I found this article particularly prescient as I work for a large company that has an especially draconian open source policy.
We're not allowed to contribute to any open source projects, post about software, speak publicly, or report security vulnerabilities (either to the security community at large or even to the vendors).
I was part of a small (approximately 200 person) security company who got swallowed up by a large company about 4 years ago (who has since been acquired by an even larger company) and the intellectual property agreement we were made to sign after the acquisition was particularly heinous. In fact, it led directly to the resignation of my entire 12-person team (all except for me).
The consequence has been that we now operate as a sort of parasite in the security community. We make direct financial use of the efforts of the security community, but in no way give back anything. I most certainly wouldn't move to company with as restrictive an open-source policy as where I work now; if I were a more principled person, I'd probably have quit over it.
if I were a more principled person, I'd probably have quit over it.
There's a middle ground: Fight to change it. I've had sufficient personal success in a large corporation (50,000+ employees) to convince me to stick around and keep pushing. But then again, I am in a position to head elsewhere should progress stall. Having that degree of security has been important in being able to speak dispassionately to the issues with our previous policy.
I'm envious that you were able to effect change in a company that large (we're some measure larger or smaller than that); and I wish I could say I had the optimism to continue giving it a go.
edit: vague-ified company size per DannoHung's suggestion (not particularly worried, but those could be famous last words).
Yes, but together with the surrounding comments and the note saying something about "enhanced vagueness", it's still clear that it is probably bigger. (Unless he also changed the number.)
I suppose that's true, but I can't really think of a way to respond to his comment without mentioning that "large" is a relative term. The logical thing would have been to not reply, I guess; but I thought it was worth responding to.
Contributing to open source doesn't just increase my perceived value (which it definitely has in concrete terms), but it also increased my actual value because I'm exposed to a much more competitive marketplace of ideas. Heck, even just using open source provides this benefit to some extent.
I consider myself a competent programmer, and I've definitely come up with some nice solutions to particular problems, but I've also been blind-sided by what in retrospect should have been obvious issues. I'm sure this happens less to great programmers, but even still the open cross-polination of ideas really makes up for the weaknesses in the human mind in remarkable ways. Within a single company there can certainly be many amazing minds and ideas, but even the biggest company has orders of magnitude less breadth of technical knowledge than the open source community.
A few years ago, I was offered a job because they googled java programmer australia and I was first (they told me in an interstate phone call). This could only have been because of my open source project.
Sadly I've seen lots of re-invention of the wheel because battle-tested, proven, reliable component X that was available for FREE on-line weren't licensed under terms that were acceptable to a particular organisation. I think the benefits of a permissive open-source policy aren't just in the sense of satisfaction it can bring to the developers, but in real measurable dollar terms to the cost of projects.
We're not allowed to contribute to any open source projects, post about software, speak publicly, or report security vulnerabilities (either to the security community at large or even to the vendors).
I was part of a small (approximately 200 person) security company who got swallowed up by a large company about 4 years ago (who has since been acquired by an even larger company) and the intellectual property agreement we were made to sign after the acquisition was particularly heinous. In fact, it led directly to the resignation of my entire 12-person team (all except for me).
The consequence has been that we now operate as a sort of parasite in the security community. We make direct financial use of the efforts of the security community, but in no way give back anything. I most certainly wouldn't move to company with as restrictive an open-source policy as where I work now; if I were a more principled person, I'd probably have quit over it.