Getting Companies to Contribute to Open Source?

epiphani writes "At my company, we make heavy use of Open Source products in almost all work we do. We also spend significant amounts of time customizing these packages to our needs, be they for performance or functionality. With the exception of actual bug fixes, we are not generally permitted to return those customizations to the community. The GPL allows us to customize these packages for internal use, and we do not distribute our changes outside our organization. Being an open source developer in my spare time, I can see the value of these customizations, and can see how they could be improved by releasing them into the community. However, the company does not allow us to return them because they are seen as our investment and as our competitive edge over others in the same market. We have thousands of hours of code development and packages we are being forced to maintain internally as a result. How can I, being a lowly developer, convince our management that it makes more sense to release many of these customizations back into the Open Source community? How have people convinced old-corporate management that its a good idea to give away something we just spent three months building?"

cost analysis

[TheSHAD0W]

Do the math. Calculate out how many hours it's taking you guys to merge new updates into your code and how much money per month/year it's costing you. Then tell management you can cut that by 90% by contributing code back, and ask them whether it's worth that much to keep that "edge" they're talking about.

"Contributing back" isn't always best...

[xxxJonBoyxxx]

Keep track of the amount of time you spend maintaining those changes outside of the upstream distribution. A new major version is released that forces you to spend time patching to keep up to date? That's something that wouldn't happen if you contributed your changes back to the community.

As a manager, I'd also be tempted to solve the "wasting time on custom code" problem by either looking at a commercial package that keeps us out of the custom code business or outsourcing the custom code bits.

Also, sending back to the community isn't always a guarantee that your changes will make it in, or that they will make it in by the time you need it. In that respect open source projects are similar to commercial products: in both cases you are often subject to the whims of leaders who are not your employees.

Banking and Secrecy

[justanyone]

I used to work for BankOne (now JPMorganChase) in Chicago doing Perl work for their Capital Markets trading systems. This meant writing about 40,000 lines of Perl code to decode the bank's internal reports and load 'em to a data warehouse. In the process, I had to decode some report formats that were not proprietary, as well code up some helper modules, like ones that retrieved files (recursively) from FTP sites, verified they were complete, etc., based on configuration files.

Much of this code could have been released to http://cpan.org/ [cpan.org] nicely.

However, I signed a nondisclosure agreement (NDA) when I joined the bank saying, more or less, I won't release any of the bank's intellectual property to any third party without prior (probably written) approval from umpteen layers of management.

This kind of NDA has been more-or-less standard when joining a new firm as a developer. People don't like it when you release code to the world that gives your company a competitive edge, or might present a security risk if people knew how you were doing things (I know all those rules about security through obscurity being useless, but that's different than posting to a cracking website the protocols you use to get data from servers around the bank).

The problems of being able to contribute back this worthwhile code are legion. Many organizations are not set up to deal with this kind of problem yet. Over time, when managers come to understand that there are definite gains to be made by releasing a module to the wild, and actually find that other people like it and contribute-to/improve it, then word will get around.

I would counsel slow, persistent, quite isolated pushes for very clearly non-business-critical components to be put under the GPL into CPAN or the like. No excited "let's do this" will get the idea through. Calm, rational arguments about a component being broadly useful elsewhere and this would may mean someone else (that you don't have to pay) will fix the small bugs we don't have time for.

I think this is going to take hold at smaller companies MUCH more quickly. I work at a startup now, and we regularly contribute patches to several of the open source (mostly Python) projects we use. Why? Because we want our changes incorporated into the tree so we don't diverge too much from the standard release (which would require much more work to update when they release a new branch).

After a while, larger companies will get the message, too, and understand this business model. Compare this to flying airplanes - pilots all talk, and contribute info, so everyone is safer. Your competitive advantage is the systems you build, and how you run them, not the fact that everyone else crashes more than you do, because whenever anyone crashes, everyone suffers.

Re:open source is an acquired taste.

[Intron]

My company took the opposite view when it started work on open source. Giving back patches saves money because

• we were able to start from working code that did most of what we wanted
• we don't have to repatch each new release
• we don't have to worry that someone else implements the same change in a different way
• we get hundreds of free testers