-ified company size per DannoHung's suggestion (not particularly
worried, but those could be famous last words)._

~~~
eru
Your edit doesn't really make it very vague, still.

~~~
m0nastic
really? I'd think that "some measure larger or smaller" could apply to
companies from several thousand employees to a million.

~~~
eru
Yes, but together with the surrounding comments and the note saying something
about "enhanced vagueness", it's still clear that it is probably bigger.
(Unless he also changed the number.)

~~~
m0nastic
I suppose that's true, but I can't really think of a way to respond to his
comment without mentioning that "large" is a relative term. The logical thing
would have been to not reply, I guess; but I thought it was worth responding
to.

------
dasil003
Contributing to open source doesn't just increase my _perceived_ value (which
it definitely has in concrete terms), but it also increased my _actual_ value
because I'm exposed to a much more competitive marketplace of ideas. Heck,
even just using open source provides this benefit to some extent.

I consider myself a competent programmer, and I've definitely come up with
some nice solutions to particular problems, but I've also been blind-sided by
what in retrospect should have been obvious issues. I'm sure this happens less
to great programmers, but even still the open cross-polination of ideas really
makes up for the weaknesses in the human mind in remarkable ways. Within a
single company there can certainly be many amazing minds and ideas, but even
the biggest company has orders of magnitude less breadth of technical
knowledge than the open source community.

------
10ren
A few years ago, I was offered a job because they googled _java programmer
australia_ and I was first (they told me in an interstate phone call). This
could only have been because of my open source project.

------
jcooney
Sadly I've seen lots of re-invention of the wheel because battle-tested,
proven, reliable component X that was available for FREE on-line weren't
licensed under terms that were acceptable to a particular organisation. I
think the benefits of a permissive open-source policy aren't just in the sense
of satisfaction it can bring to the developers, but in real measurable dollar
terms to the cost of projects.

