What I’m going to tell you today might seem incredible, but just the same way as LLMs are banned from many workplaces these days, or mobile apps were outlawed by many an IT department 15 years ago, I was consulting 20 years ago for a large firm (a very large Swiss firm, actually) in which… Open Source code was explicitly forbidden to ever be put into production.
Yup, you read that right. I suppose the CTO of that conglomerate was an avid fan of Steve Ballmer and its stance against cancer Linux.
Back in the day I was writing ASP.NET apps written in VB.NET (I know, I know) running on top of Windows Server 2003, and, you know the drill, every so often the need would arise for a component or a subsystem to be added to a larger application. For example, a custom ASP.NET control spitting some HTML, or a testing framework, or (a very popular choice in 2005) an “inversion of control” framework.
In those cases, you’d better not use an Open Source option (not even licensed as BSD or MIT) because that meant, in the eyes of this organization, a major trespassing of the rules, and an immediate rejection of the solution in which said Open Source code was included.
Let’s not even talk about Free Software, shall we? There was an actual internal review process for that.
For the select group of consulting companies that worked for this customer (of which, you guessed it, my employer was one) there was a real need to deliver apps in time and budget. So what happened was that all of them would… just embed Open Source libraries and frameworks anyway, removing in the process any and all LICENSE files or copyright claims, and pass that code as their own.
I remember my employer doing that with NUnit, in various occasions… and then not being surprised when Microsoft hired one of the NUnit core devs and released MSTest, a framework which, at least in its first incarnation, was uncannily similar to NUnit.
This sneaky approach would bypass the aforementioned review process, and everybody was singing all along. Auditing corporate code for licensing compliance was not a thing in 2005, and I doubt it is a thing today, to be honest.
In these days of nuget install and npm install and whatnot, such a situation seems so far-fetched and outlandish, right? Yet it was the official policy of a customer who would regularly pay hundreds of thousands of Swiss Francs for custom-made software.