What if your open source code is used for something evil?
It happened to Andrew Tanenbaum.
Andrew Tanenbaum released the third version of the MINIX operating system under the permissive Berkeley license.
When employees from Intel started asking Tanenbaum technical questions about the MINIX 3 operating system, he was happy to engage them. Eventually, Intel secretly modified the MINIX 3 operating system for use in Intel CPUs.
On the fifth of May in 2017, Intel released a patch for the Intel CPUs running MINIX 3. Before this security patch, it was possible for hackers to remotely access computers that had an Intel CPU running MINIX 3 without a password.
Although Intel’s CTO Steve Grobman has denied it, Intel’s Management Engine is a backdoor by definition. Hackers can bypass normal authentication and access a user’s computer by entering their computer through the Intel Management Engine.
The sheer number of exploits affecting the Intel Management Engine - six to date - can be used to make the argument that the Intel Management Engine was designed to be exploited, that is, that the Intel Management Engine is a backdoor.
Even in 2017, the creator of MINIX had regrets working with Intel on the Intel Management Engine, saying he would not have worked with them on the Intel Management Engine if he knew they were building a “spy engine”.
Andrew Tanenbaum seems to regret his decision working with Intel, but most people who permissively license their code find it rewarding. The question remains: to license permissively or not?