[BenBoe]

Thanks @theWold - that makes sense. Having a CLA in place is they way to make sure the rights are assigned to the open source projects for further use.

I wonder if the people who initially started the open source project had to go through some sort of approval process by management and whether that was facilitated by a tool? Also if the company somehow keeps track of the open source projects activities. Outbound basically meaning = from company to open source world.

[theWold]

> I wonder if the people who initially started the open source project had to go through some sort of approval process by management and whether that was facilitated by a tool?

VERY much so. So, imagine yourself as some old bank executive. Sure you work at a more progressive (tech and policy wise) bank than others, but still at the end of the day we're a bank. Why would we give free things away? That was the main reaction before our current CIO, Rob Alexandar, got into the mix of things. He has slowly been pushing to become more and more forward thinking about tech from the top down. Which is a hard thing in such a regulated environment like a bank. There are so many internal power struggles on old systems that all new tech hires (new meaning last 5 years and younger) with getting rid of older things. We have begun to rewrite major systems. Keeping good documentation. Transitioning everything to git rather than SVN. Updating our AppSec ability to audit things quickly such that we can actually get something to production in a week if we really want to.