ABSTRACT
Increasingly companies realize the value of using free/libre and open source software (FLOSS) in their products, but need to manage the associated risks. Leading companies introduce open source governance as a solution. A key aspect of corporate FLOSS governance deals with choosing and evaluating open source components for use in products. Following an industry-based research approach, we present 13 best practices in the pattern format of context-problem-solutions paired with consequences. In this paper, we cover an excerpt of the Component Approval section of our FLOSS governance handbook. This article builds upon our previous EuroPLoP publication covering Component Reuse in FLOSS governance processes, as well as other publications on the topic. Analyzing qualitative data gathered from 15 expert interviews, we derive and interconnect the common industry recommendations for reviewing, tracking, and approving open source components in a company environment. We conclude by presenting workflow templates that put various best practices in relation to each other.
- Ardagna, C. A., Banzi, M., Damiani, E., & Frati, F.: Implementing open source software governance in real software assurance processes. In International Conference of Software Business. Springer, 103--114 (2010)Google Scholar
- Berglund, E., Priestley, M.: Open-source documentation: in search of user-driven, just-in-time writing. In Proceedings of the 19th Annual International Conference on Computer Documentation. ACM, 132--141 (2001)Google Scholar
- Brown, A. W., Booch, G.: Reusing open source software and practices: The impact of open-source on commercial vendors. In International Conference on Software Reuse. Springer, 123--136 (2002)Google Scholar
- Fendt, O., Jaeger, M., & Serrano, R. J.: Industrial experience with open source software process management. In 2016 IEEE 40th Annual Computer Software and Applications Conference (COMPSAC), volume 2. IEEE, 180--185 (2016)Google ScholarCross Ref
- Fichman, R. G., Kemerer, C. F.: The Assimilation of Software Process Innovations: An Organizational Learning Perspective, Management Science (43:10), 1345--1363 (1997)Google Scholar
- Fink, A.: Analysis of qualitative surveys. In: The survey handbook, 61--78. SAGE Publications, California (2003)Google ScholarCross Ref
- Fitzgerald, B.: The transformation of open source software. MIS Quarterly, 587--598 (2006)Google ScholarDigital Library
- German, D. & Di Penta, M.: A method for open source license compliance of java applications. IEEE Software, 29(3), 58--63 (2012)Google ScholarDigital Library
- Glynn, E., Fitzgerald, B., & Exton, C.: Commercial adoption of open source software: an empirical study. In 2005 International Symposium on Empirical Software Engineering: IEEE (2005)Google Scholar
- Guba, E. G.: Criteria for assessing the trustworthiness of naturalistic inquiries. In: Educational Technology Research and Development, 29(2), 75 - 91 (1981)Google Scholar
- Harutyunyan, N., Bauer, A., & Riehle, D.: Industry requirements for FLOSS governance tools to facilitate the use of open source software in commercial products. Journal of Systems and Software, 158 (2019)Google Scholar
- Harutyunyan, N., Bauer, A., Riehle, D.: Understanding Industry Requirements for FLOSS Governance Tools. In: IFIP International Conference on Open Source Systems, 151--167 (2018)Google Scholar
- Harutyunyan, N., Riehle, D., & Sathya, G.: Industry Best Practices for Corporate Open Sourcing. In Proceedings of the 53rd Hawaii International Conference on System Sciences (2020)Google Scholar
- Harutyunyan, N., Riehle, D.: Getting started with open source governance and compliance in companies. In Proceedings of the 15th International Symposium on Open Collaboration. ACM, 1--10 (2019)Google Scholar
- Harutyunyan, N., Riehle, D.: Industry best practices for open source governance and component reuse. In Proceedings of the 24th European Conference on Pattern Languages of Programs, 1--14 (2019)Google Scholar
- Hauge, Ø., Ayala, C., & Conradi, R.: Adoption of open source software in software-intensive organizations-a systematic literature review. Information and Software Technology, 52(11), 1133--1154 (2010)Google ScholarDigital Library
- Jansen, H.: The logic of qualitative survey research and its position in the field of social research methods. In: Forum Qualitative Sozialforschung/Forum: Qualitative Social Research, 11(2) (2010)Google Scholar
- Koltun, P.: Free and open source software compliance: An operational perspective. IFOSS L. Rev., 3 (2011)Google Scholar
- Link, C.: Patterns for the commercial use of open source: legal and licensing aspects. In Proceedings of the 15th European Conference on Pattern Languages of Programs. ACM (2010)Google Scholar
- López, L., Costal, D., Ayala, C. P., Franch, X., Annosi, M. C., Glott, R., & Haaland, K.: Adoption of oss components: a goal-oriented approach. Data & Knowledge Engineering, 99, 17--38 (2015)Google ScholarDigital Library
- Radcliffe, M., Odence, P.: The 2017 Open Source Year in Review. In: Black Duck Software, DLA Piper. (self-published presentation) (2017)Google Scholar
- Riehle, D., Harutyunyan, N.: Open-Source License Compliance in Software Supply Chains. In Towards Engineering Free/Libre Open Source Software (FLOSS) Ecosystems for Impact and Sustainability. Springer, 83--95 (2019)Google Scholar
- Riehle, D.: Lessons Learned from Using Design Patterns in Industry Projects. In: Transactions on Pattern Languages of Programming II, LNCS 6510. Springer-Verlag, 1--15 (2011)Google ScholarCross Ref
- Ruffin, C., Ebert, C.: Using open source software in product development: A primer. In: IEEE Software, 21(1), 82--86 (2004)Google ScholarDigital Library
- Weiss, M.: Profiting even more from open source. In Proceedings of the 16th European Conference on Pattern Languages of Programs. ACM (2012)Google Scholar
- Weiss, M.: Profiting from open source. In Proceedings of the 15th European Conference on Pattern Languages of Programs. ACM (2010)Google Scholar
Recommendations
Industry best practices for open source governance and component reuse
EuroPLop '19: Proceedings of the 24th European Conference on Pattern Languages of ProgramsCorporate use of open source in software products is on the rise. While this brings a number of technological and business benefits to companies, it also comes with potential legal and financial risks caused by license non-compliance and ungoverned use ...
Getting started with open source governance and compliance in companies
OpenSym '19: Proceedings of the 15th International Symposium on Open CollaborationCommercial use of open source software is on the rise as more companies realize the benefits of using FLOSS components in their products. At the same time, the ungoverned use of such components can result in legal, financial, intellectual property, and ...
Industry requirements for FLOSS governance tools to facilitate the use of open source software in commercial products
Highlights- Companies using open source components should use tools for FLOSS governance.
- ...
AbstractVirtually all software products incorporate free/libre and open source software (FLOSS) components. However, ungoverned use of FLOSS components can result in legal and financial risks, and risks to a firm’s intellectual property. To ...
Comments