Reading through an interesting, and mostly accurate piece about OpenSSL the following jumped out at me:
The fact that OpenSSL pays next to nothing constrains things further. Those who do help Henson out often juggle coding with full-time paying jobs elsewhere. Others can’t code for OpenSSL: Their employment contracts prohibit it, so they simply act as advisers. That leaves Henson responsible for 60% of the code commits (or sets of changes to the source code), twice as many as the next-most-prolific developer, Andy Polyakov, who’s compensated some. Most of the code added in the past few years has been approved by Henson, or tapped out on his own keyboard.
Last week a bunch of tech companies signed up to donate $100K to help projects like OpenSSL. However, money really isn’t the most constrained resource here, it’s people with expertise.
A lot of large companies that aren’t incorporated in California have really stringent IP agreements with their employers. Something along the lines of “relate to the actual or anticipated business or research or development” of said company. In a large company, this means, everything. California has a state law that trumps this, and doesn’t allow companies to claim anything that you create on your own time, without the use of company equipment.
I wonder what the impact would be if these same companies also pledged to adjust their employment agreements to let their employees contribute to Open Source in their own time. I expect that it would have a much larger impact than the financial pledge.