Understanding Industry Requirements for FLOSS Governance Tools

Harutyunyan, Nikolay; Bauer, Andreas; Riehle, Dirk

doi:10.1007/978-3-319-92375-8_13

Cited by 4 publications

(4 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, using unique SPDX license identifier instead of unstructured text to describe the declared license. Our previous studies cover the requirements for automation of the FLOSS compliance process, but those requirements are not fulfilled by tools to the extent which is required [10,11]. An elaborate representation of inter-dependency relationships should be an inherent part of the architectural model.…”

Section: Discussionmentioning

confidence: 99%

“…In previous work, we reported our findings on industry requirements for FLOSS governance tools [10]. We found a hierarchical list of requirements that indicated the following four key categories: Tracking and reuse of FLOSS components, License compliance of FLOSS components, Search and selection of FLOSS components, and Other requirements (security, education, etc.).…”

Section: Related Workmentioning

confidence: 91%

See 1 more Smart Citation

Challenges of Tracking and Documenting Open Source Dependencies in Products: A Case Study

Bauer¹,

Harutyunyan²,

Riehle³

et al. 2020

IFIP Advances in Information and Communication Technology

Self Cite

View full text Add to dashboard Cite

Software vendors need to manage the dependencies of the open source components used in their products. Without this management, license compliance would be impossible, export restrictions could not be maintained, and security vulnerabilities would remain unknown to the vendor.The management of these dependencies has grown in an ad-hoc fashion in most companies. As such, vendors find it hard to learn from each other and improve practices.To address this problem, we performed exploratory single-case study research at one large established software vendor. We gathered and analyzed the key challenges of tracking and documenting open source dependencies in products. We wanted to understand whether these ad-hoc solutions could be based on a single unified conceptual model for managing dependencies.Our study suggests that underlying the various point solutions that we found at this vendor lies a conceptual model that we tentatively call the product (architecture) model. In future cross-vendor work, we will investigate whether this conceptual model can be expanded to become a unifying model for all open source dependency management.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 91%

Challenges of Tracking and Documenting Open Source Dependencies in Products: A Case Study

Bauer¹,

Harutyunyan²,

Riehle³

et al. 2020

IFIP Advances in Information and Communication Technology

Self Cite

View full text Add to dashboard Cite

show abstract

“…When it comes to companies adopting OSS processes, prior literature investigated innersource adoption [33], [35]- [39], and the motivations and challenges of applying it [34], [40], [55], [56]. Researchers also identified compliance best practices to help companies avoid legal/IP risks when using OSS [25]- [27]. OSS-related business models used by companies have been analyzed and compared as a way to understand the benefits and risks of each model [31], [32], [57]- [59].…”

Section: Related Workmentioning

confidence: 99%

“…Past work that has investigated company involvement with OSS focused on the legal perspective of companies' usage of OSS components [25]- [27], their communication practices when interacting with OSS projects [28], [29], how adoption of OSS matches different company business models [30]- [32], or how companies are using the open source model internally (i.e., innersource) [33]- [40]. These studies do not investigate the motivations of why companies contribute to OSS.…”

Section: Introductionmentioning

confidence: 99%

Rules of Engagement: Why and How Companies Participate in OSS

Guizani¹,

Castro-Guzman²,

Sarma³

et al. 2023

Preprint

View full text Add to dashboard Cite

Company engagement in open source (OSS) is now the new norm. From large technology companies to startups, companies are participating in the OSS ecosystem by opensourcing their technology, sponsoring projects through funding or paid developer time. However, our understanding of the OSS ecosystem is rooted in the "old world" model where individual contributors sustain OSS projects. In this work, we create a more comprehensive understanding of the hybrid OSS landscape by investigating what motivates companies to contribute and how they contribute to OSS. We conducted interviews with 20 participants who have different roles (e.g., CEO, OSPO Lead, Ecosystem Strategist) at 17 different companies of different sizes from large companies (e.g. Microsoft, RedHat, Google, Spotify) to startups. Data from semi-structured interviews reveal that company motivations can be categorized into four levels (Founders' Vision, Reputation, Business Advantage, and Reciprocity) and companies participate through different mechanisms (e.g., Developers' Time, Mentoring Time, Advocacy & Promotion Time), each of which tie to the different types of motivations. We hope our findings nudge more companies to participate in the OSS ecosystem, helping make it robust, diverse, and sustainable.

show abstract