University based hackers are some of the most prolific and participative open source contributors. Many University and other public R+D centres have little idea how much FOSS they are producing, nor how much they are using. This has two implications: inbound compliance with third party open source, particularly on subsequent tech transfer (distribution); and outbound license choice and the impacts in terms of licensing, confidentiality, community building, and university processes. R+D proyects have certain characteristics (how they are developed, university rights, ownership, etc,) that make governance and compliance "interesting" to say the least. I, open source lawyer for nigh on 20 years, will tell you some horror (and success) stories.