[jandrewrogers]

The mechanics of putting a tarball somewhere on the Internet are simple and cheap, but that action also directly and indirectly greatly increases the potential for liability. This effectively requires the organization to create additional management and processes to mitigate this increased potential for liability. It is a headache many organizations want to avoid or can't afford.

Yes, "dumping source code" is simple and cheap. Managing the implications of doing so are not. I know of many cases where companies backed away from open sourcing software due to the overhead it would entail, even when they could afford it in principle.

[the8472]

Which liabilities? Most open source licenses come with a WITHOUT WARRANTY OF ANY KIND clause.

[jandrewrogers]

Open sourcing creates multiple classes of risk outside the scope of the license which any properly run company must manage.

As a couple elementary examples, it greatly increases your exposure to claims of patent and copyright infringement based on the actions of your employees, both intentional and inadvertent. It significantly increases the risk that the company's trade secrets and other non-public IP accidentally end up in the public domain. You must ensure that open sourced code does not come in conflict with contractual agreements with other parties. And that is after you get every outside stakeholder in the business's strategic objectives to sign-off on it, which isn't always easy.

When an organization decides to open source a bit of code, they have to run a formal diligence process to ensure there is minimal risk of any of the above and then put a process in place to help ensure that going forward. I've seen this process at multiple companies, it is not lightweight and involves lots of lawyers and documentation that would never happen otherwise. Many companies decide it isn't worth the money or distraction.